From 48300352c69d6ed9a677f8acb372f4b29f2efd76 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 27 Feb 2025 12:23:30 +1000 Subject: [PATCH] Test api.c: split out MACs and ciphers --- CMakeLists.txt | 14 +- tests/api.c | 5138 +--------------------------- tests/api/api.h | 22 + tests/api/include.am | 32 +- tests/api/test_aes.c | 2685 +++++++++++++++ tests/api/test_aes.h | 44 + tests/api/test_arc4.c | 114 + tests/api/test_arc4.h | 28 + tests/api/test_camellia.c | 224 ++ tests/api/test_camellia.h | 30 + tests/api/test_chacha.c | 196 ++ tests/api/test_chacha.h | 28 + tests/api/test_chacha20_poly1305.c | 164 + tests/api/test_chacha20_poly1305.h | 27 + tests/api/test_cmac.c | 259 ++ tests/api/test_cmac.h | 30 + tests/api/test_des3.c | 231 ++ tests/api/test_des3.h | 30 + tests/api/test_hmac.c | 691 ++++ tests/api/test_hmac.h | 41 + tests/api/test_poly1305.c | 73 + tests/api/test_poly1305.h | 27 + tests/api/test_rc2.c | 230 ++ tests/api/test_rc2.h | 30 + tests/api/test_sm4.c | 795 +++++ tests/api/test_sm4.h | 32 + tests/api/test_wc_encrypt.c | 99 + tests/api/test_wc_encrypt.h | 27 + 28 files changed, 6217 insertions(+), 5124 deletions(-) create mode 100644 tests/api/test_aes.c create mode 100644 tests/api/test_aes.h create mode 100644 tests/api/test_arc4.c create mode 100644 tests/api/test_arc4.h create mode 100644 tests/api/test_camellia.c create mode 100644 tests/api/test_camellia.h create mode 100644 tests/api/test_chacha.c create mode 100644 tests/api/test_chacha.h create mode 100644 tests/api/test_chacha20_poly1305.c create mode 100644 tests/api/test_chacha20_poly1305.h create mode 100644 tests/api/test_cmac.c create mode 100644 tests/api/test_cmac.h create mode 100644 tests/api/test_des3.c create mode 100644 tests/api/test_des3.h create mode 100644 tests/api/test_hmac.c create mode 100644 tests/api/test_hmac.h create mode 100644 tests/api/test_poly1305.c create mode 100644 tests/api/test_poly1305.h create mode 100644 tests/api/test_rc2.c create mode 100644 tests/api/test_rc2.h create mode 100644 tests/api/test_sm4.c create mode 100644 tests/api/test_sm4.h create mode 100644 tests/api/test_wc_encrypt.c create mode 100644 tests/api/test_wc_encrypt.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a9486c673..d39a718937 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2501,7 +2501,6 @@ if(WOLFSSL_EXAMPLES) # Build unit tests add_executable(unit_test tests/api.c - tests/api/test_dtls.c tests/api/test_md5.c tests/api/test_sha.c tests/api/test_sha256.c @@ -2511,8 +2510,21 @@ if(WOLFSSL_EXAMPLES) tests/api/test_sm3.c tests/api/test_ripemd.c tests/api/test_hash.c + tests/api/test_hmac.c + tests/api/test_cmac.c + tests/api/test_des3.c + tests/api/test_chacha.c + tests/api/test_poly1305.c + tests/api/test_chacha20_poly1305.c + tests/api/test_camellia.c + tests/api/test_arc4.c + tests/api/test_rc2.c + tests/api/test_aes.c tests/api/test_ascon.c + tests/api/test_sm4.c + tests/api/test_wc_encrypt.c tests/api/test_mlkem.c + tests/api/test_dtls.c tests/api/test_ocsp.c tests/hash.c tests/srp.c diff --git a/tests/api.c b/tests/api.c index 3d80244474..39eb9f77c6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -299,7 +299,19 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include +#include +#include #include #include #include @@ -471,27 +483,6 @@ int tmpDirNameSet = 0; | Constants *----------------------------------------------------------------------------*/ -/* Returns the result based on whether check is true. - * - * @param [in] check Condition for success. - * @return When condition is true: TEST_SUCCESS. - * @return When condition is false: TEST_FAIL. - */ -#ifdef DEBUG_WOLFSSL_VERBOSE -#define XSTRINGIFY(s) STRINGIFY(s) -#define STRINGIFY(s) #s -#define TEST_RES_CHECK(check) ({ \ - int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \ - if (_ret == TEST_FAIL) { \ - fprintf(stderr, " check \"%s\" at %d ", \ - XSTRINGIFY(check), __LINE__); \ - } \ - _ret; }) -#else -#define TEST_RES_CHECK(check) \ - ((check) ? TEST_SUCCESS : TEST_FAIL) -#endif /* DEBUG_WOLFSSL_VERBOSE */ - #ifndef NO_RSA #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ @@ -14603,3467 +14594,6 @@ static int test_wolfSSL_mcast(void) | Wolfcrypt *----------------------------------------------------------------------------*/ -/* - * Test function for wc_HmacSetKey - */ -static int test_wc_Md5HmacSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_MD5) - Hmac hmac; - int ret, times, itr; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", -#ifndef HAVE_FIPS - "Jefe", /* smaller than minimum FIPS key size */ -#endif - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - }; - times = sizeof(keys) / sizeof(char*); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - - for (itr = 0; itr < times; itr++) { - ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr], - (word32)XSTRLEN(keys[itr])); -#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) - wc_HmacFree(&hmac); - ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#else - ExpectIntEQ(ret, 0); -#endif - } - - /* Bad args. */ - ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0); -#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#elif defined(HAVE_FIPS) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); -#else - ExpectIntEQ(ret, 0); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Md5HmacSetKey */ - - -/* - * testing wc_HmacSetKey() on wc_Sha hash. - */ -static int test_wc_ShaHmacSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_SHA) - Hmac hmac; - int ret, times, itr; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", -#ifndef HAVE_FIPS - "Jefe", /* smaller than minimum FIPS key size */ -#endif - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" - }; - - times = sizeof(keys) / sizeof(char*); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - - for (itr = 0; itr < times; itr++) { - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr], - (word32)XSTRLEN(keys[itr])), 0); - } - - /* Bad args. */ - ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0); -#ifdef HAVE_FIPS - ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); -#else - ExpectIntEQ(ret, 0); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_ShaHmacSetKey() */ - -/* - * testing wc_HmacSetKey() on Sha224 hash. - */ -static int test_wc_Sha224HmacSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) - Hmac hmac; - int ret, times, itr; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", -#ifndef HAVE_FIPS - "Jefe", /* smaller than minimum FIPS key size */ -#endif - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" - }; - times = sizeof(keys) / sizeof(char*); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - - for (itr = 0; itr < times; itr++) { - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr], - (word32)XSTRLEN(keys[itr])), 0); - } - - /* Bad args. */ - ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0); -#ifdef HAVE_FIPS - ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); -#else - ExpectIntEQ(ret, 0); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha224HmacSetKey() */ - - /* - * testing wc_HmacSetKey() on Sha256 hash - */ -static int test_wc_Sha256HmacSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_SHA256) - Hmac hmac; - int ret, times, itr; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", -#ifndef HAVE_FIPS - "Jefe", /* smaller than minimum FIPS key size */ -#endif - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" - }; - times = sizeof(keys) / sizeof(char*); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - - for (itr = 0; itr < times; itr++) { - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr], - (word32)XSTRLEN(keys[itr])), 0); - } - - /* Bad args. */ - ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0); -#ifdef HAVE_FIPS - ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); -#else - ExpectIntEQ(ret, 0); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha256HmacSetKey() */ - - -/* - * testing wc_HmacSetKey on Sha384 hash. - */ -static int test_wc_Sha384HmacSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) - Hmac hmac; - int ret, times, itr; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", -#ifndef HAVE_FIPS - "Jefe", /* smaller than minimum FIPS key size */ -#endif - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" - }; - times = sizeof(keys) / sizeof(char*); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - - for (itr = 0; itr < times; itr++) { - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr], - (word32)XSTRLEN(keys[itr])), 0); - } - - /* Bad args. */ - ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], - (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0); -#ifdef HAVE_FIPS - ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); -#else - ExpectIntEQ(ret, 0); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha384HmacSetKey() */ - - -/* - * testing wc_HmacUpdate on wc_Md5 hash. - */ -static int test_wc_Md5HmacUpdate(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)) - Hmac hmac; - testVector a, b; -#ifdef HAVE_FIPS - const char* keys = - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; -#else - const char* keys = "Jefe"; -#endif - - a.input = "what do ya want for nothing?"; - a.inLen = XSTRLEN(a.input); - b.input = "Hi There"; - b.inLen = XSTRLEN(b.input); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, - (word32)XSTRLEN(keys)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); - /* Update Hmac. */ - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Md5HmacUpdate */ - -/* - * testing wc_HmacUpdate on SHA hash. - */ -static int test_wc_ShaHmacUpdate(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_SHA) - Hmac hmac; - testVector a, b; -#ifdef HAVE_FIPS - const char* keys = - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; -#else - const char* keys = "Jefe"; -#endif - - a.input = "what do ya want for nothing?"; - a.inLen = XSTRLEN(a.input); - b.input = "Hi There"; - b.inLen = XSTRLEN(b.input); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, - (word32)XSTRLEN(keys)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); - /* Update Hmac. */ - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_ShaHmacUpdate */ - -/* - * testing wc_HmacUpdate on SHA224 hash. - */ -static int test_wc_Sha224HmacUpdate(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) - Hmac hmac; - testVector a, b; -#ifdef HAVE_FIPS - const char* keys = - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; -#else - const char* keys = "Jefe"; -#endif - - a.input = "what do ya want for nothing?"; - a.inLen = XSTRLEN(a.input); - b.input = "Hi There"; - b.inLen = XSTRLEN(b.input); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, - (word32)XSTRLEN(keys)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); - /* Update Hmac. */ - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha224HmacUpdate */ - -/* - * testing wc_HmacUpdate on SHA256 hash. - */ -static int test_wc_Sha256HmacUpdate(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_SHA256) - Hmac hmac; - testVector a, b; -#ifdef HAVE_FIPS - const char* keys = - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; -#else - const char* keys = "Jefe"; -#endif - - a.input = "what do ya want for nothing?"; - a.inLen = XSTRLEN(a.input); - b.input = "Hi There"; - b.inLen = XSTRLEN(b.input); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, - (word32)XSTRLEN(keys)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); - /* Update Hmac. */ - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha256HmacUpdate */ - -/* - * testing wc_HmacUpdate on SHA384 hash. - */ -static int test_wc_Sha384HmacUpdate(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) - Hmac hmac; - testVector a, b; -#ifdef HAVE_FIPS - const char* keys = - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; -#else - const char* keys = "Jefe"; -#endif - - a.input = "what do ya want for nothing?"; - a.inLen = XSTRLEN(a.input); - b.input = "Hi There"; - b.inLen = XSTRLEN(b.input); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, - (word32)XSTRLEN(keys)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); - /* Update Hmac. */ - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha384HmacUpdate */ - -/* - * Testing wc_HmacFinal() with MD5 - */ - -static int test_wc_Md5HmacFinal(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)) - Hmac hmac; - byte hash[WC_MD5_DIGEST_SIZE]; - testVector a; - const char* key; - - key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; - a.input = "Hi There"; - a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" - "\x9d"; - a.inLen = XSTRLEN(a.input); - a.outLen = XSTRLEN(a.output); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)), - 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); - ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0); - - /* Try bad parameters. */ - ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Md5HmacFinal */ - -/* - * Testing wc_HmacFinal() with SHA - */ -static int test_wc_ShaHmacFinal(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_SHA) - Hmac hmac; - byte hash[WC_SHA_DIGEST_SIZE]; - testVector a; - const char* key; - - key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b"; - a.input = "Hi There"; - a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" - "\x8e\xf1\x46\xbe\x00"; - a.inLen = XSTRLEN(a.input); - a.outLen = XSTRLEN(a.output); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)), - 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); - ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0); - - /* Try bad parameters. */ - ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_ShaHmacFinal */ - - -/* - * Testing wc_HmacFinal() with SHA224 - */ -static int test_wc_Sha224HmacFinal(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) - Hmac hmac; - byte hash[WC_SHA224_DIGEST_SIZE]; - testVector a; - const char* key; - - key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b"; - a.input = "Hi There"; - a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" - "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; - a.inLen = XSTRLEN(a.input); - a.outLen = XSTRLEN(a.output); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, - (word32)XSTRLEN(key)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); - ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0); - - /* Try bad parameters. */ - ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha224HmacFinal */ - -/* - * Testing wc_HmacFinal() with SHA256 - */ -static int test_wc_Sha256HmacFinal(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && !defined(NO_SHA256) - Hmac hmac; - byte hash[WC_SHA256_DIGEST_SIZE]; - testVector a; - const char* key; - - key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b"; - a.input = "Hi There"; - a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" - "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" - "\xcf\xf7"; - a.inLen = XSTRLEN(a.input); - a.outLen = XSTRLEN(a.output); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, - (word32)XSTRLEN(key)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); - ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0); - - /* Try bad parameters. */ - ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha256HmacFinal */ - -/* - * Testing wc_HmacFinal() with SHA384 - */ -static int test_wc_Sha384HmacFinal(void) -{ - EXPECT_DECLS; -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) - Hmac hmac; - byte hash[WC_SHA384_DIGEST_SIZE]; - testVector a; - const char* key; - - key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b"; - a.input = "Hi There"; - a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" - "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" - "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" - "\xfa\x9c\xb6"; - a.inLen = XSTRLEN(a.input); - a.outLen = XSTRLEN(a.output); - - ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, - (word32)XSTRLEN(key)), 0); - ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); - ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); - ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0); - - /* Try bad parameters. */ - ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - wc_HmacFree(&hmac); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Sha384HmacFinal */ - - - -/* - * Testing wc_InitCmac() - */ -static int test_wc_InitCmac(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) - Cmac cmac1; - Cmac cmac2; - Cmac cmac3; - /* AES 128 key. */ - byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x10\x11\x12\x13\x14\x15\x16"; - /* AES 192 key. */ - byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x01\x11\x12\x13\x14\x15\x16" - "\x01\x02\x03\x04\x05\x06\x07\x08"; - /* AES 256 key. */ - byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x01\x11\x12\x13\x14\x15\x16" - "\x01\x02\x03\x04\x05\x06\x07\x08" - "\x09\x01\x11\x12\x13\x14\x15\x16"; - word32 key1Sz = (word32)sizeof(key1) - 1; - word32 key2Sz = (word32)sizeof(key2) - 1; - word32 key3Sz = (word32)sizeof(key3) - 1; - int type = WC_CMAC_AES; - - (void)key1; - (void)key1Sz; - (void)key2; - (void)key2Sz; - - XMEMSET(&cmac1, 0, sizeof(Cmac)); - XMEMSET(&cmac2, 0, sizeof(Cmac)); - XMEMSET(&cmac3, 0, sizeof(Cmac)); - -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0); -#endif -#ifdef WOLFSSL_AES_192 - wc_AesFree(&cmac1.aes); - ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0); -#endif -#ifdef WOLFSSL_AES_256 - wc_AesFree(&cmac2.aes); - ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0); -#endif - - wc_AesFree(&cmac3.aes); - /* Test bad args. */ - ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_InitCmac */ - - -/* - * Testing wc_CmacUpdate() - */ -static int test_wc_CmacUpdate(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) - Cmac cmac; - byte key[] = { - 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, - 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 - }; - byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64" - "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17" - "\xb3\x78\xcf\x85\x22\x41\x74\xd9" - "\xa0\x97\x39\x71\x62\xf1\x8e\x8f" - "\xf4"; - word32 inSz = (word32)sizeof(in) - 1; - word32 keySz = (word32)sizeof(key); - int type = WC_CMAC_AES; - - XMEMSET(&cmac, 0, sizeof(Cmac)); - - ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0); - ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - wc_AesFree(&cmac.aes); -#endif - return EXPECT_RESULT(); -} /* END test_wc_CmacUpdate */ - - -/* - * Testing wc_CmacFinal() - */ -static int test_wc_CmacFinal(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) - Cmac cmac; - byte key[] = { - 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, - 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 - }; - byte msg[] = { - 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64, - 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17, - 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9, - 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f, - 0xf4 - }; - /* Test vectors from CMACGenAES128.rsp from - * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac - * Per RFC4493 truncation of lsb is possible. - */ - byte expMac[] = { - 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae, - 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb - }; - byte mac[AES_BLOCK_SIZE]; - word32 msgSz = (word32)sizeof(msg); - word32 keySz = (word32)sizeof(key); - word32 macSz = sizeof(mac); - word32 badMacSz = 17; - int expMacSz = sizeof(expMac); - int type = WC_CMAC_AES; - - XMEMSET(&cmac, 0, sizeof(Cmac)); - XMEMSET(mac, 0, macSz); - - ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0); - ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0); - -#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) - /* Pass in bad args. */ - ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E)); - - /* For the last call, use the API with implicit wc_CmacFree(). */ - ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0); - ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); -#else /* !HAVE_FIPS || FIPS>=5.3 */ - ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0); - ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); - - /* Pass in bad args. */ - ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E)); -#endif /* !HAVE_FIPS || FIPS>=5.3 */ -#endif - return EXPECT_RESULT(); -} /* END test_wc_CmacFinal */ - - -/* - * Testing wc_AesCmacGenerate() && wc_AesCmacVerify() - */ -static int test_wc_AesCmacGenerate(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) - byte key[] = { - 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e, - 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69 - }; - byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8" - "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4"; - byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6" - "\x3d\x32\x65\x4c\x66\x23\xc5"; - byte mac[AES_BLOCK_SIZE]; - word32 keySz = sizeof(key); - word32 macSz = sizeof(mac); - word32 msgSz = sizeof(msg) - 1; - word32 expMacSz = sizeof(expMac) - 1; - - XMEMSET(mac, 0, macSz); - - ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0); - ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); - - /* Pass in bad args. */ - ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0); - /* Test bad args. */ - ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_AesCmacGenerate */ - - -/* - * Testing streaming AES-GCM API. - */ -static int test_wc_AesGcmStream(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ - defined(WOLFSSL_AESGCM_STREAM) - int i; - WC_RNG rng[1]; - Aes aesEnc[1]; - Aes aesDec[1]; - byte tag[AES_BLOCK_SIZE]; - byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, }; - byte out[AES_BLOCK_SIZE * 3 + 2]; - byte plain[AES_BLOCK_SIZE * 3 + 2]; - byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, }; - byte key[AES_128_KEY_SIZE] = { 0, }; - byte iv[AES_IV_SIZE] = { 1, }; - byte ivOut[AES_IV_SIZE]; - static const byte expTagAAD1[AES_BLOCK_SIZE] = { - 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, - 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 - }; - static const byte expTagPlain1[AES_BLOCK_SIZE] = { - 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, - 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 - }; - static const byte expTag[AES_BLOCK_SIZE] = { - 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, - 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d - }; - - XMEMSET(&rng, 0, sizeof(WC_RNG)); - XMEMSET(&aesEnc, 0, sizeof(Aes)); - XMEMSET(&aesDec, 0, sizeof(Aes)); - - /* Create a random for generating IV/nonce. */ - ExpectIntEQ(wc_InitRng(rng), 0); - - /* Initialize data structures. */ - ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); - - /* BadParameters to streaming init. */ - ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Bad parameters to encrypt update. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* Bad parameters to decrypt update. */ - ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Bad parameters to encrypt final. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* Bad parameters to decrypt final. */ - ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Check calling final before setting key fails. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_KEY)); - /* Check calling update before setting key else fails. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), - WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), - WC_NO_ERR_TRACE(MISSING_KEY)); - - /* Set key but not IV. */ - ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); - /* Check calling final before setting IV fails. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_IV)); - ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_IV)); - /* Check calling update before setting IV else fails. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), - WC_NO_ERR_TRACE(MISSING_IV)); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), - WC_NO_ERR_TRACE(MISSING_IV)); - - /* Set IV using fixed part IV and external IV APIs. */ - ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, - rng), 0); - ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, - GCM_NONCE_MID_SZ), 0); - ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); - /* Encrypt and decrypt data. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); - ExpectIntEQ(XMEMCMP(plain, in, 1), 0); - /* Finalize and check tag matches. