Added interoperability test against wolfSSL master

.github/workflows/wolfssl-master-compatibility.yml

@@ -0,0 +1,32 @@
+name: wolfPKCS11 interoperability tests against wolfSSL upstream
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+  schedule:
+    - cron: "0 1 * * *"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+#pull wolfPKCS11
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+
+#setup wolfssl at master branch
+    - uses: actions/checkout@v4
+      with:
+        repository: wolfssl/wolfssl
+        ref: master
+        path: wolfssl
+
+# build + run tests
+    - name: Build and run interoperability test
+      working-directory: ./
+      run: make -C tests/wolfssl-interoperability
+
+

tests/testdata.h

@@ -422,6 +422,124 @@ static const int sizeof_dh_2048_exp = sizeof(dh_2048_exp);
 #endif
 
 #ifndef NO_AES
+/* NIST SP 800-38D, Test Case 4 */
+static const unsigned char aes_gcm_key[16] = {
+    0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
+    0x6D, 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x08
+};
+static const unsigned char aes_gcm_iv[12] = {
+    0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, 0xDB, 0xAD,
+    0xDE, 0xCA, 0xF8, 0x88
+};
+static const unsigned char aes_gcm_plain[32] = {
+    0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x06, 0xE5,
+    0xA5, 0x59, 0x09, 0xC5, 0xAF, 0xF5, 0x26, 0x9A,
+    0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA,
+    0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72
+};
+static const unsigned char aes_gcm_aad[] = {
+    0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
+    0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
+    0xAB, 0xAD, 0xDA, 0xD2
+};
+static const unsigned char aes_gcm_cipher[32] = {
+    0x42, 0x83, 0x1E, 0xC2, 0x21, 0x77, 0x74, 0x24,
+    0x4B, 0x72, 0x21, 0xB7, 0x84, 0xD0, 0xD4, 0x9C,
+    0xE3, 0xAA, 0x21, 0x2F, 0x2C, 0x02, 0xA4, 0xE0,
+    0x35, 0xC1, 0x7E, 0x23, 0x29, 0xAC, 0xA1, 0x2E
+};
+static const unsigned char aes_gcm_tag[16] = {
+    0xE1, 0x3E, 0x14, 0x34, 0x28, 0x5A, 0x94, 0x26,
+    0xAD, 0xDF, 0xBF, 0xC2, 0x70, 0xD2, 0x7F, 0x16
+};
+
+static const unsigned char aes_cbc_key[16] = {
+    0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+    0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
+};
+static const unsigned char aes_cbc_iv[16] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
+static const unsigned char aes_cbc_plain[16] = {
+    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
+};
+static const unsigned char aes_cbc_cipher[16] = {
+    0x76, 0x49, 0xAB, 0xAC, 0x81, 0x19, 0xB2, 0x46,
+    0xCE, 0xE9, 0x8E, 0x9B, 0x12, 0xE9, 0x19, 0x7D
+};
+
+static const unsigned char aes_cbc256_key[32] = {
+    0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+    0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+    0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+    0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
+};
+static const unsigned char aes_cbc256_iv[16] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
+static const unsigned char aes_cbc256_cipher[16] = {
+    0xF5, 0x8C, 0x4C, 0x04, 0xD6, 0xE5, 0xF1, 0xBA,
+    0x77, 0x9E, 0xAB, 0xFB, 0x5F, 0x7B, 0xFB, 0xD6
+};
+
+static const unsigned char aes_ctr_key[16] = {
+    0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+    0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
+};
+static const unsigned char aes_ctr_iv[16] = {
+    0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+    0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+};
+static const unsigned char aes_ctr_plain[16] = {
+    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
+};
+static const unsigned char aes_ctr_cipher[16] = {
+    0x87, 0x4D, 0x61, 0x91, 0xB6, 0x20, 0xE3, 0x26,
+    0x1B, 0xEF, 0x68, 0x64, 0x99, 0x0D, 0xB6, 0xCE
+};
+
+static const unsigned char aes_ctr256_key[32] = {
+    0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+    0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+    0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+    0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
+};
+static const unsigned char aes_ctr256_iv[16] = {
+    0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+    0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+};
+static const unsigned char aes_ctr256_cipher[16] = {
+    0x60, 0x1E, 0xC3, 0x13, 0x77, 0x57, 0x89, 0xA5,
+    0xB7, 0xA7, 0xF5, 0x04, 0xBB, 0xF3, 0xD2, 0x28
+};
+
+static const unsigned char aes_xts_key[32] = {
+    0x39, 0x25, 0x79, 0x05, 0xDF, 0xCC, 0x77, 0x76,
+    0x6C, 0x87, 0x0A, 0x80, 0x6A, 0x60, 0xE3, 0xC0,
+    0x93, 0xD1, 0x2A, 0xCF, 0xCB, 0x51, 0x42, 0xFA,
+    0x09, 0x69, 0x89, 0x62, 0x5B, 0x60, 0xDB, 0x16
+};
+static const unsigned char aes_xts_tweak[16] = {
+    0x5C, 0xF7, 0x9D, 0xB6, 0xC5, 0xCD, 0x99, 0x1A,
+    0x1C, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1E, 0x84
+};
+static const unsigned char aes_xts_plain[32] = {
+    0xBD, 0xC5, 0x46, 0x8F, 0xBC, 0x8D, 0x50, 0xA1,
+    0x0D, 0x1C, 0x85, 0x7F, 0x79, 0x1C, 0x5C, 0xBA,
+    0xB3, 0x81, 0x0D, 0x0D, 0x73, 0xCF, 0x8F, 0x20,
+    0x46, 0xB1, 0xD1, 0x9E, 0x7D, 0x5D, 0x8A, 0x56
+};
+static const unsigned char aes_xts_cipher[32] = {
+    0xD6, 0xBE, 0x04, 0x6D, 0x41, 0xF2, 0x3B, 0x5E,
+    0xD7, 0x0B, 0x6B, 0x3D, 0x5C, 0x8E, 0x66, 0x23,
+    0x2B, 0xE6, 0xB8, 0x07, 0xD4, 0xDC, 0xC6, 0x0E,
+    0xFF, 0x8D, 0xBC, 0x1D, 0x9F, 0x7F, 0xC8, 0x22
+};
+
 static unsigned char aes_128_key[] = {
     0xf7, 0x88, 0x9e, 0x9a, 0x5f, 0xe2, 0xaa, 0xca,
     0xba, 0x14, 0x8a, 0xd3, 0xd1, 0x2d, 0x39, 0xe0,
@@ -472,6 +590,61 @@ static unsigned char aes_128_cts_exp[] = {
 #endif
 #endif
 
