/* Generate blocks of random data. Underlying function used by the user-callable random data functions. */
static int pico_rand_generate_block (uint8_t* buffer, int buffer_size) {
uint8_t encrypt_iv[PICO_RAND_ENCRYPT_IV_SIZE] = { 0 }; /* Can't use ECB mode and combine it with our external counter, so doing it this way */
/* Run encryption block */
if (!pico_rand_counter_is_zero (pico_rand_generator.counter)) { /* Refuse if not seeded */
if (buffer_size >= PICO_RAND_ENCRYPT_BLOCK_SIZE) {
wc_AesSetKey(pico_rand_generator.aes, pico_rand_generator.key, PICO_RAND_ENCRYPT_KEY_SIZE, encrypt_iv, AES_ENCRYPTION);
wc_AesCbcEncrypt(pico_rand_generator.aes, buffer, (const byte*) pico_rand_generator.counter, PICO_RAND_ENCRYPT_IV_SIZE);
pico_rand_increment_counter (pico_rand_generator.counter);
return 1; /* Done succesfully */
}
/* Buffer size smaller than block size! */
return 0;
} else {
/* Not seeded, cannot produce anything! */
return 0;
}
}
void AES_ctr128_encrypt(const byte *in, byte *out, word32 len, AES_KEY *key,
byte *ivec, byte *ecount_buf, unsigned int *num)
{
Aes aes;
byte RecvBuf[0x1000];
wc_AesSetKey(&aes, key->key, key->bytes, ivec, AES_ENCRYPTION);
wc_AesCtrEncrypt(&aes, RecvBuf, in, len);
memcpy(out, RecvBuf, len);
}
/* AES Key Set, may have iv, will have direction */
int CRYPT_AES_KeySet(CRYPT_AES_CTX* aes, const unsigned char* key,
unsigned int keyLen, const unsigned char* iv, int dir)
{
typedef char aes_test[sizeof(CRYPT_AES_CTX) >= sizeof(Aes) ? 1 : -1];
(void)sizeof(aes_test);
if (aes == NULL || key == NULL)
return BAD_FUNC_ARG;
return wc_AesSetKey((Aes*)aes, key, keyLen, iv, dir);
}
static int AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
{
byte nonce[AES_BLOCK_SIZE];
if ((aes == NULL) || (key == NULL))
return BAD_FUNC_ARG ;
if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
return BAD_FUNC_ARG ;
XMEMSET(nonce, 0, sizeof(nonce));
return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
}
void aes_cmac(const unsigned char *key, const unsigned char *message, int len,
unsigned char *mac) {
Aes aes;
wc_AesSetKey(&aes, key, BLOCKSIZE, 0, AES_ENCRYPTION);
unsigned char k1[BLOCKSIZE], k2[BLOCKSIZE], xorResult[BLOCKSIZE],
lastBlock[BLOCKSIZE];
Generate_Subkey(&aes, k1, k2);
int nBlocks = (len + BLOCKSIZE - 1) / BLOCKSIZE;
bool needs_padding;
if (nBlocks == 0) {
nBlocks = 1;
needs_padding = true;
} else {
needs_padding = (len % BLOCKSIZE) != 0;
}
if (needs_padding) {
padding(&message[BLOCKSIZE * (nBlocks - 1)], lastBlock,
len % BLOCKSIZE);
xor_128(lastBlock, k2, lastBlock);
} else {
xor_128(&message[BLOCKSIZE * (nBlocks - 1)], k1, lastBlock);
}
for (int i = 0; i < BLOCKSIZE; i++)
mac[i] = 0x00;
for (int i = 0; i < nBlocks - 1; i++) {
xor_128(&message[i * BLOCKSIZE], mac, xorResult);
aes_encrypt(&aes, mac, xorResult);
}
xor_128(lastBlock, mac, xorResult);
aes_encrypt(&aes, mac, xorResult);
}
/*
* Encrypts a file using AES
*/
int AesEncrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile)
{
RNG rng;
byte iv[AES_BLOCK_SIZE];
byte* input;
byte* output;
byte salt[SALT_SIZE] = {0};
int i = 0;
int ret = 0;
int inputLength;
int length;
int padCounter = 0;
fseek(inFile, 0, SEEK_END);
inputLength = ftell(inFile);
fseek(inFile, 0, SEEK_SET);
length = inputLength;
/* pads the length until it evenly matches a block / increases pad number*/
while (length % AES_BLOCK_SIZE != 0) {
length++;
padCounter++;
}
input = malloc(length);
output = malloc(length);
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Failed to initialize random number generator\n");
return -1030;
}
/* reads from inFile and writes whatever is there to the input array */
ret = fread(input, 1, inputLength, inFile);
if (ret == 0) {
printf("Input file does not exist.\n");
return -1010;
}
for (i = inputLength; i < length; i++) {
/* pads the added characters with the number of pads */
input[i] = padCounter;
}
ret = wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
if (ret != 0)
return -1020;
/* stretches key to fit size */
ret = GenerateKey(&rng, key, size, salt, padCounter);
if (ret != 0)
return -1040;
/* sets key */
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
return -1001;
/* encrypts the message to the output based on input length + padding */
ret = wc_AesCbcEncrypt(aes, output, input, length);
if (ret != 0)
return -1005;
/* writes to outFile */