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); - - /* Set key and IV through streaming init API. */ - wc_AesFree(aesEnc); - wc_AesFree(aesDec); - ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); - /* Encrypt/decrypt one block and AAD of one block. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad, - AES_BLOCK_SIZE), 0); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad, - AES_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0); - /* Finalize and check tag matches. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); - - /* Set key and IV through streaming init API. */ - wc_AesFree(aesEnc); - wc_AesFree(aesDec); - ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); - /* No data to encrypt/decrypt one byte of AAD. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); - /* Finalize and check tag matches. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); - - /* Set key and IV through streaming init API. */ - wc_AesFree(aesEnc); - wc_AesFree(aesDec); - ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); - /* Encrypt/decrypt one byte and no AAD. */ - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); - ExpectIntEQ(XMEMCMP(plain, in, 1), 0); - /* Finalize and check tag matches. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); - - /* Set key and IV through streaming init API. */ - wc_AesFree(aesEnc); - wc_AesFree(aesDec); - ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); - /* Encryption AES is one byte at a time */ - for (i = 0; i < (int)sizeof(aad); i++) { - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), - 0); - } - for (i = 0; i < (int)sizeof(in); i++) { - ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), - 0); - } - /* Decryption AES is two bytes at a time */ - for (i = 0; i < (int)sizeof(aad); i += 2) { - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), - 0); - } - for (i = 0; i < (int)sizeof(aad); i += 2) { - ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, - 0), 0); - } - ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); - /* Finalize and check tag matches. */ - ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0); - ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); - - /* Check streaming encryption can be decrypted with one shot. */ - wc_AesFree(aesDec); - ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); - ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); - ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, - AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); - - wc_AesFree(aesEnc); - wc_AesFree(aesDec); - wc_FreeRng(rng); -#endif - return EXPECT_RESULT(); -} /* END test_wc_AesGcmStream */ - - -/* - * Testing streaming SM4 API. - */ -static int test_wc_Sm4(void) -{ - int res = TEST_SKIPPED; -#ifdef WOLFSSL_SM4 - EXPECT_DECLS; - wc_Sm4 sm4; -#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \ - defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM) - unsigned char key[SM4_KEY_SIZE]; -#endif -#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR) - unsigned char iv[SM4_IV_SIZE]; -#endif - - /* Invalid parameters - wc_Sm4Init */ - ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4Init */ - ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); - -#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \ - defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM) - XMEMSET(key, 0, sizeof(key)); - - /* Invalid parameters - wc_Sm4SetKey. */ - ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4SetKey. */ - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); -#endif - -#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR) - XMEMSET(iv, 0, sizeof(iv)); - - /* Invalid parameters - wc_Sm4SetIV. */ - ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4SetIV. */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); -#endif - - /* Valid cases - wc_Sm4Free */ - wc_Sm4Free(NULL); - wc_Sm4Free(&sm4); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_wc_Sm4 */ - -/* - * Testing block based SM4-ECB API. - */ -static int test_wc_Sm4Ecb(void) -{ - int res = TEST_SKIPPED; -#ifdef WOLFSSL_SM4_ECB - EXPECT_DECLS; - wc_Sm4 sm4; - unsigned char key[SM4_KEY_SIZE]; - unsigned char in[SM4_BLOCK_SIZE * 2]; - unsigned char out[SM4_BLOCK_SIZE * 2]; - unsigned char out2[SM4_BLOCK_SIZE]; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(in, 0, sizeof(in)); - - ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY)); - - /* Tested in test_wc_Sm4. */ - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); - - /* Invalid parameters - wc_Sm4EcbEncrypt. */ - ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4EcbEncrypt. */ - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); - /* In and out are same pointer. */ - ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); - - /* Invalid parameters - wc_Sm4EcbDecrypt. */ - ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4EcbDecrypt. */ - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); - /* In and out are same pointer. */ - ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); - - wc_Sm4Free(&sm4); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_wc_Sm4Ecb */ - -/* - * Testing block based SM4-CBC API. - */ -static int test_wc_Sm4Cbc(void) -{ - int res = TEST_SKIPPED; -#ifdef WOLFSSL_SM4_CBC - EXPECT_DECLS; - wc_Sm4 sm4; - unsigned char key[SM4_KEY_SIZE]; - unsigned char iv[SM4_IV_SIZE]; - unsigned char in[SM4_BLOCK_SIZE * 2]; - unsigned char out[SM4_BLOCK_SIZE * 2]; - unsigned char out2[SM4_BLOCK_SIZE]; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - XMEMSET(in, 0, sizeof(in)); - - ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY)); - /* Tested in test_wc_Sm4. */ - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_IV)); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_IV)); - /* Tested in test_wc_Sm4. */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - - /* Invalid parameters - wc_Sm4CbcEncrypt. */ - ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4CbcEncrypt. */ - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); - /* In and out are same pointer. */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); - - /* Invalid parameters - wc_Sm4CbcDecrypt. */ - ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - /* Valid cases - wc_Sm4CbcDecrypt. */ - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); - /* In and out are same pointer. */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); - - wc_Sm4Free(&sm4); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_wc_Sm4Cbc */ - -/* - * Testing streaming SM4-CTR API. - */ -static int test_wc_Sm4Ctr(void) -{ - int res = TEST_SKIPPED; -#ifdef WOLFSSL_SM4_CTR - EXPECT_DECLS; - wc_Sm4 sm4; - unsigned char key[SM4_KEY_SIZE]; - unsigned char iv[SM4_IV_SIZE]; - unsigned char in[SM4_BLOCK_SIZE * 4]; - unsigned char out[SM4_BLOCK_SIZE * 4]; - unsigned char out2[SM4_BLOCK_SIZE * 4]; - word32 chunk; - word32 i; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - XMEMSET(in, 0, sizeof(in)); - - ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_KEY)); - /* Tested in test_wc_Sm4. */ - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), WC_NO_ERR_TRACE(MISSING_IV)); - /* Tested in test_wc_Sm4. */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - - /* Invalid parameters - wc_Sm4CtrEncrypt. */ - ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4CtrEncrypt. */ - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0); - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0); - ExpectIntEQ(XMEMCMP(out, out2, 1), 0); - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(out2, out, 2), 0); - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); - /* In and out are same pointer. Also check encrypt of cipher text produces - * plaintext. - */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); - - /* Chunking tests. */ - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0); - for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) { - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) { - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0); - } - if (i < (word32)sizeof(in)) { - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, - (word32)sizeof(in) - i), 0); - } - ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0); - } - - for (i = 0; i < (word32)sizeof(iv); i++) { - iv[i] = 0xff; - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); - ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0); - } - - wc_Sm4Free(&sm4); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_wc_Sm4Ctr */ - -/* - * Testing stream SM4-GCM API. - */ -static int test_wc_Sm4Gcm(void) -{ - int res = TEST_SKIPPED; -#ifdef WOLFSSL_SM4_GCM - EXPECT_DECLS; - wc_Sm4 sm4; - unsigned char key[SM4_KEY_SIZE]; - unsigned char nonce[GCM_NONCE_MAX_SZ]; - unsigned char in[SM4_BLOCK_SIZE * 2]; - unsigned char in2[SM4_BLOCK_SIZE * 2]; - unsigned char out[SM4_BLOCK_SIZE * 2]; - unsigned char out2[SM4_BLOCK_SIZE * 2]; - unsigned char dec[SM4_BLOCK_SIZE * 2]; - unsigned char tag[SM4_BLOCK_SIZE]; - unsigned char aad[SM4_BLOCK_SIZE * 2]; - word32 i; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(nonce, 0, sizeof(nonce)); - XMEMSET(in, 0, sizeof(in)); - XMEMSET(in2, 0, sizeof(in2)); - XMEMSET(aad, 0, sizeof(aad)); - - ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); - - /* Invalid parameters - wc_Sm4GcmSetKey. */ - ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid parameters - wc_Sm4GcmSetKey. */ - ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0); - - /* Invalid parameters - wc_Sm4GcmEncrypt. */ - ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ, - NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag, - SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, - NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, - WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Invalid parameters - wc_Sm4GcmDecrypt. */ - ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ, - NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag, - SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, - NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, - WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, - SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0); - - /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, - GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), - WC_NO_ERR_TRACE(SM4_GCM_AUTH_E)); - - /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ - for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) { - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0); - } - - /* Check different in/out sizes. */ - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, - GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) { - XMEMCPY(out2, out, i - 1); - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(in, dec, i), 0); - } - - /* Force the counter to roll over in first byte. */ - { - static unsigned char largeIn[256 * SM4_BLOCK_SIZE]; - static unsigned char largeOut[256 * SM4_BLOCK_SIZE]; - - ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn), - nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn), - nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0); - } - - wc_Sm4Free(&sm4); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_wc_Sm4Gcm */ - -/* - * Testing stream SM4-CCM API. - */ -static int test_wc_Sm4Ccm(void) -{ - int res = TEST_SKIPPED; -#ifdef WOLFSSL_SM4_CCM - EXPECT_DECLS; - wc_Sm4 sm4; - unsigned char key[SM4_KEY_SIZE]; - unsigned char nonce[CCM_NONCE_MAX_SZ]; - unsigned char in[SM4_BLOCK_SIZE * 2]; - unsigned char in2[SM4_BLOCK_SIZE * 2]; - unsigned char out[SM4_BLOCK_SIZE * 2]; - unsigned char out2[SM4_BLOCK_SIZE * 2]; - unsigned char dec[SM4_BLOCK_SIZE * 2]; - unsigned char tag[SM4_BLOCK_SIZE]; - unsigned char aad[SM4_BLOCK_SIZE * 2]; - word32 i; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(nonce, 0, sizeof(nonce)); - XMEMSET(in, 0, sizeof(in)); - XMEMSET(in2, 0, sizeof(in2)); - XMEMSET(aad, 0, sizeof(aad)); - - ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); - ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); - - /* Invalid parameters - wc_Sm4CcmEncrypt. */ - ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ, - NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag, - SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, - NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, - WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Invalid parameters - wc_Sm4CcmDecrypt. */ - ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ, - NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag, - SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag, - SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, - NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, - WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, - SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0); - - /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ - for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) { - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - } - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), - WC_NO_ERR_TRACE(SM4_CCM_AUTH_E)); - - /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ - for (i = 0; i < 4; i++) { - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - } - /* Odd values in range 4..SM4_BLOCK_SIZE. */ - for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) { - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - } - /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. - * Even values in range 4..SM4_BLOCK_SIZE. - */ - for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) { - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, - CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0); - } - - /* Check different in/out sizes. */ - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, - CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); - for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) { - XMEMCPY(out2, out, i - 1); - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ, - tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(in, dec, i), 0); - } - - /* Force the counter to roll over in first byte. */ - { - static unsigned char largeIn[256 * SM4_BLOCK_SIZE]; - static unsigned char largeOut[256 * SM4_BLOCK_SIZE]; - - ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn), - nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn), - nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); - ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0); - } - - wc_Sm4Free(&sm4); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_wc_Sm4Ccm */ - - -/* - * unit test for wc_Des3_SetIV() - */ -static int test_wc_Des3_SetIV(void) -{ - EXPECT_DECLS; -#ifndef NO_DES3 - Des3 des; - const byte key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - const byte iv[] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - }; - - XMEMSET(&des, 0, sizeof(Des3)); - - ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); - - /* DES_ENCRYPTION or DES_DECRYPTION */ - ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); - ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0); - -#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */ - /* Test explicitly wc_Des3_SetIV() */ - ExpectIntEQ(wc_Des3_SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0); -#endif - wc_Des3Free(&des); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_Des3_SetIV */ - -/* - * unit test for wc_Des3_SetKey() - */ -static int test_wc_Des3_SetKey(void) -{ - EXPECT_DECLS; -#ifndef NO_DES3 - Des3 des; - const byte key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - const byte iv[] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - }; - - XMEMSET(&des, 0, sizeof(Des3)); - - ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); - - /* DES_ENCRYPTION or DES_DECRYPTION */ - ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); - ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* Default case. Should return 0. */ - ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0); - - wc_Des3Free(&des); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_Des3_SetKey */ - - -/* - * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt - */ -static int test_wc_Des3_CbcEncryptDecrypt(void) -{ - EXPECT_DECLS; -#ifndef NO_DES3 - Des3 des; - byte cipher[24]; - byte plain[24]; - const byte key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - const byte iv[] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - }; - const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - XMEMSET(&des, 0, sizeof(Des3)); - - ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); - - ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0); - ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0); - ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0); - ExpectIntEQ(XMEMCMP(plain, vector, 24), 0); - - /* Pass in bad args. */ - ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_Des3Free(&des); -#endif - return EXPECT_RESULT(); - -} /* END wc_Des3_CbcEncrypt */ - -/* - * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey - */ -static int test_wc_Des3_CbcEncryptDecryptWithKey(void) -{ - EXPECT_DECLS; -#ifndef NO_DES3 - word32 vectorSz, cipherSz; - byte cipher[24]; - byte plain[24]; - byte vector[] = { /* Now is the time for all w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - byte key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - byte iv[] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - }; - - vectorSz = sizeof(byte) * 24; - cipherSz = sizeof(byte) * 24; - - ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv), - 0); - ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0); - ExpectIntEQ(XMEMCMP(plain, vector, 24), 0); - - /* pass in bad args. */ - ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL), - 0); - - ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL), - 0); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Des3_CbcEncryptDecryptWithKey */ -/* - * Unit test for wc_Des3_EcbEncrypt - */ -static int test_wc_Des3_EcbEncrypt(void) -{ - EXPECT_DECLS; -#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) - Des3 des; - byte cipher[24]; - word32 cipherSz = sizeof(cipher); - const byte key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - const byte iv[] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - }; - const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - XMEMSET(&des, 0, sizeof(Des3)); - - ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); - - /* Bad Cases */ - ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0); - - /* Good Cases */ - ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0); - - wc_Des3Free(&des); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Des3_EcbEncrypt */ - -/* - * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV() - */ -static int test_wc_Chacha_SetKey(void) -{ - EXPECT_DECLS; -#ifdef HAVE_CHACHA - ChaCha ctx; - const byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - word32 keySz = (word32)(sizeof(key)/sizeof(byte)); - byte cipher[128]; - - XMEMSET(cipher, 0, sizeof(cipher)); - ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0); - /* Test bad args. */ - ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0); - /* Test bad args. */ - ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Chacha_SetKey */ - -/* - * unit test for wc_Poly1305SetKey() - */ -static int test_wc_Poly1305SetKey(void) -{ - EXPECT_DECLS; -#ifdef HAVE_POLY1305 - Poly1305 ctx; - const byte key[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - word32 keySz = (word32)(sizeof(key)/sizeof(byte)); - - ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Poly1305_SetKey() */ - -/* - * Testing wc_Chacha_Process() - */ -static int test_wc_Chacha_Process(void) -{ - EXPECT_DECLS; -#ifdef HAVE_CHACHA - ChaCha enc, dec; - byte cipher[128]; - byte plain[128]; - const byte key[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - const char* input = "Everybody gets Friday off."; - word32 keySz = sizeof(key)/sizeof(byte); - unsigned long int inlen = XSTRLEN(input); - - /* Initialize stack variables. */ - XMEMSET(cipher, 0, 128); - XMEMSET(plain, 0, 128); - - ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0); - ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0); - ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0); - ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0); - - ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen), - 0); - ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0); - ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); - -#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) - /* test checking and using leftovers, currently just in C code */ - ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0); - ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0); - - ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, - (word32)inlen - 2), 0); - ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2), - (byte*)input + (inlen - 2), 2), 0); - ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher, - (word32)inlen - 2), 0); - ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2), - (byte*)input + (inlen - 2), 2), 0); - ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); - - /* check edge cases with counter increment */ - { - /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/ - const byte expected[] = { - 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F, - 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D, - 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20, - 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29, - 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37, - 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38, - 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88, - 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5, - 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E, - 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51, - 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5, - 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43, - 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07, - 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E, - 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4, - 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37, - 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9, - 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04, - 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06, - 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8, - 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B, - 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35, - 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54, - 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19, - 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3, - 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B, - 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23, - 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3, - 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41, - 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2, - 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35, - 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14 - }; - const byte iv2[] = { - 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9, - 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93 - }; - byte input2[256]; - int i; - - for (i = 0; i < 256; i++) - input2[i] = (byte)i; - - ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0); - - ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0); - ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0); - - ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0); - ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0); - - /* partial */ - ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0); - ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0); - - ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0); - ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0); - } -#endif - - /* Test bad args. */ - ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Chacha_Process */ - -/* - * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt() - */ -static int test_wc_ChaCha20Poly1305_aead(void) -{ - EXPECT_DECLS; -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - const byte key[] = { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f - }; - const byte plaintext[] = { - 