diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4e4f4e2388..37c410b543 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1147,7 +1147,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, rng->drbg_scratch = NULL; #endif } - /* else swc_RNG_HealthTestLocal was successful */ + /* else wc_RNG_HealthTestLocal was successful */ if (ret == DRBG_SUCCESS) { #ifdef WOLFSSL_CHECK_MEM_ZERO diff --git a/wrapper/rust/Makefile b/wrapper/rust/Makefile index 73bd658e5a..dec76d4b05 100644 --- a/wrapper/rust/Makefile +++ b/wrapper/rust/Makefile @@ -6,6 +6,10 @@ all: test: +$(MAKE) -C wolfssl-wolfcrypt test +.PHONY: testfips +testfips: + +$(MAKE) -C wolfssl-wolfcrypt testfips + .PHONY: clean clean: +$(MAKE) -C wolfssl-wolfcrypt clean diff --git a/wrapper/rust/wolfssl-wolfcrypt/Makefile b/wrapper/rust/wolfssl-wolfcrypt/Makefile index 3944a1971b..7cda418962 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/Makefile +++ b/wrapper/rust/wolfssl-wolfcrypt/Makefile @@ -6,7 +6,11 @@ all: .PHONY: test test: - cargo test + cargo test -- --test-threads=1 + +.PHONY: testfips +testfips: + cargo test --lib --bins --tests -- --test-threads=1 .PHONY: clean clean: diff --git a/wrapper/rust/wolfssl-wolfcrypt/build.rs b/wrapper/rust/wolfssl-wolfcrypt/build.rs index 608c100e27..9580b1608b 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/build.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/build.rs @@ -19,6 +19,7 @@ fn main() { /// Returns `Ok(())` if successful, or an error if any step fails. fn run_build() -> Result<()> { generate_bindings()?; + generate_fips_aliases()?; setup_wolfssl_link()?; scan_cfg()?; Ok(()) @@ -64,6 +65,79 @@ fn generate_bindings() -> Result<()> { }) } +/// Generate FIPS symbol aliases. +/// +/// Since Rust can't use fips.h's #defines which map the "regular" wc function +/// name to the _fips variant, and since bindgen has only seen the _fips +/// variant, we will generate aliases that allow the non-_fips variant function +/// name to be called without the _fips prefix by Rust sources in a manner +/// similar to which C sources would be able to call the non-_fips variant +/// function name. +/// +/// Returns `Ok(())` if successful, or an error if generation fails. +fn generate_fips_aliases() -> Result<()> { + let binding = read_file(bindings_path())?; + let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); + let aliases_path = out_dir.join("fips_aliases.rs"); + + let mut aliases = String::new(); + + // Find all _fips symbol names + let fips_sym_re = Regex::new(r"pub fn (wc_\w+)_fips\s*\(").unwrap(); + + for cap in fips_sym_re.captures_iter(&binding) { + let mut base_name = &cap[1]; + let fips_name = format!("{}_fips", base_name); + + // Exception mappings: (standard_name, fips_name) + // For cases where FIPS name doesn't follow the simple _fips pattern + let exceptions: &[(&str, &str)] = &[ + // _ex suffix changed to Ex before _fips + ("wc_InitRsaKey_ex", "wc_InitRsaKeyEx_fips"), + ("wc_RsaPublicEncrypt_ex", "wc_RsaPublicEncryptEx_fips"), + ("wc_RsaPrivateDecryptInline_ex", "wc_RsaPrivateDecryptInlineEx_fips"), + ("wc_RsaPrivateDecrypt_ex", "wc_RsaPrivateDecryptEx_fips"), + ("wc_RsaPSS_Sign_ex", "wc_RsaPSS_SignEx_fips"), + ("wc_RsaPSS_VerifyInline_ex", "wc_RsaPSS_VerifyInlineEx_fips"), + ("wc_RsaPSS_Verify_ex", "wc_RsaPSS_VerifyEx_fips"), + ("wc_RsaPSS_CheckPadding_ex", "wc_RsaPSS_CheckPaddingEx_fips"), + ("wc_DhSetKey_ex", "wc_DhSetKeyEx_fips"), + ("wc_DhCheckPubKey_ex", "wc_DhCheckPubKeyEx_fips"), + ("wc_DhCheckPrivKey_ex", "wc_DhCheckPrivKeyEx_fips"), + + // Name change + ("wc_PRF_TLS", "wc_PRF_TLSv12_fips"), + ]; + + // Handle exceptions + for (exc_base_name, exc_fips_name) in exceptions { + if fips_name == *exc_fips_name { + base_name = exc_base_name; + break; + } + } + + // Check if the non-_fips version exists in bindings + let non_fips_pattern = format!(r"pub fn {}\s*\(", regex::escape(base_name)); + let non_fips_re = Regex::new(&non_fips_pattern).unwrap(); + + if non_fips_re.is_match(&binding) { + // Add any new known names defined with both a _fips suffix and not + // here. Warn if any new ones are discovered. + if base_name != "wc_AesGcmEncrypt" { + println!