fwrite(salt, 1, SALT_SIZE, outFile);
fwrite(iv, 1, AES_BLOCK_SIZE, outFile);
fwrite(output, 1, length, outFile);
/* closes the opened files and frees the memory*/
memset(input, 0, length);
memset(output, 0, length);
memset(key, 0, size);
free(input);
free(output);
free(key);
fclose(inFile);
fclose(outFile);
wc_FreeRng(&rng);
return ret;
}
/*
* Decrypts a file using AES
*/
int AesDecrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile)
{
RNG rng;
byte iv[AES_BLOCK_SIZE];
byte* input;
byte* output;
byte salt[SALT_SIZE] = {0};
int i = 0;
int ret = 0;
int length;
int aSize;
fseek(inFile, 0, SEEK_END);
length = ftell(inFile);
fseek(inFile, 0, SEEK_SET);
aSize = length;
input = malloc(aSize);
output = malloc(aSize);
wc_InitRng(&rng);
/* reads from inFile and writes whatever is there to the input array */
ret = fread(input, 1, length, inFile);
if (ret == 0) {
printf("Input file does not exist.\n");
return -1010;
}
for (i = 0; i < SALT_SIZE; i++) {
/* finds salt from input message */
salt[i] = input[i];
}
for (i = SALT_SIZE; i < AES_BLOCK_SIZE + SALT_SIZE; i++) {
/* finds iv from input message */
iv[i - SALT_SIZE] = input[i];
}
/* replicates old key if keys match */
ret = wc_PBKDF2(key, key, strlen((const char*)key), salt, SALT_SIZE, 4096,
size, WC_SHA256);
if (ret != 0)
return -1050;
/* sets key */
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
return -1002;
/* change length to remove salt/iv block from being decrypted */
length -= (AES_BLOCK_SIZE + SALT_SIZE);
for (i = 0; i < length; i++) {
/* shifts message: ignores salt/iv on message*/
input[i] = input[i + (AES_BLOCK_SIZE + SALT_SIZE)];
}
/* decrypts the message to output based on input length + padding*/
ret = wc_AesCbcDecrypt(aes, output, input, length);
if (ret != 0)
return -1006;
if (salt[0] != 0) {
/* reduces length based on number of padded elements */
length -= output[length-1];
}
/* writes output to the outFile based on shortened length */
fwrite(output, 1, length, outFile);
/* closes the opened files and frees the memory*/
memset(input, 0, aSize);
memset(output, 0, aSize);
memset(key, 0, size);
free(input);
free(output);
free(key);
fclose(inFile);
fclose(outFile);
wc_FreeRng(&rng);
return 0;
}
WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir)
{
return(wc_AesSetKey(aes, key, len, iv, dir)) ;
}
/*
* benchmarking funciton
*/
int wolfCLU_benchmark(int timer, int* option)
{
int i = 0; /* A looping variable */
int loop = 1; /* benchmarking loop */
int64_t blocks = 0; /* blocks used during benchmarking */
#ifndef NO_AES
Aes aes; /* aes declaration */
#endif
#ifndef NO_DES3
Des3 des3; /* 3des declaration */
#endif
RNG rng; /* random number generator */
int ret = 0; /* return variable */
double stop = 0.0; /* stop breaks loop */
double start; /* start time */
double currTime; /* current time*/
ALIGN16 byte* plain; /* plain text */
ALIGN16 byte* cipher; /* cipher */
ALIGN16 byte* key; /* key for testing */
ALIGN16 byte* iv; /* iv for initial encoding */
byte* digest; /* message digest */
wc_InitRng(&rng);
signal(SIGALRM, wolfCLU_stop);
i = 0;
#ifndef NO_AES
/* aes test */
if (option[i] == 1) {
plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_AesSetKey(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
while (loop) {
wc_AesCbcEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("\n");
printf("AES-CBC ");
wolfCLU_stats(start, AES_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(key, 0, AES_BLOCK_SIZE);
XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_AES_COUNTER
/* aes-ctr test */
if (option[i] == 1) {
plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_AesSetKeyDirect(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
while (loop) {
wc_AesCtrEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("AES-CTR ");
wolfCLU_stats(start, AES_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(key, 0, AES_BLOCK_SIZE);
XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_DES3
/* 3des test */
if (option[i] == 1) {
plain = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, DES3_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
while (loop) {
wc_Des3_CbcEncrypt(&des3, cipher, plain, DES3_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("3DES ");
wolfCLU_stats(start, DES3_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, DES3_BLOCK_SIZE);