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, - 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, - 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, - 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, - 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, - 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, - 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, - 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, - 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, - 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, - 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, - 0x74, 0x2e - }; - const byte iv[] = { - 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47 - }; - const byte aad[] = { /* additional data */ - 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, - 0xc4, 0xc5, 0xc6, 0xc7 - }; - const byte cipher[] = { /* expected output from operation */ - 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, - 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, - 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, - 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, - 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, - 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, - 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, - 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, - 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, - 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, - 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, - 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, - 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, - 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, - 0x61, 0x16 - }; - const byte authTag[] = { /* expected output from operation */ - 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, - 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 - }; - byte generatedCiphertext[272]; - byte generatedPlaintext[272]; - byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - - /* Initialize stack variables. */ - XMEMSET(generatedCiphertext, 0, 272); - XMEMSET(generatedPlaintext, 0, 272); - - /* Test Encrypt */ - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), - plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), - 0); - ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher, - sizeof(cipher)/sizeof(byte)), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), - plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad), - plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL, - sizeof(plaintext), generatedCiphertext, generatedAuthTag), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), - NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), - plaintext, sizeof(plaintext), NULL, generatedAuthTag), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), - plaintext, sizeof(plaintext), generatedCiphertext, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, - sizeof(cipher), authTag, generatedPlaintext), 0); - ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext, - sizeof(plaintext)/sizeof(byte)), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher, - sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad), - cipher, sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, - sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, - sizeof(cipher), NULL, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, - sizeof(cipher), authTag, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, - sizeof(cipher), authTag, generatedPlaintext), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_ChaCha20Poly1305_aead */ - - -/* - * Testing function for wc_Rc2SetKey(). - */ -static int test_wc_Rc2SetKey(void) -{ - EXPECT_DECLS; -#ifdef WC_RC2 - Rc2 rc2; - byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; - byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; - - /* valid key and IV */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), - iv, 40), 0); - /* valid key, no IV */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), - NULL, 40), 0); - - /* bad arguments */ - /* null Rc2 struct */ - ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte), - iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null key */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte), - iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* key size == 0 */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); - /* key size > 128 */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); - /* effective bits == 0 */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), - iv, 0), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); - /* effective bits > 1024 */ - ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), - iv, 1025), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Rc2SetKey */ - -/* - * Testing function for wc_Rc2SetIV(). - */ -static int test_wc_Rc2SetIV(void) -{ - EXPECT_DECLS; -#ifdef WC_RC2 - Rc2 rc2; - byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; - - /* valid IV */ - ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0); - /* valid NULL IV */ - ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0); - - /* bad arguments */ - ExpectIntEQ(wc_Rc2SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Rc2SetIV */ - -/* - * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt(). - */ -static int test_wc_Rc2EcbEncryptDecrypt(void) -{ - EXPECT_DECLS; -#ifdef WC_RC2 - Rc2 rc2; - int effectiveKeyBits = 63; - byte cipher[RC2_BLOCK_SIZE]; - byte plain[RC2_BLOCK_SIZE]; - byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }; - - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMSET(plain, 0, sizeof(plain)); - - ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), - NULL, effectiveKeyBits), 0); - ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0); - - ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0); - ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0); - - /* Rc2EcbEncrypt bad arguments */ - /* null Rc2 struct */ - ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null out buffer */ - ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null input buffer */ - ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* output buffer sz != RC2_BLOCK_SIZE (8) */ - ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), WC_NO_ERR_TRACE(BUFFER_E)); - - /* Rc2EcbDecrypt bad arguments */ - /* null Rc2 struct */ - ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null out buffer */ - ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null input buffer */ - ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* output buffer sz != RC2_BLOCK_SIZE (8) */ - ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), WC_NO_ERR_TRACE(BUFFER_E)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Rc2EcbEncryptDecrypt */ - -/* - * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt(). - */ -static int test_wc_Rc2CbcEncryptDecrypt(void) -{ - EXPECT_DECLS; -#ifdef WC_RC2 - Rc2 rc2; - int effectiveKeyBits = 63; - byte cipher[RC2_BLOCK_SIZE*2]; - byte plain[RC2_BLOCK_SIZE*2]; - /* vector taken from test.c */ - byte key[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - byte iv[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - byte input[] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - byte output[] = { - 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, - 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57 - }; - - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMSET(plain, 0, sizeof(plain)); - - ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), - iv, effectiveKeyBits), 0); - ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0); - ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0); - - /* reset IV for decrypt */ - ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0); - ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0); - ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0); - - /* Rc2CbcEncrypt bad arguments */ - /* null Rc2 struct */ - ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null out buffer */ - ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null input buffer */ - ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Rc2CbcDecrypt bad arguments */ - /* in size is 0 */ - ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0); - /* null Rc2 struct */ - ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null out buffer */ - ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* null input buffer */ - ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_Rc2CbcEncryptDecrypt */ - - -/* - * Testing function for wc_AesSetIV - */ -static int test_wc_AesSetIV(void) -{ - int res = TEST_SKIPPED; -#if !defined(NO_AES) && defined(WOLFSSL_AES_128) - Aes aes; - int ret = 0; - byte key16[] = - { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - byte iv1[] = "1234567890abcdef"; - byte iv2[] = "0987654321fedcba"; - - ret = wc_AesInit(&aes, NULL, INVALID_DEVID); - if (ret != 0) - return ret; - - ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), - iv1, AES_ENCRYPTION); - if (ret == 0) { - ret = wc_AesSetIV(&aes, iv2); - } - /* Test bad args. */ - if (ret == 0) { - ret = wc_AesSetIV(NULL, iv1); - if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { - /* NULL iv should return 0. */ - ret = wc_AesSetIV(&aes, NULL); - } - else { - ret = WOLFSSL_FATAL_ERROR; - } - } - - wc_AesFree(&aes); - - res = TEST_RES_CHECK(ret == 0); -#endif - return res; -} /* test_wc_AesSetIV */ - - -/* - * Testing function for wc_AesSetKey(). - */ -static int test_wc_AesSetKey(void) -{ - EXPECT_DECLS; -#ifndef NO_AES - Aes aes; - byte key16[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; -#ifdef WOLFSSL_AES_192 - byte key24[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 - }; -#endif -#ifdef WOLFSSL_AES_256 - byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; -#endif - byte badKey16[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 - }; - byte iv[] = "1234567890abcdef"; - - XMEMSET(&aes, 0, sizeof(Aes)); - - ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); - -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte), - iv, AES_ENCRYPTION), 0); -#endif -#ifdef WOLFSSL_AES_192 - ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte), - iv, AES_ENCRYPTION), 0); -#endif -#ifdef WOLFSSL_AES_256 - ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte), - iv, AES_ENCRYPTION), 0); -#endif - - /* Pass in bad args. */ - ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte), - iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesSetKey(&aes, badKey16, - (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_AesFree(&aes); -#endif - return EXPECT_RESULT(); -} /* END test_wc_AesSetKey */ - - - -/* - * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), - * and wc_AesCbcDecryptWithKey() - */ -static int test_wc_AesCbcEncryptDecrypt(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \ - defined(WOLFSSL_AES_256) - Aes aes; - byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - byte vector[] = { /* Now is the time for all good men w/o trailing 0 */ - 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, - 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20, - 0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e - }; - byte iv[] = "1234567890abcdef"; - byte enc[sizeof(vector)]; - byte dec[sizeof(vector)]; - byte dec2[sizeof(vector)]; - - /* Init stack variables. */ - XMEMSET(&aes, 0, sizeof(Aes)); - XMEMSET(enc, 0, sizeof(enc)); - XMEMSET(dec, 0, sizeof(vector)); - XMEMSET(dec2, 0, sizeof(vector)); - - ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, - AES_ENCRYPTION), 0); - ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0); - - /* Re init for decrypt and set flag. */ - ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, - AES_DECRYPTION), 0); - ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0); - ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); - - ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32, - sizeof(key32)/sizeof(byte), iv), 0); - ExpectIntEQ(XMEMCMP(vector, dec2, AES_BLOCK_SIZE), 0); - - /* Pass in bad args */ - ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1), - WC_NO_ERR_TRACE(BAD_LENGTH_E)); -#endif -#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI) - fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS " - "mode (v2), skip test"); -#else - /* Test passing in size of 0 */ - XMEMSET(enc, 0, sizeof(enc)); - ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0); - /* Check enc was not modified */ - { - int i; - for (i = 0; i < (int)sizeof(enc); i++) - ExpectIntEQ(enc[i], 0); - } -#endif - - ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1), - WC_NO_ERR_TRACE(BAD_LENGTH_E)); -#else - ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - /* Test passing in size of 0 */ - XMEMSET(dec, 0, sizeof(dec)); - ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0); - /* Check dec was not modified */ - { - int i; - for (i = 0; i < (int)sizeof(dec); i++) - ExpectIntEQ(dec[i], 0); - } - - ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE, - key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE, - key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, - NULL, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, - key32, sizeof(key32)/sizeof(byte), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_AesFree(&aes); -#endif - return EXPECT_RESULT(); -} /* END test_wc_AesCbcEncryptDecrypt */ - -/* - * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt - */ -static int test_wc_AesCtrEncryptDecrypt(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) - Aes aesEnc; - Aes aesDec; - byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - byte vector[] = { /* Now is the time for all w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - byte iv[] = "1234567890abcdef"; - byte enc[AES_BLOCK_SIZE * 2]; - byte dec[AES_BLOCK_SIZE * 2]; - - /* Init stack variables. */ - XMEMSET(&aesEnc, 0, sizeof(Aes)); - XMEMSET(&aesDec, 0, sizeof(Aes)); - XMEMSET(enc, 0, AES_BLOCK_SIZE * 2); - XMEMSET(dec, 0, AES_BLOCK_SIZE * 2); - - ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); - - ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv, - AES_ENCRYPTION), 0); - ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector, - sizeof(vector)/sizeof(byte)), 0); - /* Decrypt with wc_AesCtrEncrypt() */ - ExpectIntEQ(wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv, - AES_ENCRYPTION), 0); - ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)), - 0); - ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); - - /* Test bad args. */ - ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_AesFree(&aesEnc); - wc_AesFree(&aesDec); -#endif - return EXPECT_RESULT(); -} /* END test_wc_AesCtrEncryptDecrypt */ - -/* - * test function for wc_AesGcmSetKey() - */ -static int test_wc_AesGcmSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AESGCM) - Aes aes; -#ifdef WOLFSSL_AES_128 - byte key16[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; -#endif -#ifdef WOLFSSL_AES_192 - byte key24[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 - }; -#endif -#ifdef WOLFSSL_AES_256 - byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; -#endif - byte badKey16[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 - }; - byte badKey24[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 - }; - byte badKey32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 - }; - - ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); - -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0); -#endif -#ifdef WOLFSSL_AES_192 - ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0); -#endif -#ifdef WOLFSSL_AES_256 - ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); -#endif - - /* Pass in bad args. */ - ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_AesFree(&aes); -#endif - return EXPECT_RESULT(); -} /* END test_wc_AesGcmSetKey */ - -/* - * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt - */ -static int test_wc_AesGcmEncryptDecrypt(void) -{ - EXPECT_DECLS; - /* WOLFSSL_AFALG requires 12 byte IV */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ - !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES) - Aes aes; - byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - byte vector[] = { /* Now is the time for all w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - const byte a[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 - }; - byte iv[] = "1234567890a"; - byte longIV[] = "1234567890abcdefghij"; - byte enc[sizeof(vector)]; - byte resultT[AES_BLOCK_SIZE]; - byte dec[sizeof(vector)]; - - /* Init stack variables. */ - XMEMSET(&aes, 0, sizeof(Aes)); - XMEMSET(enc, 0, sizeof(vector)); - XMEMSET(dec, 0, sizeof(vector)); - XMEMSET(resultT, 0, AES_BLOCK_SIZE); - - ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); - - ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); - ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); - ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); - - /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ - ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - -#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \ - defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) - /* FIPS does not check the lower bound of ivSz */ -#else - ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0, - resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - /* This case is now considered good. Long IVs are now allowed. - * Except for the original FIPS release, it still has an upper - * bound on the IV length. */ -#if (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ - !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) - ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, - sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), - 0); -#else - (void)longIV; -#endif /* Old FIPS */ - /* END wc_AesGcmEncrypt */ - -#ifdef HAVE_AES_DECRYPT - ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, - sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM)) - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), - WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); - #else - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, - sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - #endif - #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \ - !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) - /* FIPS does not check the lower bound of ivSz */ - #else - ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), - iv, 0, resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - #endif -#endif /* HAVE_AES_DECRYPT */ - - wc_AesFree(&aes); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_AesGcmEncryptDecrypt */ - -/* - * test function for mixed (one-shot encryption + stream decryption) AES GCM - * using a long IV (older FIPS does NOT support long IVs). Relates to zd15423 - */ -static int test_wc_AesGcmMixedEncDecLongIV(void) -{ - EXPECT_DECLS; -#if (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ - !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) - const byte key[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - const byte in[] = { - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - const byte aad[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 - }; - Aes aesEnc; - Aes aesDec; - byte iv[] = "1234567890abcdefghij"; - byte out[sizeof(in)]; - byte plain[sizeof(in)]; - byte tag[AES_BLOCK_SIZE]; - - XMEMSET(&aesEnc, 0, sizeof(Aes)); - XMEMSET(&aesDec, 0, sizeof(Aes)); - XMEMSET(out, 0, sizeof(out)); - XMEMSET(plain, 0, sizeof(plain)); - XMEMSET(tag, 0, sizeof(tag)); - - /* Perform one-shot encryption using long IV */ - ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0); - ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv), - tag, sizeof(tag), aad, sizeof(aad)), 0); - - /* Perform streaming decryption using long IV */ - ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0); - ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad, - sizeof(aad)), 0); - ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0); - ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); - - /* Free resources */ - wc_AesFree(&aesEnc); - wc_AesFree(&aesDec); -#endif - return EXPECT_RESULT(); - -} /* END wc_AesGcmMixedEncDecLongIV */ - -/* - * unit test for wc_GmacSetKey() - */ -static int test_wc_GmacSetKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AESGCM) - Gmac gmac; - byte key16[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; -#ifdef WOLFSSL_AES_192 - byte key24[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 - }; -#endif -#ifdef WOLFSSL_AES_256 - byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; -#endif - byte badKey16[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 - }; - byte badKey24[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 - }; - byte badKey32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - - XMEMSET(&gmac, 0, sizeof(Gmac)); - - ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); - -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0); -#endif -#ifdef WOLFSSL_AES_192 - ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); -#endif -#ifdef WOLFSSL_AES_256 - ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); -#endif - - /* Pass in bad args. */ - ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_AesFree(&gmac.aes); -#endif - return EXPECT_RESULT(); -} /* END test_wc_GmacSetKey */ - -/* - * unit test for wc_GmacUpdate - */ -static int test_wc_GmacUpdate(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AESGCM) - Gmac gmac; -#ifdef WOLFSSL_AES_128 - const byte key16[] = { - 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, - 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 - }; -#endif -#ifdef WOLFSSL_AES_192 - byte key24[] = { - 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, - 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, - 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 - }; -#endif -#ifdef WOLFSSL_AES_256 - byte key32[] = { - 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, - 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, - 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, - 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 - }; -#endif -#ifdef WOLFSSL_AES_128 - const byte authIn[] = { - 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, - 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 - }; -#endif -#ifdef WOLFSSL_AES_192 - const byte authIn2[] = { - 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, - 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 - }; -#endif - const byte authIn3[] = { - 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, - 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 - }; -#ifdef WOLFSSL_AES_128 - const byte tag1[] = { /* Known. */ - 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, - 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b - }; -#endif -#ifdef WOLFSSL_AES_192 - const byte tag2[] = { /* Known */ - 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, - 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 - }; -#endif - const byte tag3[] = { /* Known */ - 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, - 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 - }; -#ifdef WOLFSSL_AES_128 - const byte iv[] = { - 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, - 0xe2, 0x8c, 0x8f, 0x16 - }; -#endif -#ifdef WOLFSSL_AES_192 - const byte iv2[] = { - 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, - 0x7e, 0x1a, 0x6f, 0xbc - }; -#endif - const byte iv3[] = { - 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, - 0xc3, 0xfb, 0x6c, 0x8a - }; - byte tagOut[16]; - byte tagOut2[24]; - byte tagOut3[32]; - - /* Init stack variables. */ - XMEMSET(&gmac, 0, sizeof(Gmac)); - XMEMSET(tagOut, 0, sizeof(tagOut)); - XMEMSET(tagOut2, 0, sizeof(tagOut2)); - XMEMSET(tagOut3, 0, sizeof(tagOut3)); - -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0); - ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), - tagOut, sizeof(tag1)), 0); - ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0); - wc_AesFree(&gmac.aes); -#endif - -#ifdef WOLFSSL_AES_192 - ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); - ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); - ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); - ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2), - tagOut2, sizeof(tag2)), 0); - ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0); - wc_AesFree(&gmac.aes); -#endif - -#ifdef WOLFSSL_AES_256 - ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); - ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); - ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); - ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), - tagOut3, sizeof(tag3)), 0); - ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0); - wc_AesFree(&gmac.aes); -#endif - - /* Pass bad args. */ - ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3), - tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), - tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), - tagOut3, sizeof(tag3) + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - wc_AesFree(&gmac.aes); - -#endif - return EXPECT_RESULT(); -} /* END test_wc_GmacUpdate */ - - -/* - * testing wc_CamelliaSetKey - */ -static int test_wc_CamelliaSetKey(void) -{ - EXPECT_DECLS; -#ifdef HAVE_CAMELLIA - Camellia camellia; - /*128-bit key*/ - static const byte key16[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 - }; - /* 192-bit key */ - static const byte key24[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 - }; - /* 256-bit key */ - static const byte key32[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff - }; - static const byte iv[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv), - 0); - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), - NULL), 0); - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv), - 0); - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), - NULL), 0); - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv), - 0); - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), - NULL), 0); - - /* Bad args. */ - ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_CammeliaSetKey */ - -/* - * Testing wc_CamelliaSetIV() - */ -static int test_wc_CamelliaSetIV(void) -{ - EXPECT_DECLS; -#ifdef HAVE_CAMELLIA - Camellia camellia; - static const byte iv[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0); - ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0); - - /* Bad args. */ - ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_CamelliaSetIV*/ - -/* - * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect - */ -static int test_wc_CamelliaEncryptDecryptDirect(void) -{ - EXPECT_DECLS; -#ifdef HAVE_CAMELLIA - Camellia camellia; - static const byte key24[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 - }; - static const byte iv[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - static const byte plainT[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A - }; - byte enc[sizeof(plainT)]; - byte dec[sizeof(enc)]; - - /* Init stack variables.