("cargo:warning=Skipping FIPS symbols alias for {}", base_name); + } + } else { + // Only alias if the base name doesn't already exist + aliases.push_str(&format!("pub use {} as {};\n", fips_name, base_name)); + } + } + + fs::write(&aliases_path, aliases)?; + + Ok(()) +} + /// Instruct cargo to link against wolfssl C library /// /// Returns `Ok(())` if successful, or an error if any step fails. @@ -93,7 +167,7 @@ fn read_file(path: String) -> Result { } fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) { - let pattern = format!(r"\b{}\b", function_name); + let pattern = format!(r"\b{}(_fips)?\b", function_name); let re = match Regex::new(&pattern) { Ok(r) => r, Err(e) => { @@ -181,6 +255,9 @@ fn scan_cfg() -> Result<()> { check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify"); check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify"); + /* fips */ + check_cfg(&binding, "wc_SetSeed_Cb_fips", "fips"); + /* hkdf */ check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf"); @@ -213,6 +290,8 @@ fn scan_cfg() -> Result<()> { check_cfg(&binding, "wc_InitSha256", "sha256"); check_cfg(&binding, "wc_InitSha384", "sha384"); check_cfg(&binding, "wc_InitSha512", "sha512"); + check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_224", "sha512_224"); + check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_256", "sha512_256"); check_cfg(&binding, "wc_InitSha3_224", "sha3"); check_cfg(&binding, "wc_InitShake128", "shake128"); check_cfg(&binding, "wc_InitShake256", "shake256"); diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs index a6c35c493a..2965cca3ae 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs @@ -711,7 +711,7 @@ impl ECC { } let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; let priv_size = priv_buf.len() as u32; - let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()}; + let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()}; let pub_size = pub_buf.len() as u32; let rc = unsafe { sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size, @@ -785,7 +785,7 @@ impl ECC { } let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; let priv_size = priv_buf.len() as u32; - let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()}; + let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()}; let pub_size = pub_buf.len() as u32; let rc = unsafe { sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size, diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs b/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs new file mode 100644 index 0000000000..b77b93f5c3 --- /dev/null +++ b/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs @@ -0,0 +1,34 @@ +#![cfg(fips)] + +use crate::sys; + +/// Enables or disables the ability to read private key data in FIPS mode. +/// +/// In FIPS mode, private keys are protected and cannot be read by default. +/// This function allows temporarily enabling private key reads for operations +/// that require access to the raw key material, such as key export or backup. +/// +/// # Arguments +/// +/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable. +/// +/// # Returns +/// +/// * `Ok(())` - The operation succeeded. +/// * `Err(i32)` - The operation failed, returning the wolfSSL error code. +/// +/// # Note +/// +/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key +/// reading should be disabled again after the required operation is complete +/// to maintain FIPS compliance. +pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> { + let rc = unsafe { + sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL) + }; + if rc != 0 { + Err(rc) + } else { + Ok(()) + } +} diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs b/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs index 5c93c200c2..31505aa647 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs @@ -38,7 +38,9 @@ impl HMAC { pub const TYPE_SHA: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA as i32; pub const TYPE_SHA256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA256 as i32; pub const TYPE_SHA512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512 as i32; + #[cfg(sha512_224)] pub const TYPE_SHA512_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224 