XMEMSET(cipher, 0, DES3_BLOCK_SIZE);
XMEMSET(key, 0, DES3_BLOCK_SIZE);
XMEMSET(iv, 0, DES3_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef HAVE_CAMELLIA
#define CAM_SZ CAMELLIA_BLOCK_SIZE
/* camellia test */
if (option[i] == 1) {
Camellia camellia;
plain = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, CAMELLIA_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_CamelliaSetKey(&camellia, key, CAMELLIA_BLOCK_SIZE, iv);
while (loop) {
wc_CamelliaCbcEncrypt(&camellia, cipher, plain, CAMELLIA_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("Camellia ");
wolfCLU_stats(start, CAMELLIA_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(cipher, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(key, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(iv, 0, CAMELLIA_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_MD5
/* md5 test */
if (option[i] == 1) {
Md5 md5;
digest = XMALLOC(MD5_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitMd5(&md5);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Md5Update(&md5, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Md5Final(&md5, digest);
printf("MD5 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, MD5_DIGEST_SIZE);
wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_SHA
/* sha test */
if (option[i] == 1) {
Sha sha;
digest = XMALLOC(SHA_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha(&sha);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_ShaUpdate(&sha, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_ShaFinal(&sha, digest);
printf("Sha ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_SHA256
#define SHA256_SZ SHA256_DIGEST_SIZE
/* sha256 test */
if (option[i] == 1) {
Sha256 sha256;
digest = XMALLOC(SHA256_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha256(&sha256);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha256Update(&sha256, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha256Final(&sha256, digest);
printf("Sha256 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA256_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
/* resets used for debug, uncomment if needed */
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_SHA384
#define SHA384_SZ SHA384_DIGEST_SIZE
/* sha384 test */
if (option[i] == 1) {
Sha384 sha384;
digest = XMALLOC(SHA384_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha384(&sha384);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha384Update(&sha384, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha384Final(&sha384, digest);
printf("Sha384 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA384_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_SHA512
#define SHA512_SZ SHA512_DIGEST_SIZE
/* sha512 test */
if (option[i] == 1) {
Sha512 sha512;
digest = XMALLOC(SHA512_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha512(&sha512);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha512Update(&sha512, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha512Final(&sha512, digest);
printf("Sha512 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA512_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef HAVE_BLAKE2
/* blake2b test */
if (option[i] == 1) {
Blake2b b2b;
digest = XMALLOC(BLAKE_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitBlake2b(&b2b, BLAKE_DIGEST_SIZE);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Blake2bUpdate(&b2b, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Blake2bFinal(&b2b, digest, BLAKE_DIGEST_SIZE);
printf("Blake2b ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, BLAKE_DIGEST_SIZE);
wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
}
#endif
return ret;
}
int wolfsslEncrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size,
char* in, char* out, byte* iv, int block, int ivCheck, int inputHex)
{
#ifndef NO_AES
Aes aes; /* aes declaration */
#endif
#ifndef NO_DES3
Des3 des3; /* 3des declaration */
#endif
#ifdef HAVE_CAMELLIA
Camellia camellia; /* camellia declaration */
#endif
FILE* tempInFile = NULL; /* if user not provide a file */
FILE* inFile = NULL; /* input file */
FILE* outFile = NULL; /* output file */
RNG rng; /* random number generator declaration */
byte* input = NULL; /* input buffer */
byte* output = NULL; /* output buffer */
byte salt[SALT_SIZE] = {0}; /* salt variable */
int ret = 0; /* return variable */