*/ - XMEMSET(enc, 0, 16); - XMEMSET(enc, 0, 16); - - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv), - 0); - ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0); - ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0); - ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0); - - /* Pass bad args. */ - ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test-wc_CamelliaEncryptDecryptDirect */ - -/* - * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt - */ -static int test_wc_CamelliaCbcEncryptDecrypt(void) -{ - EXPECT_DECLS; -#ifdef HAVE_CAMELLIA - Camellia camellia; - static const byte key24[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 - }; - static const byte plainT[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A - }; - byte enc[CAMELLIA_BLOCK_SIZE]; - byte dec[CAMELLIA_BLOCK_SIZE]; - - /* Init stack variables. */ - XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE); - XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE); - - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), - NULL), 0); - ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT, - CAMELLIA_BLOCK_SIZE), 0); - - ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), - NULL), 0); - ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE), - 0); - ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0); - - /* Pass in bad args. */ - ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT, - CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL, - CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc, - CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL, - CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); -} /* END test_wc_CamelliaCbcEncryptDecrypt */ - - -/* - * Testing wc_Arc4SetKey() - */ -static int test_wc_Arc4SetKey(void) -{ - EXPECT_DECLS; -#ifndef NO_RC4 - Arc4 arc; - const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; - int keyLen = 8; - - ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0); - /* Test bad args. */ - ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Arc4SetKey(&arc, NULL , (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_Arc4SetKey */ - -/* - * Testing wc_Arc4Process for ENC/DEC. - */ -static int test_wc_Arc4Process(void) -{ - EXPECT_DECLS; -#ifndef NO_RC4 - Arc4 enc; - Arc4 dec; - const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; - int keyLen = 8; - const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; - byte cipher[8]; - byte plain[8]; - - /* Init stack variables */ - XMEMSET(&enc, 0, sizeof(Arc4)); - XMEMSET(&dec, 0, sizeof(Arc4)); - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMSET(plain, 0, sizeof(plain)); - - /* Use for async. */ - ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0); - - ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0); - ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0); - - ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0); - ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0); - ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0); - - /* Bad args. */ - ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_Arc4Free(&enc); - wc_Arc4Free(&dec); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_Arc4Process */ - - /* * Testing wc_Init RsaKey() */ @@ -19169,1642 +15699,6 @@ static int test_wc_RsaFlattenPublicKey(void) } /* END test_wc_RsaFlattenPublicKey */ - -/* - * unit test for wc_AesCcmSetKey - */ -static int test_wc_AesCcmSetKey(void) -{ - EXPECT_DECLS; -#ifdef HAVE_AESCCM - Aes aes; - const byte key16[] = { - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf - }; - const byte key24[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 - }; - const byte key32[] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; - - XMEMSET(&aes, 0, sizeof(Aes)); - - ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); - -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); -#endif -#ifdef WOLFSSL_AES_192 - ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0); -#endif -#ifdef WOLFSSL_AES_256 - ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0); -#endif - - /* Test bad args. */ - ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - wc_AesFree(&aes); -#endif - return EXPECT_RESULT(); - -} /* END test_wc_AesCcmSetKey */ - -/* - * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt - */ -static int test_wc_AesCcmEncryptDecrypt(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) - Aes aes; - const byte key16[] = { - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf - }; - /* plaintext */ - const byte plainT[] = { - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e - }; - /* nonce */ - const byte iv[] = { - 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, - 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 - }; - const byte c[] = { /* cipher text. */ - 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, - 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, - 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 - }; - const byte t[] = { /* Auth tag */ - 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 - }; - const byte authIn[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - byte cipherOut[sizeof(plainT)]; - byte authTag[sizeof(t)]; -#ifdef HAVE_AES_DECRYPT - byte plainOut[sizeof(cipherOut)]; -#endif - - XMEMSET(&aes, 0, sizeof(Aes)); - - ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); - ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); - - ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0); - ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0); - ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0); -#ifdef HAVE_AES_DECRYPT - ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0); - ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0); -#endif - - /* Pass in bad args. Encrypt*/ - ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), - NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), - iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), - iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), - iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - -#ifdef HAVE_AES_DECRYPT - /* Pass in bad args. Decrypt*/ - ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut), - iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), - NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), - iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), - iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), - iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - #endif - - wc_AesFree(&aes); -#endif /* HAVE_AESCCM */ - return EXPECT_RESULT(); -} /* END test_wc_AesCcmEncryptDecrypt */ - - -#if defined(WOLFSSL_AES_EAX) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) - -/* - * Testing test_wc_AesEaxVectors() - */ -static int test_wc_AesEaxVectors(void) -{ - EXPECT_DECLS; - - typedef struct { - byte key[AES_256_KEY_SIZE]; - int key_length; - byte iv[AES_BLOCK_SIZE]; - int iv_length; - byte aad[AES_BLOCK_SIZE * 2]; - int aad_length; - byte msg[AES_BLOCK_SIZE * 5]; - int msg_length; - byte ct[AES_BLOCK_SIZE * 5]; - int ct_length; - byte tag[AES_BLOCK_SIZE]; - int tag_length; - int valid; - } AadVector; - - /* Test vectors obtained from Google wycheproof project - * https://github.com/google/wycheproof - * from testvectors/aes_eax_test.json - */ - const AadVector vectors[] = { - { - /* key, key length */ - {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f, - 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16, - /* iv, iv length */ - {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07, - 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16, - /* aad, aad length */ - {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8, - /* msg, msg length */ - {0x00}, 0, - /* ct, ct length */ - {0x00}, 0, - /* tag, tag length */ - {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b, - 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b, - 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16, - /* iv, iv length */ - {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84, - 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16, - /* aad, aad length */ - {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8, - /* msg, msg length */ - {0xf7, 0xfb}, 2, - /* ct, ct length */ - {0x19, 0xdd}, 2, - /* tag, tag length */ - {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda, - 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7, - 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16, - /* iv, iv length */ - {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84, - 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16, - /* aad, aad length */ - {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8, - /* msg, msg length */ - {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5, - /* ct, ct length */ - {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5, - /* tag, tag length */ - {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19, - 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd, - 0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16, - /* iv, iv length */ - {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12, - 0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16, - /* aad, aad length */ - {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8, - /* msg, msg length */ - {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5, - /* ct, ct length */ - {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5, - /* tag, tag length */ - {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f, - 0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1, - 0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16, - /* iv, iv length */ - {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c, - 0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16, - /* aad, aad length */ - {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8, - /* msg, msg length */ - {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6, - /* ct, ct length */ - {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6, - /* tag, tag length */ - {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe, - 0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2, - 0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16, - /* iv, iv length */ - {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85, - 0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16, - /* aad, aad length */ - {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8, - /* msg, msg length */ - {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24, - 0x5b, 0xd1, 0xfb, 0x7d}, 12, - /* ct, ct length */ - {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35, - 0x0e, 0x72, 0x84, 0x14}, 12, - /* tag, tag length */ - {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69, - 0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac, - 0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16, - /* iv, iv length */ - {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39, - 0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16, - /* aad, aad length */ - {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8, - /* msg, msg length */ - {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed, - 0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16, - 0x36}, 17, - /* ct, ct length */ - {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48, - 0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda, - 0x30}, 17, - /* tag, tag length */ - {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa, - 0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca, - 0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16, - /* iv, iv length */ - {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d, - 0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16, - /* aad, aad length */ - {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8, - /* msg, msg length */ - {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba, - 0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd, - 0x2d, 0x56}, 18, - /* ct, ct length */ - {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89, - 0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae, - 0x8c, 0xc3}, 18, - /* tag, tag length */ - {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9, - 0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5, - 0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16, - /* iv, iv length */ - {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8, - 0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16, - /* aad, aad length */ - {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8, - /* msg, msg length */ - {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13, - 0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5, - 0xef, 0x11}, 18, - /* ct, ct length */ - {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a, - 0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38, - 0xb1, 0xe8}, 18, - /* tag, tag length */ - {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f, - 0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6, - 0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16, - /* iv, iv length */ - {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93, - 0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16, - /* aad, aad length */ - {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8, - /* msg, msg length */ - {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa, - 0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f, - 0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21, - /* ct, ct length */ - {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf, - 0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97, - 0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21, - /* tag, tag length */ - {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52, - 0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, - 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, - /* ct, ct length */ - {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, - 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, - 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, - 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32, - /* tag, tag length */ - {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, - 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9, - 0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, - /* ct, ct length */ - {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91, - 0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20, - 0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3, - 0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32, - /* tag, tag length */ - {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed, - 0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d, - 0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, - /* ct, ct length */ - {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5, - 0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0, - 0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd, - 0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32, - /* tag, tag length */ - {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a, - 0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2, - 0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, - /* ct, ct length */ - {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e, - 0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8, - 0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2, - 0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32, - /* tag, tag length */ - {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac, - 0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83, - 0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, - /* ct, ct length */ - {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e, - 0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac, - 0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0, - 0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32, - /* tag, tag length */ - {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e, - 0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47, - 0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, - /* ct, ct length */ - {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8, - 0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e, - 0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22, - 0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32, - /* tag, tag length */ - {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4, - 0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a, - 0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, - 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64, - /* ct, ct length */ - {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6, - 0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3, - 0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37, - 0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66, - 0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3, - 0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40, - 0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4, - 0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64, - /* tag, tag length */ - {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd, - 0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55, - 0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, - 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80, - /* ct, ct length */ - {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3, - 0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f, - 0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46, - 0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb, - 0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f, - 0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36, - 0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb, - 0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d, - 0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77, - 0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80, - /* tag, tag length */ - {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a, - 0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37, - 0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16, - /* iv, iv length */ - {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc, - 0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x00}, 0, - /* ct, ct length */ - {0x00}, 0, - /* tag, tag length */ - {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69, - 0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10, - 0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16, - /* iv, iv length */ - {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1, - 0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x01}, 1, - /* ct, ct length */ - {0x1d}, 1, - /* tag, tag length */ - {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02, - 0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32, - 0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16, - /* iv, iv length */ - {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97, - 0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60, - 0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15, - /* ct, ct length */ - {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98, - 0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15, - /* tag, tag length */ - {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e, - 0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5, - 0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16, - /* iv, iv length */ - {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51, - 0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32, - 0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea, - 0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22, - /* ct, ct length */ - {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d, - 0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd, - 0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22, - /* tag, tag length */ - {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74, - 0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d, - 0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16, - /* iv, iv length */ - {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee, - 0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16, - /* aad, aad length */ - {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8, - /* msg, msg length */ - {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c, - 0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16, - /* ct, ct length */ - {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd, - 0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16, - /* tag, tag length */ - {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad, - 0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41, - 0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16, - /* iv, iv length */ - {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a, - 0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16, - /* aad, aad length */ - {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52, - 0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15, - /* msg, msg length */ - {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73, - 0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16, - /* ct, ct length */ - {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38, - 0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16, - /* tag, tag length */ - {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2, - 0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e, - 