+static const unsigned char hmac_key[20] = {
+    0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B,
+    0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B,
+    0x0B, 0x0B, 0x0B, 0x0B
+};
+static const unsigned char hmac_msg[] = {
+    'H', 'i', ' ', 'T', 'h', 'e', 'r', 'e'
+};
+static const unsigned char hmac_digest[32] = {
+    0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
+    0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
+    0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
+    0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7
+};
+
+static const unsigned char sha_test_msg[] = { 'a', 'b', 'c' };
+static const unsigned char sha224_expected[] = {
+    0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
+    0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
+    0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
+    0xE3, 0x6C, 0x9D, 0xA7
+};
+static const unsigned char sha256_expected[] = {
+    0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
+    0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
+    0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
+    0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD
+};
+static const unsigned char sha384_expected[] = {
+    0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
+    0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
+    0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
+    0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
+    0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
+    0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7
+};
+static const unsigned char sha512_expected[] = {
+    0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
+    0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
+    0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
+    0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
+    0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
+    0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
+    0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
+    0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F
+};
+#ifdef WOLFSSL_SHA3
+static const unsigned char sha3_256_expected[] = {
+    0x3A, 0x98, 0x5D, 0xA7, 0x4F, 0xE2, 0x25, 0xB2,
+    0x04, 0x5C, 0x17, 0x2D, 0x6B, 0xD3, 0x90, 0xBD,
+    0x85, 0x5F, 0x08, 0x6E, 0x3E, 0x9D, 0x52, 0x5B,
+    0x46, 0xBF, 0xE2, 0x45, 0x11, 0x43, 0x15, 0x32
+};
+#endif /* WOLFSSL_SHA3 */
+
 