int inputLength = 0; /* length of input */
int length = 0; /* total length */
int padCounter = 0; /* number of padded bytes */
int i = 0; /* loop variable */
int hexRet = 0; /* hex -> bin return*/
word32 tempInputL = 0; /* temporary input Length */
word32 tempMax = MAX; /* controls encryption amount */
char inputString[MAX]; /* the input string */
char* userInputBuffer = NULL; /* buffer when input is not a file */
if (access (in, F_OK) == -1) {
printf("file did not exist, encrypting string following \"-i\""
"instead.\n");
/* use user entered data to encrypt */
inputLength = (int) strlen(in);
userInputBuffer = (char*) malloc(inputLength);
/* writes the entered text to the input buffer */
XMEMCPY(userInputBuffer, in, inputLength);
/* open the file to write */
tempInFile = fopen(in, "wb");
fwrite(userInputBuffer, 1, inputLength, tempInFile);
fclose(tempInFile);
/* free buffer */
free(userInputBuffer);
}
/* open the inFile in read mode */
inFile = fopen(in, "rb");
/* find length */
fseek(inFile, 0, SEEK_END);
inputLength = (int) ftell(inFile);
fseek(inFile, 0, SEEK_SET);
length = inputLength;
/* Start up the random number generator */
ret = (int) wc_InitRng(&rng);
if (ret != 0) {
printf("Random Number Generator failed to start.\n");
return ret;
}
/* pads the length until it matches a block,
* and increases pad number
*/
while (length % block != 0) {
length++;
padCounter++;
}
/* if the iv was not explicitly set,
* generate an iv and use the pwdKey
*/
if (ivCheck == 0) {
/* IV not set, generate it */
ret = wc_RNG_GenerateBlock(&rng, iv, block);
if (ret != 0) {
return ret;
}
/* stretches pwdKey to fit size based on wolfsslGetAlgo() */
ret = wolfsslGenKey(&rng, pwdKey, size, salt, padCounter);
if (ret != 0) {
printf("failed to set pwdKey.\n");
return ret;
}
/* move the generated pwdKey to "key" for encrypting */
for (i = 0; i < size; i++) {
key[i] = pwdKey[i];
}
}
/* open the outFile in write mode */
outFile = fopen(out, "wb");
fwrite(salt, 1, SALT_SIZE, outFile);
fwrite(iv, 1, block, outFile);
fclose(outFile);
/* malloc 1kB buffers */
input = (byte*) malloc(MAX);
output = (byte*) malloc(MAX);
/* loop, encrypt 1kB at a time till length <= 0 */
while (length > 0) {
/* Read in 1kB to input[] */
if (inputHex == 1)
ret = (int) fread(inputString, 1, MAX, inFile);
else
ret = (int) fread(input, 1, MAX, inFile);
if (ret != MAX) {
/* check for end of file */
if (feof(inFile)) {
/* hex or ascii */
if (inputHex == 1) {
hexRet = wolfsslHexToBin(inputString, &input,
&tempInputL,
NULL, NULL, NULL,
NULL, NULL, NULL,
NULL, NULL, NULL);
if (hexRet != 0) {
printf("failed during conversion of input,"
" ret = %d\n", hexRet);
return hexRet;
}
}/* end hex or ascii */
/* pad to end of block */
for (i = ret ; i < (ret + padCounter); i++) {
input[i] = padCounter;
}
/* adjust tempMax for less than 1kB encryption */
tempMax = ret + padCounter;
}
else { /* otherwise we got a file read error */
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return FREAD_ERROR;
}/* End feof check */
}/* End fread check */
/* sets key encrypts the message to ouput from input */
#ifndef NO_AES
if (XSTRNCMP(alg, "aes", 3) == 0) {
if (XSTRNCMP(mode, "cbc", 3) == 0) {
ret = wc_AesSetKey(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("wc_AesSetKey failed.\n");
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return ret;
}
ret = wc_AesCbcEncrypt(&aes, output, input, tempMax);
if (ret != 0) {
printf("wc_AesCbcEncrypt failed.\n");
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return ENCRYPT_ERROR;
}
}
#ifdef WOLFSSL_AES_COUNTER
else if (XSTRNCMP(mode, "ctr", 3) == 0) {
/* if mode is ctr */
wc_AesSetKeyDirect(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
wc_AesCtrEncrypt(&aes, output, input, tempMax);
}
#endif
}
#endif
#ifndef NO_DES3
if (XSTRNCMP(alg, "3des", 4) == 0) {
ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
if (ret != 0) {
printf("wc_Des3_SetKey failed.\n");
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return ret;
}
ret = wc_Des3_CbcEncrypt(&des3, output, input, tempMax);
if (ret != 0) {
printf("wc_Des3_cbcEncrypt failed.\n");
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return ENCRYPT_ERROR;
}
}
#endif
#ifdef HAVE_CAMELLIA
if (XSTRNCMP(alg, "camellia", 8) == 0) {
ret = wc_CamelliaSetKey(&camellia, key, block, iv);
if (ret != 0) {
printf("CamelliaSetKey failed.\n");