0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16, - /* iv, iv length */ - {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a, - 0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16, - /* aad, aad length */ - {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1, - 0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16, - /* msg, msg length */ - {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0, - 0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16, - /* ct, ct length */ - {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61, - 0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16, - /* tag, tag length */ - {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a, - 0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4, - 0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16, - /* iv, iv length */ - {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf, - 0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16, - /* aad, aad length */ - {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a, - 0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8, - 0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24, - /* msg, msg length */ - {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d, - 0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16, - /* ct, ct length */ - {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c, - 0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16, - /* tag, tag length */ - {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36, - 0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16, - /* valid */ - 1, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, - 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, - 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d, - 0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72, - 0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16, - /* valid */ - 0, - }, - { - /* key, key length */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, - /* iv, iv length */ - {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, - /* aad, aad length */ - {0x00}, 0, - /* msg, msg length */ - {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, - /* ct, ct length */ - {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, - 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, - /* tag, tag length */ - {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3, - 0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16, - /* valid */ - 0, - }, - }; - - byte ciphertext[sizeof(vectors[0].ct)]; - byte authtag[sizeof(vectors[0].tag)]; - int i; - int len; - int ret; - - - for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) { - - XMEMSET(ciphertext, 0, sizeof(ciphertext)); - - len = sizeof(authtag); - ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length, - ciphertext, - vectors[i].msg, vectors[i].msg_length, - vectors[i].iv, vectors[i].iv_length, - authtag, len, - vectors[i].aad, vectors[i].aad_length), - 0); - - /* check ciphertext matches vector */ - ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length), - 0); - - /* check that computed tag matches vector only for vectors marked as valid */ - ret = XMEMCMP(authtag, vectors[i].tag, len); - if (vectors[i].valid) { - ExpectIntEQ(ret, 0); - } - else { - ExpectIntNE(ret, 0); - } - - XMEMSET(ciphertext, 0, sizeof(ciphertext)); - - /* Decrypt, checking that the computed auth tags match */ - ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length, - ciphertext, - vectors[i].ct, vectors[i].ct_length, - vectors[i].iv, vectors[i].iv_length, - authtag, len, - vectors[i].aad, vectors[i].aad_length), - 0); - - /* check decrypted ciphertext matches vector plaintext */ - ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length), - 0); - } - return EXPECT_RESULT(); -} /* END test_wc_AesEaxVectors */ - - -/* - * Testing test_wc_AesEaxEncryptAuth() - */ -static int test_wc_AesEaxEncryptAuth(void) -{ - EXPECT_DECLS; - - const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; - const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04}; - - byte ciphertext[sizeof(msg)]; - byte authtag[AES_BLOCK_SIZE]; - int i; - int len; - - len = sizeof(authtag); - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - ciphertext, - msg, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - 0); - - /* Test null checking */ - ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key), - ciphertext, - msg, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - NULL, - msg, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - ciphertext, - NULL, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - ciphertext, - msg, sizeof(msg), - NULL, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - ciphertext, - msg, sizeof(msg), - iv, sizeof(iv), - NULL, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - ciphertext, - msg, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - NULL, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Test bad key lengths */ - for (i = 0; i <= 32; i++) { - int exp_ret; - if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE - || i == AES_256_KEY_SIZE) { - exp_ret = 0; - } - else { - exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - } - - ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i, - ciphertext, - msg, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - exp_ret); - } - - - /* Test auth tag size out of range */ - len = AES_BLOCK_SIZE + 1; - ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), - ciphertext, - msg, sizeof(msg), - iv, sizeof(iv), - authtag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - return EXPECT_RESULT(); -} /* END test_wc_AesEaxEncryptAuth() */ - - -/* - * Testing test_wc_AesEaxDecryptAuth() - */ -static int test_wc_AesEaxDecryptAuth(void) -{ - EXPECT_DECLS; - - const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; - const byte ct[] = {0x00, 0x01, 0x02, 0x03, 0x04}; - /* Garbage tag that should always fail for above aad */ - const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE, - 0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF}; - - byte plaintext[sizeof(ct)]; - int i; - int len; - - len = sizeof(tag); - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - plaintext, - ct, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(AES_EAX_AUTH_E)); - - /* Test null checking */ - ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key), - plaintext, - ct, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - NULL, - ct, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - plaintext, - NULL, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - plaintext, - ct, sizeof(ct), - NULL, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - plaintext, - ct, sizeof(ct), - iv, sizeof(iv), - NULL, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - plaintext, - ct, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - NULL, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - /* Test bad key lengths */ - for (i = 0; i <= 32; i++) { - int exp_ret; - if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE - || i == AES_256_KEY_SIZE) { - exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E); - } - else { - exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - } - - ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i, - plaintext, - ct, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - exp_ret); - } - - - /* Test auth tag size out of range */ - len = AES_BLOCK_SIZE + 1; - ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), - plaintext, - ct, sizeof(ct), - iv, sizeof(iv), - tag, (word32)len, - aad, sizeof(aad)), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - return EXPECT_RESULT(); -} /* END test_wc_AesEaxDecryptAuth() */ - -#endif /* WOLFSSL_AES_EAX && - * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST - */ - /* * Testing wc_InitDsaKey() */ @@ -94287,18 +89181,17 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_AesCmacGenerate), /* Cipher */ - TEST_DECL(test_wc_AesGcmStream), - TEST_DECL(test_wc_Des3_SetIV), TEST_DECL(test_wc_Des3_SetKey), TEST_DECL(test_wc_Des3_CbcEncryptDecrypt), - TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey), TEST_DECL(test_wc_Des3_EcbEncrypt), + /* wc_encrypt API */ + TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey), TEST_DECL(test_wc_Chacha_SetKey), TEST_DECL(test_wc_Chacha_Process), - TEST_DECL(test_wc_ChaCha20Poly1305_aead), TEST_DECL(test_wc_Poly1305SetKey), + TEST_DECL(test_wc_ChaCha20Poly1305_aead), TEST_DECL(test_wc_CamelliaSetKey), TEST_DECL(test_wc_CamelliaSetIV), @@ -94321,6 +89214,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_AesGcmSetKey), TEST_DECL(test_wc_AesGcmEncryptDecrypt), TEST_DECL(test_wc_AesGcmMixedEncDecLongIV), + TEST_DECL(test_wc_AesGcmStream), TEST_DECL(test_wc_GmacSetKey), TEST_DECL(test_wc_GmacUpdate), TEST_DECL(test_wc_AesCcmSetKey), diff --git a/tests/api/api.h b/tests/api/api.h index 036b00e1c3..af310d71f2 100644 --- a/tests/api/api.h +++ b/tests/api/api.h @@ -32,6 +32,28 @@ #define TEST_STRING_SZ 25 +/* Returns the result based on whether check is true. + * + * @param [in] check Condition for success. + * @return When condition is true: TEST_SUCCESS. + * @return When condition is false: TEST_FAIL. + */ +#ifdef DEBUG_WOLFSSL_VERBOSE +#define XSTRINGIFY(s) STRINGIFY(s) +#define STRINGIFY(s) #s +#define TEST_RES_CHECK(check) ({ \ + int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \ + if (_ret == TEST_FAIL) { \ + fprintf(stderr, " check \"%s\" at %d ", \ + XSTRINGIFY(check), __LINE__); \ + } \ + _ret; }) +#else +#define TEST_RES_CHECK(check) \ + ((check) ? TEST_SUCCESS : TEST_FAIL) +#endif /* DEBUG_WOLFSSL_VERBOSE */ + + typedef struct testVector { const char* input; const char* output; diff --git a/tests/api/include.am b/tests/api/include.am index 706a354399..f350400eaf 100644 --- a/tests/api/include.am +++ b/tests/api/include.am @@ -3,6 +3,7 @@ # All paths should be given relative to the if BUILD_TESTS +# Digests tests_unit_test_SOURCES += tests/api/test_md5.c tests_unit_test_SOURCES += tests/api/test_sha.c tests_unit_test_SOURCES += tests/api/test_sha256.c @@ -12,11 +13,29 @@ tests_unit_test_SOURCES += tests/api/test_blake2.c tests_unit_test_SOURCES += tests/api/test_sm3.c tests_unit_test_SOURCES += tests/api/test_ripemd.c tests_unit_test_SOURCES += tests/api/test_hash.c +# MAC +tests_unit_test_SOURCES += tests/api/test_hmac.c +tests_unit_test_SOURCES += tests/api/test_cmac.c +# Cipher +tests_unit_test_SOURCES += tests/api/test_des3.c +tests_unit_test_SOURCES += tests/api/test_chacha.c +tests_unit_test_SOURCES += tests/api/test_poly1305.c +tests_unit_test_SOURCES += tests/api/test_chacha20_poly1305.c +tests_unit_test_SOURCES += tests/api/test_camellia.c +tests_unit_test_SOURCES += tests/api/test_arc4.c +tests_unit_test_SOURCES += tests/api/test_rc2.c +tests_unit_test_SOURCES += tests/api/test_aes.c tests_unit_test_SOURCES += tests/api/test_ascon.c +tests_unit_test_SOURCES += tests/api/test_sm4.c +tests_unit_test_SOURCES += tests/api/test_wc_encrypt.c +# Signature Algorithm tests_unit_test_SOURCES += tests/api/test_mlkem.c +# TLS Protocol tests_unit_test_SOURCES += tests/api/test_dtls.c +# TLS Feature tests_unit_test_SOURCES += tests/api/test_ocsp.c endif + EXTRA_DIST += tests/api/api.h EXTRA_DIST += tests/api/test_md5.h EXTRA_DIST += tests/api/test_sha.h @@ -28,9 +47,20 @@ EXTRA_DIST += tests/api/test_sm3.h EXTRA_DIST += tests/api/test_ripemd.h EXTRA_DIST += tests/api/test_digest.h EXTRA_DIST += tests/api/test_hash.h +EXTRA_DIST += tests/api/test_hmac.h +EXTRA_DIST += tests/api/test_cmac.h +EXTRA_DIST += tests/api/test_des3.h +EXTRA_DIST += tests/api/test_chacha.h +EXTRA_DIST += tests/api/test_poly1305.h +EXTRA_DIST += tests/api/test_chacha20_poly1305.h +EXTRA_DIST += tests/api/test_camellia.h +EXTRA_DIST += tests/api/test_arc4.h +EXTRA_DIST += tests/api/test_rc2.h +EXTRA_DIST += tests/api/test_aes.h EXTRA_DIST += tests/api/test_ascon.h -EXTRA_DIST += tests/api/test_ascon.h +EXTRA_DIST += tests/api/test_sm4.h EXTRA_DIST += tests/api/test_ascon_kats.h +EXTRA_DIST += tests/api/test_wc_encrypt.h EXTRA_DIST += tests/api/test_mlkem.h EXTRA_DIST += tests/api/test_dtls.h EXTRA_DIST += tests/api/test_ocsp.h diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c new file mode 100644 index 0000000000..878d721be9 --- /dev/null +++ b/tests/api/test_aes.c @@ -0,0 +1,2685 @@ +/* test_aes.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * AES + ******************************************************************************/ + +/* + * Testing function for wc_AesSetKey(). + */ +int test_wc_AesSetKey(void) +{ + EXPECT_DECLS; +#ifndef NO_AES + Aes aes; + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte iv[] = "1234567890abcdef"; + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte), + iv, AES_ENCRYPTION), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte), + iv, AES_ENCRYPTION), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte), + iv, AES_ENCRYPTION), 0); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte), + iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesSetKey(&aes, badKey16, + (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesSetKey */ + +/* + * Testing function for wc_AesSetIV + */ +int test_wc_AesSetIV(void) +{ + int res = TEST_SKIPPED; +#if !defined(NO_AES) && defined(WOLFSSL_AES_128) + Aes aes; + int ret = 0; + byte key16[] = + { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte iv1[] = "1234567890abcdef"; + byte iv2[] = "0987654321fedcba"; + + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + + ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), + iv1, AES_ENCRYPTION); + if (ret == 0) { + ret = wc_AesSetIV(&aes, iv2); + } + /* Test bad args. */ + if (ret == 0) { + ret = wc_AesSetIV(NULL, iv1); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + /* NULL iv should return 0. */ + ret = wc_AesSetIV(&aes, NULL); + } + else { + ret = WOLFSSL_FATAL_ERROR; + } + } + + wc_AesFree(&aes); + + res = TEST_RES_CHECK(ret == 0); +#endif + return res; +} /* test_wc_AesSetIV */ + +/******************************************************************************* + * AES-CBC + ******************************************************************************/ + +/* + * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), + * and wc_AesCbcDecryptWithKey() + */ +int test_wc_AesCbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \ + defined(WOLFSSL_AES_256) + Aes aes; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = { /* Now is the time for all good men w/o trailing 0 */ + 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20, + 0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e + }; + byte iv[] = "1234567890abcdef"; + byte enc[sizeof(vector)]; + byte dec[sizeof(vector)]; + byte dec2[sizeof(vector)]; + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(enc, 0, sizeof(enc)); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(dec2, 0, sizeof(vector)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv, + AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0); + + /* Re init for decrypt and set flag. */ + ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv, + AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0); + ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); + + ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, key32, + sizeof(key32)/sizeof(byte), iv), 0); + ExpectIntEQ(XMEMCMP(vector, dec2, WC_AES_BLOCK_SIZE), 0); + + /* Pass in bad args */ + ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); +#endif +#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI) + fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS " + "mode (v2), skip test"); +#else + /* Test passing in size of 0 */ + XMEMSET(enc, 0, sizeof(enc)); + ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0); + /* Check enc was not modified */ + { + int i; + for (i = 0; i < (int)sizeof(enc); i++) + ExpectIntEQ(enc[i], 0); + } +#endif + + ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); +#else + ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + /* Test passing in size of 0 */ + XMEMSET(dec, 0, sizeof(dec)); + ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0); + /* Check dec was not modified */ + { + int i; + for (i = 0; i < (int)sizeof(dec); i++) + ExpectIntEQ(dec[i], 0); + } + + ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, WC_AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, WC_AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, + NULL, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, + key32, sizeof(key32)/sizeof(byte), NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesCbcEncryptDecrypt */ + +/******************************************************************************* + * AES-CTR + ******************************************************************************/ + +/* + * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt + */ +int test_wc_AesCtrEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + Aes aesEnc; + Aes aesDec; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte iv[] = "1234567890abcdef"; + byte enc[WC_AES_BLOCK_SIZE * 2]; + byte dec[WC_AES_BLOCK_SIZE * 2]; + + /* Init stack variables. */ + XMEMSET(&aesEnc, 0, sizeof(Aes)); + XMEMSET(&aesDec, 0, sizeof(Aes)); + XMEMSET(enc, 0, WC_AES_BLOCK_SIZE * 2); + XMEMSET(dec, 0, WC_AES_BLOCK_SIZE * 2); + + ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); + + ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, WC_AES_BLOCK_SIZE * 2, iv, + AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector, + sizeof(vector)/sizeof(byte)), 0); + /* Decrypt with wc_AesCtrEncrypt() */ + ExpectIntEQ(wc_AesSetKey(&aesDec, key32, WC_AES_BLOCK_SIZE * 2, iv, + AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)), + 0); + ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aesEnc); + wc_AesFree(&aesDec); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesCtrEncryptDecrypt */ + +/******************************************************************************* + * AES-GCM + ******************************************************************************/ + +/* + * test function for wc_AesGcmSetKey() + */ +int test_wc_AesGcmSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Aes aes; +#ifdef WOLFSSL_AES_128 + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte badKey24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte badKey32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesGcmSetKey */ + +/* + * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt + */ +int test_wc_AesGcmEncryptDecrypt(void) +{ + EXPECT_DECLS; + /* WOLFSSL_AFALG requires 12 byte IV */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ + !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES) + Aes aes; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + const byte a[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + byte iv[] = "1234567890a"; + byte longIV[] = "1234567890abcdefghij"; + byte enc[sizeof(vector)]; + byte resultT[WC_AES_BLOCK_SIZE]; + byte dec[sizeof(vector)]; + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(enc, 0, sizeof(vector)); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); + ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); + + /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ + ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \ + defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) + /* FIPS does not check the lower bound of ivSz */ +#else + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0, + resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + /* This case is now considered good. Long IVs are now allowed. + * Except for the original FIPS release, it still has an upper + * bound on the IV length. */ +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ + !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, + sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + 0); +#else + (void)longIV; +#endif /* Old FIPS */ + /* END wc_AesGcmEncrypt */ + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM)) + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), + WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); + #else + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \ + !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) + /* FIPS does not check the lower bound of ivSz */ + #else + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + iv, 0, resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif +#endif /* HAVE_AES_DECRYPT */ + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_AesGcmEncryptDecrypt */ + +/* + * test function for mixed (one-shot encryption + stream decryption) AES GCM + * using a long IV (older FIPS does NOT support long IVs). Relates to zd15423 + */ +int test_wc_AesGcmMixedEncDecLongIV(void) +{ + EXPECT_DECLS; +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ + !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) + const byte key[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + const byte in[] = { + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + const byte aad[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + Aes aesEnc; + Aes aesDec; + byte iv[] = "1234567890abcdefghij"; + byte out[sizeof(in)]; + byte plain[sizeof(in)]; + byte tag[WC_AES_BLOCK_SIZE]; + + XMEMSET(&aesEnc, 0, sizeof(Aes)); + XMEMSET(&aesDec, 0, sizeof(Aes)); + XMEMSET(out, 0, sizeof(out)); + XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(tag, 0, sizeof(tag)); + + /* Perform one-shot encryption using long IV */ + ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0); + ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv), + tag, sizeof(tag), aad, sizeof(aad)), 0); + + /* Perform streaming decryption using long IV */ + ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad, + sizeof(aad)), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0); + ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + + /* Free resources */ + wc_AesFree(&aesEnc); + wc_AesFree(&aesDec); +#endif + return EXPECT_RESULT(); + +} /* END wc_AesGcmMixedEncDecLongIV */ + +/* + * Testing streaming AES-GCM API. + */ +int test_wc_AesGcmStream(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AESGCM_STREAM) + int i; + WC_RNG rng[1]; + Aes aesEnc[1]; + Aes aesDec[1]; + byte tag[WC_AES_BLOCK_SIZE]; + byte in[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, }; + byte out[WC_AES_BLOCK_SIZE * 3 + 2]; + byte plain[WC_AES_BLOCK_SIZE * 3 + 2]; + byte aad[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, }; + byte key[AES_128_KEY_SIZE] = { 0, }; + byte iv[AES_IV_SIZE] = { 1, }; + byte ivOut[AES_IV_SIZE]; + static const byte expTagAAD1[WC_AES_BLOCK_SIZE] = { + 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, + 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 + }; + static const byte expTagPlain1[WC_AES_BLOCK_SIZE] = { + 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, + 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 + }; + static const byte expTag[WC_AES_BLOCK_SIZE] = { + 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, + 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d + }; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&aesEnc, 0, sizeof(Aes)); + XMEMSET(&aesDec, 0, sizeof(Aes)); + + /* Create a random for generating IV/nonce. */ + ExpectIntEQ(wc_InitRng(rng), 0); + + /* Initialize data structures. */ + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + + /* BadParameters to streaming init. */ + ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad parameters to encrypt update. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Bad parameters to decrypt update. */ + ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad parameters to encrypt final. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Bad parameters to decrypt final. */ + ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Check calling final before setting key fails. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_KEY)); + /* Check calling update before setting key else fails. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_KEY)); + + /* Set key but not IV. */ + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); + /* Check calling final before setting IV fails. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_IV)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_IV)); + /* Check calling update before setting IV else fails. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_IV)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_IV)); + + /* Set IV using fixed part IV and external IV APIs. */ + ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, + rng), 0); + ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, + GCM_NONCE_MID_SZ), 0); + ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); + /* Encrypt and decrypt data. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); + ExpectIntEQ(XMEMCMP(plain, in, 1), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encrypt/decrypt one block and AAD of one block. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, WC_AES_BLOCK_SIZE, aad, + WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, WC_AES_BLOCK_SIZE, + aad, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(plain, in, WC_AES_BLOCK_SIZE), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* No data to encrypt/decrypt one byte of AAD. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(tag, expTagAAD1, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encrypt/decrypt one byte and no AAD. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); + ExpectIntEQ(XMEMCMP(plain, in, 1), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(tag, expTagPlain1, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encryption AES is one byte at a time */ + for (i = 0; i < (int)sizeof(aad); i++) { + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), + 0); + } + for (i = 0; i < (int)sizeof(in); i++) { + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), + 0); + } + /* Decryption AES is two bytes at a time */ + for (i = 0; i < (int)sizeof(aad); i += 2) { + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), + 0); + } + for (i = 0; i < (int)sizeof(aad); i += 2) { + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, + 0), 0); + } + ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(tag, expTag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Check streaming encryption can be decrypted with one shot. */ + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); + ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, + AES_IV_SIZE, tag, WC_AES_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + wc_FreeRng(rng); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesGcmStream */ + +/******************************************************************************* + * GMAC + ******************************************************************************/ + +/* + * unit test for wc_GmacSetKey() + */ +int test_wc_GmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Gmac gmac; + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 + }; + byte badKey24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte badKey32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + + XMEMSET(&gmac, 0, sizeof(Gmac)); + + ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&gmac.aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_GmacSetKey */ + +/* + * unit test for wc_GmacUpdate + */ +int test_wc_GmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Gmac gmac; +#ifdef WOLFSSL_AES_128 + const byte key16[] = { + 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, + 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 + }; +#endif +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, + 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, + 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, + 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, + 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, + 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 + }; +#endif +#ifdef WOLFSSL_AES_128 + const byte authIn[] = { + 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, + 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte authIn2[] = { + 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, + 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 + }; +#endif + const byte authIn3[] = { + 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, + 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 + }; +#ifdef WOLFSSL_AES_128 + const byte tag1[] = { /* Known. */ + 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte tag2[] = { /* Known */ + 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, + 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 + }; +#endif + const byte tag3[] = { /* Known */ + 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, + 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 + }; +#ifdef WOLFSSL_AES_128 + const byte iv[] = { + 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, + 0xe2, 0x8c, 0x8f, 0x16 + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte iv2[] = { + 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, + 0x7e, 0x1a, 0x6f, 0xbc + }; +#endif + const byte iv3[] = { + 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, + 0xc3, 0xfb, 0x6c, 0x8a + }; + byte tagOut[16]; + byte tagOut2[24]; + byte tagOut3[32]; + + /* Init stack variables. */ + XMEMSET(&gmac, 0, sizeof(Gmac)); + XMEMSET(tagOut, 0, sizeof(tagOut)); + XMEMSET(tagOut2, 0, sizeof(tagOut2)); + XMEMSET(tagOut3, 0, sizeof(tagOut3)); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), + tagOut, sizeof(tag1)), 0); + ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0); + wc_AesFree(&gmac.aes); +#endif + +#ifdef WOLFSSL_AES_192 + ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); + ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2), + tagOut2, sizeof(tag2)), 0); + ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0); + wc_AesFree(&gmac.aes); +#endif + +#ifdef WOLFSSL_AES_256 + ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); + ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3)), 0); + ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0); + wc_AesFree(&gmac.aes); +#endif + + /* Pass bad args. */ + ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3) + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesFree(&gmac.aes); + +#endif + return EXPECT_RESULT(); +} /* END test_wc_GmacUpdate */ + +/******************************************************************************* + * AES-CCM + ******************************************************************************/ + +/* + * unit test for wc_AesCcmSetKey + */ +int test_wc_AesCcmSetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_AESCCM + Aes aes; + const byte key16[] = { + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + }; + const byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + const byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0); +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_AesCcmSetKey */ + +/* + * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt + */ +int test_wc_AesCcmEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + Aes aes; + const byte key16[] = { + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + }; + /* plaintext */ + const byte plainT[] = { + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e + }; + /* nonce */ + const byte iv[] = { + 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, + 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 + }; + const byte c[] = { /* cipher text. */ + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 + }; + const byte t[] = { /* Auth tag */ + 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 + }; + const byte authIn[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + byte cipherOut[sizeof(plainT)]; + byte authTag[sizeof(t)]; +#ifdef HAVE_AES_DECRYPT + byte plainOut[sizeof(cipherOut)]; +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); + + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0); + ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0); + ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0); + ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0); +#endif + + /* Pass in bad args. Encrypt*/ + ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef HAVE_AES_DECRYPT + /* Pass in bad args. Decrypt*/ + ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + + wc_AesFree(&aes); +#endif /* HAVE_AESCCM */ + return EXPECT_RESULT(); +} /* END test_wc_AesCcmEncryptDecrypt */ + +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + +/******************************************************************************* + * AES-EAX + ******************************************************************************/ + +/* + * Testing test_wc_AesEaxVectors() + */ +int test_wc_AesEaxVectors(void) +{ + EXPECT_DECLS; + + typedef struct { + byte key[AES_256_KEY_SIZE]; + int key_length; + byte iv[WC_AES_BLOCK_SIZE]; + int iv_length; + byte aad[WC_AES_BLOCK_SIZE * 2]; + int aad_length; + byte msg[WC_AES_BLOCK_SIZE * 5]; + int msg_length; + byte ct[WC_AES_BLOCK_SIZE * 5]; + int ct_length; + byte tag[WC_AES_BLOCK_SIZE]; + int tag_length; + int valid; + } AadVector; + + /* Test vectors obtained from Google wycheproof project + * https://github.com/google/wycheproof + * from testvectors/aes_eax_test.json + */ + const AadVector vectors[] = { + { + /* key, key length */ + {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f, + 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16, + /* iv, iv length */ + {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07, + 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16, + /* aad, aad length */ + {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8, + /* msg, msg length */ + {0x00}, 0, + /* ct, ct length */ + {0x00}, 0, + /* tag, tag length */ + {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b, + 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b, + 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16, + /* iv, iv length */ + {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84, + 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16, + /* aad, aad length */ + {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8, + /* msg, msg length */ + {0xf7, 0xfb}, 2, + /* ct, ct length */ + {0x19, 0xdd}, 2, + /* tag, tag length */ + {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda, + 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7, + 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16, + /* iv, iv length */ + {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84, + 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16, + /* aad, aad length */ + {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8, + /* msg, msg length */ + {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5, + /* ct, ct length */ + {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5, + /* tag, tag length */ + {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19, + 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd, + 0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16, + /* iv, iv length */ + {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12, + 0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16, + /* aad, aad length */ + {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8, + /* msg, msg length */ + {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5, + /* ct, ct length */ + {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5, + /* tag, tag length */ + {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f, + 0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1, + 0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16, + /* iv, iv length */ + {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c, + 0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16, + /* aad, aad length */ + {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8, + /* msg, msg length */ + {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6, + /* ct, ct length */ + {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6, + /* tag, tag length */ + {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe, + 0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2, + 0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16, + /* iv, iv length */ + {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85, + 0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16, + /* aad, aad length */ + {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8, + /* msg, msg length */ + {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24, + 0x5b, 0xd1, 0xfb, 0x7d}, 12, + /* ct, ct length */ + {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35, + 0x0e, 0x72, 0x84, 0x14}, 12, + /* tag, tag length */ + {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69, + 0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac, + 0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16, + /* iv, iv length */ + {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39, + 0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16, + /* aad, aad length */ + {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8, + /* msg, msg length */ + {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed, + 0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16, + 0x36}, 17, + /* ct, ct length */ + {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48, + 0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda, + 0x30}, 17, + /* tag, tag length */ + {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa, + 0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca, + 0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16, + /* iv, iv length */ + {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d, + 0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16, + /* aad, aad length */ + {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8, + /* msg, msg length */ + {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba, + 0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd, + 0x2d, 0x56}, 18, + /* ct, ct length */ + {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89, + 0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae, + 0x8c, 0xc3}, 18, + /* tag, tag length */ + {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9, + 0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5, + 0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16, + /* iv, iv length */ + {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8, + 0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16, + /* aad, aad length */ + {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8, + /* msg, msg length */ + {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13, + 0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5, + 0xef, 0x11}, 18, + /* ct, ct length */ + {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a, + 0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38, + 0xb1, 0xe8}, 18, + /* tag, tag length */ + {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f, + 0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6, + 0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16, + /* iv, iv length */ + {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93, + 0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16, + /* aad, aad length */ + {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8, + /* msg, msg length */ + {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa, + 0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f, + 0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21, + /* ct, ct length */ + {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf, + 0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97, + 0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21, + /* tag, tag length */ + {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52, + 0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, + 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, + 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, + 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, + 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32, + /* tag, tag length */ + {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, + 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9, + 0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91, + 0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20, + 0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3, + 0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32, + /* tag, tag length */ + {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed, + 0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d, + 0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5, + 0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0, + 0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd, + 0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32, + /* tag, tag length */ + {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a, + 0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2, + 0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e, + 0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8, + 0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2, + 0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32, + /* tag, tag length */ + {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac, + 0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83, + 0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e, + 0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac, + 0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0, + 0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32, + /* tag, tag length */ + {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e, + 0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47, + 0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8, + 0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e, + 0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22, + 0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32, + /* tag, tag length */ + {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4, + 0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a, + 0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64, + /* ct, ct length */ + {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6, + 0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3, + 0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37, + 0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66, + 0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3, + 0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40, + 0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4, + 0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64, + /* tag, tag length */ + {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd, + 0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55, + 0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80, + /* ct, ct length */ + {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3, + 0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f, + 0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46, + 0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb, + 0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f, + 0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36, + 0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb, + 0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d, + 0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77, + 0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80, + /* tag, tag length */ + {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a, + 0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37, + 0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16, + /* iv, iv length */ + {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc, + 0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00}, 0, + /* ct, ct length */ + {0x00}, 0, + /* tag, tag length */ + {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69, + 0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10, + 0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16, + /* iv, iv length */ + {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1, + 0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x01}, 1, + /* ct, ct length */ + {0x1d}, 1, + /* tag, tag length */ + {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02, + 0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32, + 0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16, + /* iv, iv length */ + {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97, + 0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60, + 0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15, + /* ct, ct length */ + {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98, + 0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15, + /* tag, tag length */ + {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e, + 0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5, + 0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16, + /* iv, iv length */ + {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51, + 0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32, + 0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea, + 0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22, + /* ct, ct length */ + {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d, + 0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd, + 0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22, + /* tag, tag length */ + {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74, + 0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d, + 0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16, + /* iv, iv length */ + {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee, + 0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16, + /* aad, aad length */ + {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8, + /* msg, msg length */ + {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c, + 0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16, + /* ct, ct length */ + {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd, + 0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16, + /* tag, tag length */ + {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad, + 0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41, + 0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16, + /* iv, iv length */ + {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a, + 0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16, + /* aad, aad length */ + {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52, + 0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15, + /* msg, msg length */ + {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73, + 0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16, + /* ct, ct length */ + {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38, + 0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16, + /* tag, tag length */ + {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2, + 0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e, + 0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16, + /* iv, iv length */ + {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a, + 0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16, + /* aad, aad length */ + {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1, + 0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16, + /* msg, msg length */ + {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0, + 0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16, + /* ct, ct length */ + {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61, + 0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16, + /* tag, tag length */ + {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a, + 0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4, + 0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16, + /* iv, iv length */ + {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf, + 0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16, + /* aad, aad length */ + {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a, + 0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8, + 0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24, + /* msg, msg length */ + {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d, + 0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16, + /* ct, ct length */ + {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c, + 0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16, + /* tag, tag length */ + {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36, + 0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d, + 0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72, + 