 #ifndef WOLFPKCS11_NO_ENV
 #include <stdio.h>

tests/wolfssl-interoperability/Makefile

@@ -0,0 +1,105 @@
+CC ?= gcc
+AR ?= ar
+CFLAGS ?= -O2 -g
+CFLAGS += -Wall -Wextra -Wno-unused-parameter -fPIC
+LDFLAGS ?=
+LDLIBS ?=
+LDLIBS += -ldl -lpthread -lm
+WOLFSSL_DIR ?= ../../wolfssl
+WOLFPKCS11_DIR ?= ../..
+
+BUILD_DIR := build
+
+COMMON_CPPFLAGS := -DWOLFSSL_USER_SETTINGS -I. -I.. \
+    -I$(WOLFSSL_DIR) -I$(WOLFSSL_DIR)/wolfssl -I$(WOLFSSL_DIR)/wolfssl/wolfcrypt \
+    -I$(WOLFPKCS11_DIR) -I$(WOLFPKCS11_DIR)/wolfpkcs11 -I$(WOLFPKCS11_DIR)/src
+WOLFCRYPT_CPPFLAGS := $(COMMON_CPPFLAGS) -DWOLFSSL_LIB
+ENGINE_CPPFLAGS := $(COMMON_CPPFLAGS) -DBUILDING_WOLFPKCS11 -DDEBUG_WOLFPKCS11
+TEST_CPPFLAGS := $(COMMON_CPPFLAGS)
+
+WOLFCRYPT_SRCS := \
+    $(WOLFSSL_DIR)/wolfcrypt/src/aes.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/asn.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/coding.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/cryptocb.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/des3.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/dsa.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/dh.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/ecc.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/ecc_fp.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/error.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/hash.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/md5.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/hmac.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/integer.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/logging.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/memory.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/random.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/kdf.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/rsa.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/sha.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/sha256.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/sha512.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/sha3.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/signature.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/pwdbased.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/sp_int.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/sp_c32.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/wc_encrypt.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/wc_pkcs11.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/wc_port.c \
+    $(WOLFSSL_DIR)/wolfcrypt/src/wolfmath.c
+
+ENGINE_SRCS := \
+    $(WOLFPKCS11_DIR)/src/internal.c \
+    $(WOLFPKCS11_DIR)/src/wolfpkcs11.c \
+    $(WOLFPKCS11_DIR)/src/slot.c \
+    $(WOLFPKCS11_DIR)/src/crypto.c
+
+TEST_SRCS := pkcs11_interop.c
+
+WOLFCRYPT_OBJS := $(patsubst $(WOLFSSL_DIR)/%.c,$(BUILD_DIR)/wolfssl/%.o,$(WOLFCRYPT_SRCS))
+ENGINE_OBJS := $(patsubst  $(WOLFPKCS11_DIR)/%.c,$(BUILD_DIR)/wolfpkcs11/%.o,$(ENGINE_SRCS))
+TEST_OBJS := $(patsubst %.c,$(BUILD_DIR)/interop-test/%.o,$(TEST_SRCS))
+
+all: test
+
+interop: $(BUILD_DIR)/pkcs11_interop
+
+$(BUILD_DIR)/wolfssl/%.o: $(WOLFSSL_DIR)/%.c
+	@mkdir -p $(dir $@)
+	$(CC) $(CPPFLAGS) $(WOLFCRYPT_CPPFLAGS) $(CFLAGS) -c $< -o $@
+
+$(BUILD_DIR)/wolfpkcs11/%.o: $(WOLFPKCS11_DIR)/%.c
+	@mkdir -p $(dir $@)
+	$(CC) $(CPPFLAGS) $(ENGINE_CPPFLAGS) $(CFLAGS) -c $< -o $@
+
+$(BUILD_DIR)/interop-test/%.o: %.c
+	@mkdir -p $(dir $@)
+	$(CC) $(CPPFLAGS) $(TEST_CPPFLAGS) $(CFLAGS) -c $< -o $@
+
+$(BUILD_DIR)/libwolfcrypt-interop.so: $(WOLFCRYPT_OBJS)
+	@mkdir -p $(dir $@)
+	$(CC) -shared -o $@ $(WOLFCRYPT_OBJS) $(LDFLAGS) $(LDLIBS)
+
+$(BUILD_DIR)/libwolfpkcs11-interop.so: $(ENGINE_OBJS) $(BUILD_DIR)/libwolfcrypt-interop.so
+	@mkdir -p $(dir $@)
+	$(CC) -shared -o $@ $(ENGINE_OBJS) -L$(BUILD_DIR) -lwolfcrypt-interop $(LDFLAGS) $(LDLIBS)
+
+$(BUILD_DIR)/pkcs11_interop: $(TEST_OBJS) $(BUILD_DIR)/libwolfpkcs11-interop.so $(BUILD_DIR)/libwolfcrypt-interop.so
+	$(CC) -o $@ $(TEST_OBJS) -L$(BUILD_DIR) -lwolfpkcs11-interop -lwolfcrypt-interop $(LDFLAGS) $(LDLIBS)
+
+.PHONY: test
+test: $(BUILD_DIR)/pkcs11_interop
+	WOLFPKCS11_MODULE=$(BUILD_DIR)/libwolfpkcs11-interop.so LD_LIBRARY_PATH=$(BUILD_DIR) $(BUILD_DIR)/pkcs11_interop
+debug: $(BUILD_DIR)/pkcs11_interop
+	WOLFPKCS11_MODULE=$(BUILD_DIR)/libwolfpkcs11-interop.so LD_LIBRARY_PATH=$(BUILD_DIR) gdb $(BUILD_DIR)/pkcs11_interop
+
+.PHONY: clean
+clean:
+	rm -rf $(BUILD_DIR)/wolfssl $(BUILD_DIR)/wolfPKCS11 $(BUILD_DIR)/interop-test \
+		$(BUILD_DIR)/libwolfcrypt-interop.so $(BUILD_DIR)/libwolfpkcs11-interop.so \
+		$(BUILD_DIR)/pkcs11_interop
+	rm -rf token-store
+	@# Safely remove build directory, if local
+	rm -rf ./build