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return ret;
}
if (XSTRNCMP(mode, "cbc", 3) == 0) {
wc_CamelliaCbcEncrypt(&camellia, output, input, tempMax);
}
else {
printf("Incompatible mode while using Camellia.\n");
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return FATAL_ERROR;
}
}
#endif /* HAVE_CAMELLIA */
/* this method added for visual confirmation of nist test vectors,
* automated tests to come soon
*/
/* something in the output buffer and using hex */
if (output != NULL && inputHex == 1) {
int tempi;
printf("\nUser specified hex input this is a representation of "
"what\nis being written to file in hex form.\n\n[ ");
for (tempi = 0; tempi < block; tempi++ ) {
printf("%02x", output[tempi]);
}
printf(" ]\n\n");
} /* end visual confirmation */
/* Open the outFile in append mode */
outFile = fopen(out, "ab");
ret = (int) fwrite(output, 1, tempMax, outFile);
if (ferror(outFile)) {
printf("failed to write to file.\n");
if (input != NULL)
XMEMSET(input, 0, tempMax);
if (output != NULL)
XMEMSET(output, 0, tempMax);
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return FWRITE_ERROR;
}
if (ret > MAX) {
printf("Wrote too much to file.\n");
if (input != NULL)
XMEMSET(input, 0, tempMax);
if (output != NULL)
XMEMSET(output, 0, tempMax);
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return FWRITE_ERROR;
}
/* close the outFile */
fclose(outFile);
length -= tempMax;
if (length < 0)
printf("length went past zero.\n");
if (input != NULL)
XMEMSET(input, 0, tempMax);
if (output != NULL)
XMEMSET(output, 0, tempMax);
}
/* closes the opened files and frees the memory */
fclose(inFile);
XMEMSET(key, 0, size);
XMEMSET(iv, 0 , block);
XMEMSET(alg, 0, size);
XMEMSET(mode, 0 , block);
/* Use the wolfssl free for rng */
wc_FreeRng(&rng);
wolfsslFreeBins(input, output, NULL, NULL, NULL);
return 0;
}
/* check mcapi aes ctr */
static int check_aesctr(void)
{
CRYPT_AES_CTX mcAes;
Aes defAes;
int ret;
byte out1[AES_TEST_SIZE];
byte out2[AES_TEST_SIZE];
strncpy((char*)key, "1234567890abcdefghijklmnopqrstuv", 32);
strncpy((char*)iv, "1234567890abcdef", 16);
/* 128 ctr encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-128 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-128 key set failed\n");
return -1;
}
ret = CRYPT_AES_CTR_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-128 ctr encrypt failed\n");
return -1;
}
wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-128 ctr encrypt cmp failed\n");
return -1;
}
/* 128 ctr decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-128 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-128 key set failed\n");
return -1;
}
ret = CRYPT_AES_CTR_Encrypt(&mcAes, out2, out1, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-128 ctr decrypt failed\n");
return -1;
}
if (memcmp(out2, ourData, AES_TEST_SIZE) != 0) {
printf("mcapi aes-128 ctr decrypt orig cmp failed\n");
return -1;
}
/* 192 ctr encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-192 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 24, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-192 key set failed\n");
return -1;
}
ret = CRYPT_AES_CTR_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-192 ctr encrypt failed\n");
return -1;
}
wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-192 ctr encrypt cmp failed\n");
return -1;
}
/* 192 ctr decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-192 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 24, iv, AES_DECRYPTION);
if (ret != 0) {
printf("default aes-192 key set failed\n");
return -1;
}
ret = CRYPT_AES_CTR_Encrypt(&mcAes, out2, out1, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-192 ctr decrypt failed\n");
return -1;
}
if (memcmp(out2, ourData, AES_TEST_SIZE) != 0) {
printf("mcapi aes-192 ctr decrypt orig cmp failed\n");
return -1;
}
/* 256 ctr encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-256 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 32, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-256 key set failed\n");
return -1;
}
ret = CRYPT_AES_CTR_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-256 ctr encrypt failed\n");
return -1;
}
wc_AesCtrEncrypt(&defAes, out2, ourData, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-256 ctr encrypt cmp failed\n");
return -1;
}