0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3, + 0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16, + /* valid */ + 0, + }, + }; + + byte ciphertext[sizeof(vectors[0].ct)]; + byte authtag[sizeof(vectors[0].tag)]; + int i; + int len; + int ret; + + + for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) { + + XMEMSET(ciphertext, 0, sizeof(ciphertext)); + + len = sizeof(authtag); + ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length, + ciphertext, + vectors[i].msg, vectors[i].msg_length, + vectors[i].iv, vectors[i].iv_length, + authtag, len, + vectors[i].aad, vectors[i].aad_length), + 0); + + /* check ciphertext matches vector */ + ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length), + 0); + + /* check that computed tag matches vector only for vectors marked asx + * valid */ + ret = XMEMCMP(authtag, vectors[i].tag, len); + if (vectors[i].valid) { + ExpectIntEQ(ret, 0); + } + else { + ExpectIntNE(ret, 0); + } + + XMEMSET(ciphertext, 0, sizeof(ciphertext)); + + /* Decrypt, checking that the computed auth tags match */ + ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length, + ciphertext, + vectors[i].ct, vectors[i].ct_length, + vectors[i].iv, vectors[i].iv_length, + authtag, len, + vectors[i].aad, vectors[i].aad_length), + 0); + + /* check decrypted ciphertext matches vector plaintext */ + ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length), + 0); + } + return EXPECT_RESULT(); +} /* END test_wc_AesEaxVectors */ + +/* + * Testing test_wc_AesEaxEncryptAuth() + */ +int test_wc_AesEaxEncryptAuth(void) +{ + EXPECT_DECLS; + + const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; + const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04}; + + byte ciphertext[sizeof(msg)]; + byte authtag[WC_AES_BLOCK_SIZE]; + int i; + int len; + + len = sizeof(authtag); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + 0); + + /* Test null checking */ + ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + NULL, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + NULL, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + NULL, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + NULL, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + NULL, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test bad key lengths */ + for (i = 0; i <= 32; i++) { + int exp_ret; + if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE + || i == AES_256_KEY_SIZE) { + exp_ret = 0; + } + else { + exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + } + + ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i, + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + exp_ret); + } + + + /* Test auth tag size out of range */ + len = WC_AES_BLOCK_SIZE + 1; + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} /* END test_wc_AesEaxEncryptAuth() */ + +/* + * Testing test_wc_AesEaxDecryptAuth() + */ +int test_wc_AesEaxDecryptAuth(void) +{ + EXPECT_DECLS; + + const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; + const byte ct[] = {0x00, 0x01, 0x02, 0x03, 0x04}; + /* Garbage tag that should always fail for above aad */ + const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE, + 0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF}; + + byte plaintext[sizeof(ct)]; + int i; + int len; + + len = sizeof(tag); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(AES_EAX_AUTH_E)); + + /* Test null checking */ + ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + NULL, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + NULL, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + NULL, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + NULL, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + NULL, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test bad key lengths */ + for (i = 0; i <= 32; i++) { + int exp_ret; + if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE + || i == AES_256_KEY_SIZE) { + exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E); + } + else { + exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + } + + ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i, + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + exp_ret); + } + + + /* Test auth tag size out of range */ + len = WC_AES_BLOCK_SIZE + 1; + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} /* END test_wc_AesEaxDecryptAuth() */ + +#endif /* WOLFSSL_AES_EAX && + * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST + */ + diff --git a/tests/api/test_aes.h b/tests/api/test_aes.h new file mode 100644 index 0000000000..eb172dba1d --- /dev/null +++ b/tests/api/test_aes.h @@ -0,0 +1,44 @@ +/* test_aes.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_AES_H +#define WOLFCRYPT_TEST_AES_H + +int test_wc_AesSetKey(void); +int test_wc_AesSetIV(void); +int test_wc_AesCbcEncryptDecrypt(void); +int test_wc_AesCtrEncryptDecrypt(void); +int test_wc_AesGcmSetKey(void); +int test_wc_AesGcmEncryptDecrypt(void); +int test_wc_AesGcmMixedEncDecLongIV(void); +int test_wc_AesGcmStream(void); +int test_wc_GmacSetKey(void); +int test_wc_GmacUpdate(void); +int test_wc_AesCcmSetKey(void); +int test_wc_AesCcmEncryptDecrypt(void); +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +int test_wc_AesEaxVectors(void); +int test_wc_AesEaxEncryptAuth(void); +int test_wc_AesEaxDecryptAuth(void); +#endif /* WOLFSSL_AES_EAX */ + +#endif /* WOLFCRYPT_TEST_AES_H */ diff --git a/tests/api/test_arc4.c b/tests/api/test_arc4.c new file mode 100644 index 0000000000..6b32dd9044 --- /dev/null +++ b/tests/api/test_arc4.c @@ -0,0 +1,114 @@ +/* test_arc4.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing wc_Arc4SetKey() + */ +int test_wc_Arc4SetKey(void) +{ + EXPECT_DECLS; +#ifndef NO_RC4 + Arc4 arc; + const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + int keyLen = 8; + + ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0); + /* Test bad args. */ + ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4SetKey(&arc, NULL , (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Arc4SetKey */ + +/* + * Testing wc_Arc4Process for ENC/DEC. + */ +int test_wc_Arc4Process(void) +{ + EXPECT_DECLS; +#ifndef NO_RC4 + Arc4 enc; + Arc4 dec; + const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + int keyLen = 8; + const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + byte cipher[8]; + byte plain[8]; + + /* Init stack variables */ + XMEMSET(&enc, 0, sizeof(Arc4)); + XMEMSET(&dec, 0, sizeof(Arc4)); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + /* Use for async. */ + ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0); + + ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0); + ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0); + + ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0); + ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0); + ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0); + + /* Bad args. */ + ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_Arc4Free(&enc); + wc_Arc4Free(&dec); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Arc4Process */ + diff --git a/tests/api/test_arc4.h b/tests/api/test_arc4.h new file mode 100644 index 0000000000..78d706ca98 --- /dev/null +++ b/tests/api/test_arc4.h @@ -0,0 +1,28 @@ +/* test_arc4.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_ARC4_H +#define WOLFCRYPT_TEST_ARC4_H + +int test_wc_Arc4SetKey(void); +int test_wc_Arc4Process(void); + +#endif /* WOLFCRYPT_TEST_ARC4_H */ diff --git a/tests/api/test_camellia.c b/tests/api/test_camellia.c new file mode 100644 index 0000000000..d09b5fe358 --- /dev/null +++ b/tests/api/test_camellia.c @@ -0,0 +1,224 @@ +/* test_camellia.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * testing wc_CamelliaSetKey + */ +int test_wc_CamelliaSetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + /*128-bit key*/ + static const byte key16[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + /* 192-bit key */ + static const byte key24[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + /* 256-bit key */ + static const byte key32[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff + }; + static const byte iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv), + 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), + NULL), 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv), + 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), + NULL), 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv), + 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), + NULL), 0); + + /* Bad args. */ + ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CameliaSetKey */ + +/* + * Testing wc_CamelliaSetIV() + */ +int test_wc_CamelliaSetIV(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + static const byte iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0); + ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0); + + /* Bad args. */ + ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CamelliaSetIV*/ + +/* + * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect + */ +int test_wc_CamelliaEncryptDecryptDirect(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + static const byte key24[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + static const byte iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + static const byte plainT[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }; + byte enc[sizeof(plainT)]; + byte dec[sizeof(enc)]; + + /* Init stack variables.*/ + XMEMSET(enc, 0, 16); + XMEMSET(enc, 0, 16); + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv), + 0); + ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0); + ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0); + ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0); + + /* Pass bad args. */ + ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test-wc_CamelliaEncryptDecryptDirect */ + +/* + * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt + */ +int test_wc_CamelliaCbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + static const byte key24[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + static const byte plainT[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }; + byte enc[WC_CAMELLIA_BLOCK_SIZE]; + byte dec[WC_CAMELLIA_BLOCK_SIZE]; + + /* Init stack variables. */ + XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE); + XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE); + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), + NULL), 0); + ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT, + WC_CAMELLIA_BLOCK_SIZE), 0); + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), + NULL), 0); + ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc, + WC_CAMELLIA_BLOCK_SIZE), + 0); + ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, + WC_CAMELLIA_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, WC_CAMELLIA_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CamelliaCbcEncryptDecrypt */ + diff --git a/tests/api/test_camellia.h b/tests/api/test_camellia.h new file mode 100644 index 0000000000..6112cc103c --- /dev/null +++ b/tests/api/test_camellia.h @@ -0,0 +1,30 @@ +/* test_camellia.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CAMELLIA_H +#define WOLFCRYPT_TEST_CAMELLIA_H + +int test_wc_CamelliaSetKey(void); +int test_wc_CamelliaSetIV(void); +int test_wc_CamelliaEncryptDecryptDirect(void); +int test_wc_CamelliaCbcEncryptDecrypt(void); + +#endif /* WOLFCRYPT_TEST_CAMELLIA_H */ diff --git a/tests/api/test_chacha.c b/tests/api/test_chacha.c new file mode 100644 index 0000000000..f39403bded --- /dev/null +++ b/tests/api/test_chacha.c @@ -0,0 +1,196 @@ +/* test_chacha.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV() + */ +int test_wc_Chacha_SetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CHACHA + ChaCha ctx; + const byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + word32 keySz = (word32)(sizeof(key)/sizeof(byte)); + byte cipher[128]; + + XMEMSET(cipher, 0, sizeof(cipher)); + ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0); + /* Test bad args. */ + ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Chacha_SetKey */ + +/* + * Testing wc_Chacha_Process() + */ +int test_wc_Chacha_Process(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CHACHA + ChaCha enc, dec; + byte cipher[128]; + byte plain[128]; + const byte key[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + const char* input = "Everybody gets Friday off."; + word32 keySz = sizeof(key)/sizeof(byte); + unsigned long int inlen = XSTRLEN(input); + + /* Initialize stack variables. */ + XMEMSET(cipher, 0, 128); + XMEMSET(plain, 0, 128); + + ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0); + ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0); + ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0); + ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen), + 0); + ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0); + ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); + +#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) + /* test checking and using leftovers, currently just in C code */ + ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0); + ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, + (word32)inlen - 2), 0); + ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2), + (byte*)input + (inlen - 2), 2), 0); + ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher, + (word32)inlen - 2), 0); + ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2), + (byte*)input + (inlen - 2), 2), 0); + ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); + + /* check edge cases with counter increment */ + { + /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/ + const byte expected[] = { + 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F, + 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D, + 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20, + 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29, + 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37, + 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38, + 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88, + 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5, + 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E, + 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51, + 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5, + 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43, + 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07, + 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E, + 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4, + 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37, + 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9, + 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04, + 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06, + 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8, + 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B, + 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35, + 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54, + 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19, + 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3, + 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B, + 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23, + 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3, + 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41, + 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2, + 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35, + 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14 + }; + const byte iv2[] = { + 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9, + 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93 + }; + byte input2[256]; + int i; + + for (i = 0; i < 256; i++) + input2[i] = (byte)i; + + ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0); + ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0); + ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0); + + /* partial */ + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0); + ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0); + ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0); + } +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Chacha_Process */ + diff --git a/tests/api/test_chacha.h b/tests/api/test_chacha.h new file mode 100644 index 0000000000..4289daea54 --- /dev/null +++ b/tests/api/test_chacha.h @@ -0,0 +1,28 @@ +/* test_chacha.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CHACHA_H +#define WOLFCRYPT_TEST_CHACHA_H + +int test_wc_Chacha_SetKey(void); +int test_wc_Chacha_Process(void); + +#endif /* WOLFCRYPT_TEST_CHACHA_H */ diff --git a/tests/api/test_chacha20_poly1305.c b/tests/api/test_chacha20_poly1305.c new file mode 100644 index 0000000000..ddcc484cc8 --- /dev/null +++ b/tests/api/test_chacha20_poly1305.c @@ -0,0 +1,164 @@ +/* test_chacha20_poly1305.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt() + */ +int test_wc_ChaCha20Poly1305_aead(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + const byte key[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + const byte plaintext[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e + }; + const byte iv[] = { + 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, + 0x44, 0x45, 0x46, 0x47 + }; + const byte aad[] = { /* additional data */ + 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + }; + const byte cipher[] = { /* expected output from operation */ + 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, + 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, + 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, + 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, + 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, + 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, + 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, + 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, + 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, + 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, + 0x61, 0x16 + }; + const byte authTag[] = { /* expected output from operation */ + 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, + 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 + }; + byte generatedCiphertext[272]; + byte generatedPlaintext[272]; + byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + + /* Initialize stack variables. */ + XMEMSET(generatedCiphertext, 0, 272); + XMEMSET(generatedPlaintext, 0, 272); + + /* Test Encrypt */ + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + 0); + ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher, + sizeof(cipher)/sizeof(byte)), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL, + sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), NULL, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, + sizeof(cipher), authTag, generatedPlaintext), 0); + ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext, + sizeof(plaintext)/sizeof(byte)), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher, + sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad), + cipher, sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, + sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, + sizeof(cipher), NULL, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, + sizeof(cipher), authTag, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, + sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ChaCha20Poly1305_aead */ + diff --git a/tests/api/test_chacha20_poly1305.h b/tests/api/test_chacha20_poly1305.h new file mode 100644 index 0000000000..7d8f6334a1 --- /dev/null +++ b/tests/api/test_chacha20_poly1305.h @@ -0,0 +1,27 @@ +/* test_chacha20_poly1305.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CHACHA20_POLY1305_H +#define WOLFCRYPT_TEST_CHACHA20_POLY1305_H + +int test_wc_ChaCha20Poly1305_aead(void); + +#endif /* WOLFCRYPT_TEST_CHACHA20_POLY1305_H */ diff --git a/tests/api/test_cmac.c b/tests/api/test_cmac.c new file mode 100644 index 0000000000..5e829c4ce9 --- /dev/null +++ b/tests/api/test_cmac.c @@ -0,0 +1,259 @@ +/* test_cmac.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing wc_InitCmac() + */ +int test_wc_InitCmac(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + Cmac cmac1; + Cmac cmac2; + Cmac cmac3; + /* AES 128 key. */ + byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x10\x11\x12\x13\x14\x15\x16"; + /* AES 192 key. */ + byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x01\x11\x12\x13\x14\x15\x16" + "\x01\x02\x03\x04\x05\x06\x07\x08"; + /* AES 256 key. */ + byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x01\x11\x12\x13\x14\x15\x16" + "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x01\x11\x12\x13\x14\x15\x16"; + word32 key1Sz = (word32)sizeof(key1) - 1; + word32 key2Sz = (word32)sizeof(key2) - 1; + word32 key3Sz = (word32)sizeof(key3) - 1; + int type = WC_CMAC_AES; + + (void)key1; + (void)key1Sz; + (void)key2; + (void)key2Sz; + + XMEMSET(&cmac1, 0, sizeof(Cmac)); + XMEMSET(&cmac2, 0, sizeof(Cmac)); + XMEMSET(&cmac3, 0, sizeof(Cmac)); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0); +#endif +#ifdef WOLFSSL_AES_192 + wc_AesFree(&cmac1.aes); + ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0); +#endif +#ifdef WOLFSSL_AES_256 + wc_AesFree(&cmac2.aes); + ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0); +#endif + + wc_AesFree(&cmac3.aes); + /* Test bad args. */ + ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitCmac */ + +/* + * Testing wc_CmacUpdate() + */ +int test_wc_CmacUpdate(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) + Cmac cmac; + byte key[] = { + 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, + 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 + }; + byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64" + "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17" + "\xb3\x78\xcf\x85\x22\x41\x74\xd9" + "\xa0\x97\x39\x71\x62\xf1\x8e\x8f" + "\xf4"; + word32 inSz = (word32)sizeof(in) - 1; + word32 keySz = (word32)sizeof(key); + int type = WC_CMAC_AES; + + XMEMSET(&cmac, 0, sizeof(Cmac)); + + ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0); + ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesFree(&cmac.aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CmacUpdate */ + +/* + * Testing wc_CmacFinal() + */ +int test_wc_CmacFinal(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) + Cmac cmac; + byte key[] = { + 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, + 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 + }; + byte msg[] = { + 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64, + 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17, + 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9, + 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f, + 0xf4 + }; + /* Test vectors from CMACGenAES128.rsp from + * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac + * Per RFC4493 truncation of lsb is possible. + */ + byte expMac[] = { + 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae, + 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb + }; + byte mac[WC_AES_BLOCK_SIZE]; + word32 msgSz = (word32)sizeof(msg); + word32 keySz = (word32)sizeof(key); + word32 macSz = sizeof(mac); + word32 badMacSz = 17; + int expMacSz = sizeof(expMac); + int type = WC_CMAC_AES; + + XMEMSET(&cmac, 0, sizeof(Cmac)); + XMEMSET(mac, 0, macSz); + + ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0); + ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0); + +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + /* Pass in bad args. */ + ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* For the last call, use the API with implicit wc_CmacFree(). */ + ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0); + ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); +#else /* !HAVE_FIPS || FIPS>=5.3 */ + ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0); + ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E)); +#endif /* !HAVE_FIPS || FIPS>=5.3 */ +#endif + return EXPECT_RESULT(); +} /* END test_wc_CmacFinal */ + +/* + * Testing wc_AesCmacGenerate() && wc_AesCmacVerify() + */ +int test_wc_AesCmacGenerate(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) + byte key[] = { + 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e, + 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69 + }; + byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8" + "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4"; + byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6" + "\x3d\x32\x65\x4c\x66\x23\xc5"; + byte mac[WC_AES_BLOCK_SIZE]; + word32 keySz = sizeof(key); + word32 macSz = sizeof(mac); + word32 msgSz = sizeof(msg) - 1; + word32 expMacSz = sizeof(expMac) - 1; + + XMEMSET(mac, 0, macSz); + + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0); + ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_AesCmacGenerate */ + diff --git a/tests/api/test_cmac.h b/tests/api/test_cmac.h new file mode 100644 index 0000000000..dac1e3dca1 --- /dev/null +++ b/tests/api/test_cmac.h @@ -0,0 +1,30 @@ +/* test_cmac.