as i32; + #[cfg(sha512_256)] pub const TYPE_SHA512_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256 as i32; pub const TYPE_SHA384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA384 as i32; pub const TYPE_SHA224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA224 as i32; diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs b/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs index dfeef39b7f..b3f35822fd 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs @@ -30,6 +30,7 @@ pub mod dh; pub mod ecc; pub mod ed25519; pub mod ed448; +pub mod fips; pub mod hkdf; pub mod hmac; pub mod kdf; diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/random.rs b/wrapper/rust/wolfssl-wolfcrypt/src/random.rs index 9e12a5f376..d577cb7ffb 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/random.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/random.rs @@ -87,6 +87,15 @@ impl RNG { /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL /// library return code on failure. pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { + #[cfg(fips)] + { + let rc = unsafe { + sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed)) + }; + if rc != 0 { + return Err(rc); + } + } let mut rng: MaybeUninit = MaybeUninit::uninit(); let heap = match heap { Some(heap) => heap, @@ -137,6 +146,15 @@ impl RNG { /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL /// library return code on failure. pub fn new_with_nonce_ex(nonce: &mut [T], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { + #[cfg(fips)] + { + let rc = unsafe { + sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed)) + }; + if rc != 0 { + return Err(rc); + } + } let ptr = nonce.as_mut_ptr() as *mut u8; let size: u32 = size_of_val(nonce) as u32; let mut rng: MaybeUninit = MaybeUninit::uninit(); diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs b/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs index 8b8d44f3f6..d1a2c17d37 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs @@ -100,7 +100,9 @@ impl RSA { pub const HASH_TYPE_SHA3_512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512; pub const HASH_TYPE_BLAKE2B : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2B; pub const HASH_TYPE_BLAKE2S : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2S; + #[cfg(sha512_224)] pub const HASH_TYPE_SHA512_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224; + #[cfg(sha512_256)] pub const HASH_TYPE_SHA512_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256; #[cfg(shake128)] pub const HASH_TYPE_SHAKE128 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE128; diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs b/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs index 3ab98816b7..5b90a342f9 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs @@ -14,3 +14,6 @@ #![allow(unnecessary_transmutes)] #![allow(unsafe_op_in_unsafe_fn)] include!(concat!(env!("OUT_DIR"), "/bindings.rs")); + +/* Include generated FIPS symbol aliases. */ +include!(concat!(env!("OUT_DIR"), "/fips_aliases.rs")); diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs new file mode 100644 index 0000000000..8d191ed97b --- /dev/null +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs @@ -0,0 +1,12 @@ +#[cfg(fips)] +fn setup_fips() +{ + use wolfssl_wolfcrypt::fips; + fips::set_private_key_read_enable(1).expect("Error with set_private_key_read_enable()"); +} + +pub fn setup() +{ + #[cfg(fips)] + setup_fips(); +} diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs index 7cd15f3670..522a875cc2 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs @@ -780,41 +780,39 @@ fn test_xts_consecutive_sectors() { #[cfg(aes_xts_stream)] fn test_xtsstream() { let keys: [u8; 32] = [ - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76, + 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0, + 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa, + 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16 ]; let tweak: [u8; 16] = [ - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, + 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 ]; - let plain: [u8; 40] = [ - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + let plain: [u8; 32] = [ + 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, + 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, + 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, + 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 ]; - let expected_cipher: [u8; 40] = [ - 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, - 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, - 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, - 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, - 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD + let expected_cipher: [u8; 32] = [ + 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e, + 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23, + 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e, + 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 ]; let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()"); - let mut cipher: [u8; 40] = [0; 40]; + let mut cipher: [u8; 32] = [0; 32]; xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()"); - xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()"); + xtsstream.encrypt_final(&plain[16..32], &mut cipher[16..32]).expect("Error with encrypt_final()"); assert_eq!(cipher, expected_cipher); xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 40] = [0; 40]; + let mut plain_out: [u8; 32] = [0; 32]; xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()"); - xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()"); + xtsstream.decrypt_final(&cipher[16..32], &mut plain_out[16..32]).expect("Error with decrypt_final()"); assert_eq!(plain_out, plain); } diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs index 99094e658b..1135954e32 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs @@ -1,5 +1,7 @@ #![cfg(dh)] +mod common; + #[cfg(any(all(dh_keygen, dh_ffdhe_2048), random))] use wolfssl_wolfcrypt::dh::DH; #[cfg(random)] @@ -31,6 +33,7 @@ fn test_dh_named_parameters() { #[test] #[cfg(all(dh_keygen, random))] fn test_generate_params() { + common::setup(); let mut rng = RNG::new().expect("Error with RNG::new()"); let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()"); @@ -75,6 +78,7 @@ fn test_generate_key_pair() { #[test] #[cfg(random)] fn test_dh_checks() { + common::setup(); let p = [ 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs index c828ab0540..82f5369fbe 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs @@ -1,5 +1,7 @@ #![cfg(ecc)] +mod common; + #[cfg(any(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random), random))] use std::fs; use wolfssl_wolfcrypt::ecc::*; @@ -128,6 +130,8 @@ fn test_ecc_import_export_sign_verify() { #[test] #[cfg(all(ecc_dh, random))] fn test_ecc_shared_secret() { + common::setup(); + let mut rng = RNG::new().expect("Failed to create RNG"); let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); @@ -152,6 +156,8 @@ fn test_ecc_shared_secret() { #[test] #[cfg(all(ecc_export, random))] fn test_ecc_export() { + common::setup(); + let mut rng = RNG::new().expect("Failed to create RNG"); let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); let mut qx = [0u8; 32]; @@ -166,6 +172,8 @@ fn test_ecc_export() { #[test] #[cfg(all(ecc_export, random))] fn test_ecc_export_ex() { + common::setup(); + let mut rng = RNG::new().expect("Failed to create RNG"); let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); let mut qx = [0u8; 32]; @@ -180,6 +188,8 @@ fn test_ecc_export_ex() { #[test] #[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] fn test_ecc_import_export_private() { + common::setup(); + let mut rng = RNG::new().expect("Failed to create RNG"); let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); let hash = [0x42u8; 32]; @@ -204,6 +214,8 @@ fn test_ecc_import_export_private() { #[test] #[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] fn test_ecc_import_export_private_ex() { + common::setup(); + let mut rng = RNG::new().expect("Failed to create RNG"); let curve_id = ECC::SECP256R1; let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); @@ -242,6 +254,8 @@ fn test_ecc_export_public() { #[test] #[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] fn