/* 256 ctr decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-256 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 32, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-256 key set failed\n");
return -1;
}
ret = CRYPT_AES_CTR_Encrypt(&mcAes, out2, out1, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-256 ctr decrypt failed\n");
return -1;
}
if (memcmp(out2, ourData, AES_TEST_SIZE) != 0) {
printf("mcapi aes-256 ctr decrypt orig cmp failed\n");
return -1;
}
printf("aes-ctr mcapi test passed\n");
return 0;
}
/* check mcapi aes direct */
static int check_aesdirect(void)
{
CRYPT_AES_CTX mcAes;
Aes defAes;
int ret;
byte out1[CRYPT_AES_BLOCK_SIZE];
byte out2[16]; /* one block at a time */
strncpy((char*)key, "1234567890abcdefghijklmnopqrstuv", 32);
strncpy((char*)iv, "1234567890abcdef", 16);
/* 128 direct encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-128 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-128 key set failed\n");
return -1;
}
ret = CRYPT_AES_DIRECT_Encrypt(&mcAes, out1, ourData);
if (ret != 0) {
printf("mcapi aes-128 direct encrypt failed\n");
return -1;
}
wc_AesEncryptDirect(&defAes, out2, ourData);
if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-128 direct encrypt cmp failed\n");
return -1;
}
/* 128 direct decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_DECRYPTION);
if (ret != 0) {
printf("mcapi aes-128 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION);
if (ret != 0) {
printf("default aes-128 key set failed\n");
return -1;
}
ret = CRYPT_AES_DIRECT_Decrypt(&mcAes, out2, out1);
if (ret != 0) {
printf("mcapi aes-128 direct decrypt failed\n");
return -1;
}
wc_AesDecryptDirect(&defAes, out1, out1);
if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-128 direct decrypt cmp failed\n");
return -1;
}
if (memcmp(out1, ourData, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-128 direct decrypt orig cmp failed\n");
return -1;
}
/* 192 direct encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-192 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 24, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-192 key set failed\n");
return -1;
}
ret = CRYPT_AES_DIRECT_Encrypt(&mcAes, out1, ourData);
if (ret != 0) {
printf("mcapi aes-192 direct encrypt failed\n");
return -1;
}
wc_AesEncryptDirect(&defAes, out2, ourData);
if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-192 direct encrypt cmp failed\n");
return -1;
}
/* 192 direct decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_DECRYPTION);
if (ret != 0) {
printf("mcapi aes-192 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 24, iv, AES_DECRYPTION);
if (ret != 0) {
printf("default aes-192 key set failed\n");
return -1;
}
ret = CRYPT_AES_DIRECT_Decrypt(&mcAes, out2, out1);
if (ret != 0) {
printf("mcapi aes-192 direct decrypt failed\n");
return -1;
}
wc_AesDecryptDirect(&defAes, out1, out1);
if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-192 direct decrypt cmp failed\n");
return -1;
}
if (memcmp(out1, ourData, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-192 direct decrypt orig cmp failed\n");
return -1;
}
/* 256 direct encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-256 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 32, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-256 key set failed\n");
return -1;
}
ret = CRYPT_AES_DIRECT_Encrypt(&mcAes, out1, ourData);
if (ret != 0) {
printf("mcapi aes-256 direct encrypt failed\n");
return -1;
}
wc_AesEncryptDirect(&defAes, out2, ourData);
if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-256 direct encrypt cmp failed\n");
return -1;
}
/* 256 direct decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_DECRYPTION);
if (ret != 0) {
printf("mcapi aes-256 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 32, iv, AES_DECRYPTION);
if (ret != 0) {
printf("default aes-256 key set failed\n");
return -1;
}
ret = CRYPT_AES_DIRECT_Decrypt(&mcAes, out2, out1);
if (ret != 0) {
printf("mcapi aes-256 direct decrypt failed\n");
return -1;
}
wc_AesDecryptDirect(&defAes, out1, out1);
if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-256 direct decrypt cmp failed\n");
return -1;
}
if (memcmp(out1, ourData, CRYPT_AES_BLOCK_SIZE) != 0) {
printf("mcapi aes-256 direct decrypt orig cmp failed\n");
return -1;
}
printf("aes-direct mcapi test passed\n");
return 0;
}