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CMAC_H +#define WOLFCRYPT_TEST_CMAC_H + +int test_wc_InitCmac(void); +int test_wc_CmacUpdate(void); +int test_wc_CmacFinal(void); +int test_wc_AesCmacGenerate(void); + +#endif /* WOLFCRYPT_TEST_CMAC_H */ diff --git a/tests/api/test_des3.c b/tests/api/test_des3.c new file mode 100644 index 0000000000..9b567e6d9d --- /dev/null +++ b/tests/api/test_des3.c @@ -0,0 +1,231 @@ +/* test_des3.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * unit test for wc_Des3_SetIV() + */ +int test_wc_Des3_SetIV(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + Des3 des; + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + + /* DES_ENCRYPTION or DES_DECRYPTION */ + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0); + +#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */ + /* Test explicitly wc_Des3_SetIV() */ + ExpectIntEQ(wc_Des3_SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0); +#endif + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Des3_SetIV */ + +/* + * unit test for wc_Des3_SetKey() + */ +int test_wc_Des3_SetKey(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + Des3 des; + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + + /* DES_ENCRYPTION or DES_DECRYPTION */ + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Default case. Should return 0. */ + ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0); + + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Des3_SetKey */ + +/* + * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt + */ +int test_wc_Des3_CbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + Des3 des; + byte cipher[24]; + byte plain[24]; + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + + ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0); + ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0); + ExpectIntEQ(XMEMCMP(plain, vector, 24), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); + +} /* END wc_Des3_CbcEncrypt */ + +/* + * Unit test for wc_Des3_EcbEncrypt + */ +int test_wc_Des3_EcbEncrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) + Des3 des; + byte cipher[24]; + word32 cipherSz = sizeof(cipher); + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + + /* Bad Cases */ + ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0); + + /* Good Cases */ + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0); + + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Des3_EcbEncrypt */ + diff --git a/tests/api/test_des3.h b/tests/api/test_des3.h new file mode 100644 index 0000000000..70e8bca599 --- /dev/null +++ b/tests/api/test_des3.h @@ -0,0 +1,30 @@ +/* test_des3.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_DES3_H +#define WOLFCRYPT_TEST_DES3_H + +int test_wc_Des3_SetIV(void); +int test_wc_Des3_SetKey(void); +int test_wc_Des3_CbcEncryptDecrypt(void); +int test_wc_Des3_EcbEncrypt(void); + +#endif /* WOLFCRYPT_TEST_DES3_H */ diff --git a/tests/api/test_hmac.c b/tests/api/test_hmac.c new file mode 100644 index 0000000000..a811db2338 --- /dev/null +++ b/tests/api/test_hmac.c @@ -0,0 +1,691 @@ +/* test_cmac.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Test function for wc_HmacSetKey + */ +int test_wc_Md5HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_MD5) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])); +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) + wc_HmacFree(&hmac); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(ret, 0); +#endif + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0); +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#elif defined(HAVE_FIPS) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Md5HmacSetKey */ + +/* + * testing wc_HmacSetKey() on wc_Sha hash. + */ +int test_wc_ShaHmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaHmacSetKey() */ + +/* + * testing wc_HmacSetKey() on Sha224 hash. + */ +int test_wc_Sha224HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224HmacSetKey() */ + + /* + * testing wc_HmacSetKey() on Sha256 hash + */ +int test_wc_Sha256HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA256) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256HmacSetKey() */ + +/* + * testing wc_HmacSetKey on Sha384 hash. + */ +int test_wc_Sha384HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384HmacSetKey() */ + +/* + * testing wc_HmacUpdate on wc_Md5 hash. + */ +int test_wc_Md5HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 5)) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Md5HmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA hash. + */ +int test_wc_ShaHmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaHmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA224 hash. + */ +int test_wc_Sha224HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224HmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA256 hash. + */ +int test_wc_Sha256HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA256) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256HmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA384 hash. + */ +int test_wc_Sha384HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384HmacUpdate */ + +/* + * Testing wc_HmacFinal() with MD5 + */ + +int test_wc_Md5HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 5)) + Hmac hmac; + byte hash[WC_MD5_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" + "\x9d"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)), + 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Md5HmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA + */ +int test_wc_ShaHmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA) + Hmac hmac; + byte hash[WC_SHA_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" + "\x8e\xf1\x46\xbe\x00"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)), + 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaHmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA224 + */ +int test_wc_Sha224HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) + Hmac hmac; + byte hash[WC_SHA224_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" + "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, + (word32)XSTRLEN(key)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224HmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA256 + */ +int test_wc_Sha256HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA256) + Hmac hmac; + byte hash[WC_SHA256_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" + "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" + "\xcf\xf7"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, + (word32)XSTRLEN(key)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256HmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA384 + */ +int test_wc_Sha384HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + Hmac hmac; + byte hash[WC_SHA384_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" + "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" + "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" + "\xfa\x9c\xb6"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, + (word32)XSTRLEN(key)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384HmacFinal */ + diff --git a/tests/api/test_hmac.h b/tests/api/test_hmac.h new file mode 100644 index 0000000000..e92949f53c --- /dev/null +++ b/tests/api/test_hmac.h @@ -0,0 +1,41 @@ +/* test_hmac.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_HMAC_H +#define WOLFCRYPT_TEST_HMAC_H + +int test_wc_Md5HmacSetKey(void); +int test_wc_Md5HmacUpdate(void); +int test_wc_Md5HmacFinal(void); +int test_wc_ShaHmacSetKey(void); +int test_wc_ShaHmacUpdate(void); +int test_wc_ShaHmacFinal(void); +int test_wc_Sha224HmacSetKey(void); +int test_wc_Sha224HmacUpdate(void); +int test_wc_Sha224HmacFinal(void); +int test_wc_Sha256HmacSetKey(void); +int test_wc_Sha256HmacUpdate(void); +int test_wc_Sha256HmacFinal(void); +int test_wc_Sha384HmacSetKey(void); +int test_wc_Sha384HmacUpdate(void); +int test_wc_Sha384HmacFinal(void); + +#endif /* WOLFCRYPT_TEST_HMAC_H */ diff --git a/tests/api/test_poly1305.c b/tests/api/test_poly1305.c new file mode 100644 index 0000000000..775e7cea71 --- /dev/null +++ b/tests/api/test_poly1305.c @@ -0,0 +1,73 @@ +/* test_poly1305.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * unit test for wc_Poly1305SetKey() + */ +int test_wc_Poly1305SetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_POLY1305 + Poly1305 ctx; + const byte key[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + word32 keySz = (word32)(sizeof(key)/sizeof(byte)); + + ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Poly1305_SetKey() */ + diff --git a/tests/api/test_poly1305.h b/tests/api/test_poly1305.h new file mode 100644 index 0000000000..0986d6cf0b --- /dev/null +++ b/tests/api/test_poly1305.h @@ -0,0 +1,27 @@ +/* test_poly1305.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_POLY1305_H +#define WOLFCRYPT_TEST_POLY1305_H + +int test_wc_Poly1305SetKey(void); + +#endif /* WOLFCRYPT_TEST_POLY1305_H */ diff --git a/tests/api/test_rc2.c b/tests/api/test_rc2.c new file mode 100644 index 0000000000..108ecc86c4 --- /dev/null +++ b/tests/api/test_rc2.c @@ -0,0 +1,230 @@ +/* test_rc2.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing function for wc_Rc2SetKey(). + */ +int test_wc_Rc2SetKey(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; + + /* valid key and IV */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), + iv, 40), 0); + /* valid key, no IV */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), + NULL, 40), 0); + + /* bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte), + iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null key */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte), + iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* key size == 0 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), + WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + /* key size > 128 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), + WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + /* effective bits == 0 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), + iv, 0), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + /* effective bits > 1024 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), + iv, 1025), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2SetKey */ + +/* + * Testing function for wc_Rc2SetIV(). + */ +int test_wc_Rc2SetIV(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; + + /* valid IV */ + ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0); + /* valid NULL IV */ + ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0); + + /* bad arguments */ + ExpectIntEQ(wc_Rc2SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2SetIV */ + +/* + * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt(). + */ +int test_wc_Rc2EcbEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + int effectiveKeyBits = 63; + byte cipher[RC2_BLOCK_SIZE]; + byte plain[RC2_BLOCK_SIZE]; + byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }; + + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), + NULL, effectiveKeyBits), 0); + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0); + + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0); + + /* Rc2EcbEncrypt bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* output buffer sz != RC2_BLOCK_SIZE (8) */ + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Rc2EcbDecrypt bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* output buffer sz != RC2_BLOCK_SIZE (8) */ + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), + WC_NO_ERR_TRACE(BUFFER_E)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2EcbEncryptDecrypt */ + +/* + * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt(). + */ +int test_wc_Rc2CbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + int effectiveKeyBits = 63; + byte cipher[RC2_BLOCK_SIZE*2]; + byte plain[RC2_BLOCK_SIZE*2]; + /* vector taken from test.c */ + byte key[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + byte iv[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + byte input[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + byte output[] = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57 + }; + + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), + iv, effectiveKeyBits), 0); + ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0); + ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0); + + /* reset IV for decrypt */ + ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0); + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0); + ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0); + + /* Rc2CbcEncrypt bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Rc2CbcDecrypt bad arguments */ + /* in size is 0 */ + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0); + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2CbcEncryptDecrypt */ + diff --git a/tests/api/test_rc2.h b/tests/api/test_rc2.h new file mode 100644 index 0000000000..ab3159bc3f --- /dev/null +++ b/tests/api/test_rc2.h @@ -0,0 +1,30 @@ +/* test_rc2.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_RC2_H +#define WOLFCRYPT_TEST_RC2_H + +int test_wc_Rc2SetKey(void); +int test_wc_Rc2SetIV(void); +int test_wc_Rc2EcbEncryptDecrypt(void); +int test_wc_Rc2CbcEncryptDecrypt(void); + +#endif /* WOLFCRYPT_TEST_RC2_H */ diff --git a/tests/api/test_sm4.c b/tests/api/test_sm4.c new file mode 100644 index 0000000000..3d8a304006 --- /dev/null +++ b/tests/api/test_sm4.c @@ -0,0 +1,795 @@ +/* test_sm4.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing streaming SM4 API. + */ +int test_wc_Sm4(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4 + EXPECT_DECLS; + wc_Sm4 sm4; +#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \ + defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM) + unsigned char key[SM4_KEY_SIZE]; +#endif +#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR) + unsigned char iv[SM4_IV_SIZE]; +#endif + + /* Invalid parameters - wc_Sm4Init */ + ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4Init */ + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + +#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \ + defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM) + XMEMSET(key, 0, sizeof(key)); + + /* Invalid parameters - wc_Sm4SetKey. */ + ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4SetKey. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); +#endif + +#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR) + XMEMSET(iv, 0, sizeof(iv)); + + /* Invalid parameters - wc_Sm4SetIV. */ + ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4SetIV. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); +#endif + + /* Valid cases - wc_Sm4Free */ + wc_Sm4Free(NULL); + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4 */ + +/* + * Testing block based SM4-ECB API. + */ +int test_wc_Sm4Ecb(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_ECB + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE]; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(in, 0, sizeof(in)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + + /* Invalid parameters - wc_Sm4EcbEncrypt. */ + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4EcbEncrypt. */ + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + /* Invalid parameters - wc_Sm4EcbDecrypt. */ + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4EcbDecrypt. */ + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Ecb */ + +/* + * Testing block based SM4-CBC API. + */ +int test_wc_Sm4Cbc(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_CBC + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char iv[SM4_IV_SIZE]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE]; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + XMEMSET(in, 0, sizeof(in)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_IV)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_IV)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + + /* Invalid parameters - wc_Sm4CbcEncrypt. */ + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4CbcEncrypt. */ + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + /* Invalid parameters - wc_Sm4CbcDecrypt. */ + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + /* Valid cases - wc_Sm4CbcDecrypt. */ + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Cbc */ + +/* + * Testing streaming SM4-CTR API. + */ +int test_wc_Sm4Ctr(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_CTR + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char iv[SM4_IV_SIZE]; + unsigned char in[SM4_BLOCK_SIZE * 4]; + unsigned char out[SM4_BLOCK_SIZE * 4]; + unsigned char out2[SM4_BLOCK_SIZE * 4]; + word32 chunk; + word32 i; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + XMEMSET(in, 0, sizeof(in)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_IV)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + + /* Invalid parameters - wc_Sm4CtrEncrypt. */ + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4CtrEncrypt. */ + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, 1), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(out2, out, 2), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. Also check encrypt of cipher text produces + * plaintext. + */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + /* Chunking tests. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0); + for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) { + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) { + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0); + } + if (i < (word32)sizeof(in)) { + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, + (word32)sizeof(in) - i), 0); + } + ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0); + } + + for (i = 0; i < (word32)sizeof(iv); i++) { + iv[i] = 0xff; + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0); + } + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Ctr */ + +/* + * Testing stream SM4-GCM API. + */ +int test_wc_Sm4Gcm(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_GCM + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char nonce[GCM_NONCE_MAX_SZ]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char in2[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE * 2]; + unsigned char dec[SM4_BLOCK_SIZE * 2]; + unsigned char tag[SM4_BLOCK_SIZE]; + unsigned char aad[SM4_BLOCK_SIZE * 2]; + word32 i; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(nonce, 0, sizeof(nonce)); + XMEMSET(in, 0, sizeof(in)); + XMEMSET(in2, 0, sizeof(in2)); + XMEMSET(aad, 0, sizeof(aad)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + + /* Invalid parameters - wc_Sm4GcmSetKey. */ + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid parameters - wc_Sm4GcmSetKey. */ + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0); + + /* Invalid parameters - wc_Sm4GcmEncrypt. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Invalid parameters - wc_Sm4GcmDecrypt. */ + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0); + + /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), + WC_NO_ERR_TRACE(SM4_GCM_AUTH_E)); + + /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ + for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) { + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0); + } + + /* Check different in/out sizes. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) { + XMEMCPY(out2, out, i - 1); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in, dec, i), 0); + } + + /* Force the counter to roll over in first byte. */ + { + static unsigned char largeIn[256 * SM4_BLOCK_SIZE]; + static unsigned char largeOut[256 * SM4_BLOCK_SIZE]; + + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn), + nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn), + nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0); + } + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Gcm */ + +/* + * Testing stream SM4-CCM API. + */ +int test_wc_Sm4Ccm(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_CCM + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char nonce[CCM_NONCE_MAX_SZ]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char in2[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE * 2]; + unsigned char dec[SM4_BLOCK_SIZE * 2]; + unsigned char tag[SM4_BLOCK_SIZE]; + unsigned char aad[SM4_BLOCK_SIZE * 2]; + word32 i; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(nonce, 0, sizeof(nonce)); + XMEMSET(in, 0, sizeof(in)); + XMEMSET(in2, 0, sizeof(in2)); + XMEMSET(aad, 0, sizeof(aad)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + + /* Invalid parameters - wc_Sm4CcmEncrypt. */ + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Invalid parameters - wc_Sm4CcmDecrypt. */ + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0); + + /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ + for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + } + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), + WC_NO_ERR_TRACE(SM4_CCM_AUTH_E)); + + /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ + for (i = 0; i < 4; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } + /* Odd values in range 4..SM4_BLOCK_SIZE. */ + for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } + /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. + * Even values in range 4..SM4_BLOCK_SIZE. + */ + for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0); + } + + /* Check different in/out sizes. */ + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) { + XMEMCPY(out2, out, i - 1); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in, dec, i), 0); + } + + /* Force the counter to roll over in first byte. */ + { + static unsigned char largeIn[256 * SM4_BLOCK_SIZE]; + static unsigned char largeOut[256 * SM4_BLOCK_SIZE]; + + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn), + nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn), + nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0); + } + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Ccm */ + diff --git a/tests/api/test_sm4.h b/tests/api/test_sm4.h new file mode 100644 index 0000000000..be60a466df --- /dev/null +++ b/tests/api/test_sm4.h @@ -0,0 +1,32 @@ +/* test_sm4.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SM4_H +#define WOLFCRYPT_TEST_SM4_H + +int test_wc_Sm4(void); +int test_wc_Sm4Ecb(void); +int test_wc_Sm4Cbc(void); +int test_wc_Sm4Ctr(void); +int test_wc_Sm4Gcm(void); +int test_wc_Sm4Ccm(void); + +#endif /* WOLFCRYPT_TEST_SM4_H */ diff --git a/tests/api/test_wc_encrypt.c b/tests/api/test_wc_encrypt.c new file mode 100644 index 0000000000..1200e93614 --- /dev/null +++ b/tests/api/test_wc_encrypt.c @@ -0,0 +1,99 @@ +/* test_wc_encrypt.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey + */ +int test_wc_Des3_CbcEncryptDecryptWithKey(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + word32 vectorSz, cipherSz; + byte cipher[24]; + byte plain[24]; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + vectorSz = sizeof(byte) * 24; + cipherSz = sizeof(byte) * 24; + + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv), + 0); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0); + ExpectIntEQ(XMEMCMP(plain, vector, 24), 0); + + /* pass in bad args. */ + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL), + 0); + + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL), + 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Des3_CbcEncryptDecryptWithKey */ + diff --git a/tests/api/test_wc_encrypt.h b/tests/api/test_wc_encrypt.h new file mode 100644 index 0000000000..c6cf25e8fc --- /dev/null +++ b/tests/api/test_wc_encrypt.h @@ -0,0 +1,27 @@ +/* test_wc_encrypt.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_WC_ENCRYPT_H +#define WOLFCRYPT_TEST_WC_ENCRYPT_H + +int test_wc_Des3_CbcEncryptDecryptWithKey(void); + +#endif /* WOLFCRYPT_TEST_WC_ENCRYPT_H */