test_ecc_import_unsigned() { + common::setup(); + let mut rng = RNG::new().expect("Failed to create RNG"); let curve_id = ECC::SECP256R1; let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs index a61f132e0f..8c7e225c28 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs @@ -1,11 +1,15 @@ #![cfg(ed25519)] +mod common; + use wolfssl_wolfcrypt::random::RNG; use wolfssl_wolfcrypt::ed25519::*; #[test] #[cfg(all(ed25519_import, ed25519_export))] fn test_make_public() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); let mut private = [0u8; Ed25519::KEY_SIZE]; @@ -210,6 +214,8 @@ fn test_ph_sign_verify() { #[test] #[cfg(all(ed25519_import, ed25519_export))] fn test_import_export() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs index 2bd5582fc5..d0f7186f12 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs @@ -1,11 +1,15 @@ #![cfg(ed448)] +mod common; + use wolfssl_wolfcrypt::random::RNG; use wolfssl_wolfcrypt::ed448::*; #[test] #[cfg(all(ed448_import, ed448_export))] fn test_make_public() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); let ed = Ed448::generate(&mut rng).expect("Error with generate()"); let mut private = [0u8; Ed448::KEY_SIZE]; @@ -214,6 +218,8 @@ fn test_ph_sign_verify() { #[test] #[cfg(all(ed448_import, ed448_export))] fn test_import_export() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); let ed = Ed448::generate(&mut rng).expect("Error with generate()"); diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs index 44b25580d0..e2b1e340c4 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs @@ -1,11 +1,15 @@ #![cfg(hkdf)] +mod common; + use wolfssl_wolfcrypt::hkdf::*; use wolfssl_wolfcrypt::hmac::HMAC; use wolfssl_wolfcrypt::sha::SHA256; #[test] fn test_hkdf_extract_expand() { + common::setup(); + let ikm = b"MyPassword0"; let salt = b"12345678ABCDEFGH"; let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; @@ -26,6 +30,8 @@ fn test_hkdf_extract_expand() { #[test] fn test_hkdf_one_shot() { + common::setup(); + let ikm = b"MyPassword0"; let salt = b"12345678ABCDEFGH"; let info = b"0"; diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs index e540a5244a..a91edc1eee 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs @@ -1,5 +1,7 @@ #![cfg(any(kdf_srtp, all(hmac, any(kdf_pbkdf2, kdf_ssh, kdf_tls13))))] +mod common; + #[cfg(all(hmac, any(kdf_pbkdf2, kdf_tls13)))] use wolfssl_wolfcrypt::hmac::HMAC; use wolfssl_wolfcrypt::kdf::*; @@ -9,6 +11,8 @@ use wolfssl_wolfcrypt::sha::SHA256; #[test] #[cfg(all(hmac, kdf_pbkdf2))] fn test_pbkdf2() { + common::setup(); + let password = b"passwordpassword"; let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; let iterations = 2048; @@ -50,6 +54,8 @@ fn test_pkcs12_pbkdf() { #[test] #[cfg(all(hmac, kdf_tls13))] fn test_tls13_hkdf_extract_expand() { + common::setup(); + let hash_hello1 = [ 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, @@ -84,6 +90,8 @@ fn test_tls13_hkdf_extract_expand() { #[test] #[cfg(all(hmac, kdf_ssh))] fn test_ssh_kdf() { + common::setup(); + let ssh_kdf_set3_k = [ 0x6Au8, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1, 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64, @@ -146,6 +154,8 @@ fn test_ssh_kdf() { #[test] #[cfg(kdf_srtp)] fn test_srtp_kdf() { + common::setup(); + let key = [ 0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 @@ -194,6 +204,8 @@ fn test_srtp_kdf() { #[test] #[cfg(kdf_srtp)] fn test_srtcp_kdf() { + common::setup(); + let key = [ 0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs index 511a8a07ef..9bbbc78d9e 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs @@ -1,9 +1,13 @@ #![cfg(all(prf, sha384))] +mod common; + use wolfssl_wolfcrypt::prf::*; #[test] fn test_prf() { + common::setup(); + let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs index 7ab9aaf9ab..b8d19cfaec 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs @@ -1,5 +1,7 @@ #![cfg(rsa)] +mod common; + #[cfg(any(all(sha256, random, rsa_pss), random, rsa_direct))] use std::fs; #[cfg(random)] @@ -10,6 +12,8 @@ use wolfssl_wolfcrypt::rsa::*; #[test] #[cfg(rsa_keygen)] fn test_rsa_generate() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); rsa.check().expect("Error with check()");