cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/tests/api/test_slhdsa.c
raw
1/* test_slhdsa.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#include <tests/unit.h>
23
24#ifdef NO_INLINE
25 #include <wolfssl/wolfcrypt/misc.h>
26#else
27 #define WOLFSSL_MISC_INCLUDED
28 #include <wolfcrypt/src/misc.c>
29#endif
30
31#ifdef WOLFSSL_HAVE_SLHDSA
32 #include <wolfssl/wolfcrypt/wc_slhdsa.h>
33#endif
34#include <wolfssl/wolfcrypt/types.h>
35#include <wolfssl/wolfcrypt/asn.h>
36#include <wolfssl/wolfcrypt/asn_public.h>
37#include <tests/api/api.h>
38#include <tests/api/test_slhdsa.h>
39
40
41#ifdef WOLFSSL_HAVE_SLHDSA
42/* Pick the first available parameter set so tests that just need any one valid
43 * SLH-DSA configuration compile and run in SHAKE-only, SHA-2-only, or mixed
44 * builds. Preference order: SHAKE 128s/f, 192s/f, 256s/f, then the SHA-2
45 * variants in the same order. */
46#if defined(WOLFSSL_SLHDSA_PARAM_128S)
47 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHAKE128S
48 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHAKE128S_SIG_LEN
49 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHAKE128S_PRIV_LEN
50 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHAKE128S_PUB_LEN
51 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHAKE128S_SEED_LEN
52#elif defined(WOLFSSL_SLHDSA_PARAM_128F)
53 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHAKE128F
54 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHAKE128F_SIG_LEN
55 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHAKE128F_PRIV_LEN
56 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHAKE128F_PUB_LEN
57 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHAKE128F_SEED_LEN
58#elif defined(WOLFSSL_SLHDSA_PARAM_192S)
59 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHAKE192S
60 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHAKE192S_SIG_LEN
61 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHAKE192S_PRIV_LEN
62 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHAKE192S_PUB_LEN
63 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHAKE192S_SEED_LEN
64#elif defined(WOLFSSL_SLHDSA_PARAM_192F)
65 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHAKE192F
66 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHAKE192F_SIG_LEN
67 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHAKE192F_PRIV_LEN
68 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHAKE192F_PUB_LEN
69 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHAKE192F_SEED_LEN
70#elif defined(WOLFSSL_SLHDSA_PARAM_256S)
71 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHAKE256S
72 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHAKE256S_SIG_LEN
73 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHAKE256S_PRIV_LEN
74 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHAKE256S_PUB_LEN
75 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHAKE256S_SEED_LEN
76#elif defined(WOLFSSL_SLHDSA_PARAM_256F)
77 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHAKE256F
78 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHAKE256F_SIG_LEN
79 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHAKE256F_PRIV_LEN
80 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHAKE256F_PUB_LEN
81 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHAKE256F_SEED_LEN
82#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S)
83 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHA2_128S
84 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHA2_128S_SIG_LEN
85 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHA2_128S_PRIV_LEN
86 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHA2_128S_PUB_LEN
87 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHA2_128S_SEED_LEN
88#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_128F)
89 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHA2_128F
90 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHA2_128F_SIG_LEN
91 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHA2_128F_PRIV_LEN
92 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHA2_128F_PUB_LEN
93 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHA2_128F_SEED_LEN
94#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_192S)
95 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHA2_192S
96 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHA2_192S_SIG_LEN
97 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHA2_192S_PRIV_LEN
98 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHA2_192S_PUB_LEN
99 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHA2_192S_SEED_LEN
100#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_192F)
101 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHA2_192F
102 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHA2_192F_SIG_LEN
103 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHA2_192F_PRIV_LEN
104 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHA2_192F_PUB_LEN
105 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHA2_192F_SEED_LEN
106#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_256S)
107 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHA2_256S
108 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHA2_256S_SIG_LEN
109 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHA2_256S_PRIV_LEN
110 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHA2_256S_PUB_LEN
111 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHA2_256S_SEED_LEN
112#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_256F)
113 #define TEST_SLHDSA_DEFAULT_PARAM SLHDSA_SHA2_256F
114 #define TEST_SLHDSA_DEFAULT_SIG_LEN WC_SLHDSA_SHA2_256F_SIG_LEN
115 #define TEST_SLHDSA_DEFAULT_PRIV_LEN WC_SLHDSA_SHA2_256F_PRIV_LEN
116 #define TEST_SLHDSA_DEFAULT_PUB_LEN WC_SLHDSA_SHA2_256F_PUB_LEN
117 #define TEST_SLHDSA_DEFAULT_SEED_LEN WC_SLHDSA_SHA2_256F_SEED_LEN
118#endif
119#endif /* WOLFSSL_HAVE_SLHDSA */
120
121
122/*
123 * Test basic init/free and NULL parameter handling for SLH-DSA key operations.
124 */
125int test_wc_slhdsa(void)
126{
127 EXPECT_DECLS;
128#ifdef WOLFSSL_HAVE_SLHDSA
129 /* `key` is only used by the per-variant Init/Free blocks below, so
130 * gate its declaration on the same precondition (at least one
131 * parameter set compiled in) to avoid -Wunused-variable when SLH-DSA
132 * is enabled but no params are. */
133#ifdef TEST_SLHDSA_DEFAULT_PARAM
134 SlhDsaKey key;
135
136 /* Test NULL parameter handling for init. Use whichever variant the
137 * build actually has so a SHA-2-only build doesn't pass a SHAKE param
138 * id and conflate BAD_FUNC_ARG (NULL key) with NOT_COMPILED_IN
139 * (variant disabled). */
140 ExpectIntEQ(wc_SlhDsaKey_Init(NULL, TEST_SLHDSA_DEFAULT_PARAM, NULL,
141 INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
142#endif
143
144 /* Test wc_SlhDsaKey_Free with NULL - should not crash. */
145 wc_SlhDsaKey_Free(NULL);
146
147 /* Test valid init for each supported parameter set. Each block zeros
148 * `key` first so a future regression where wc_SlhDsaKey_Free leaves
149 * a residual field set cannot be papered over by the next Init's
150 * partial reinitialisation. */
151#ifdef WOLFSSL_SLHDSA_PARAM_128S
152 XMEMSET(&key, 0, sizeof(key));
153 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID),
154 0);
155 wc_SlhDsaKey_Free(&key);
156#endif
157#ifdef WOLFSSL_SLHDSA_PARAM_128F
158 XMEMSET(&key, 0, sizeof(key));
159 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID),
160 0);
161 wc_SlhDsaKey_Free(&key);
162#endif
163#ifdef WOLFSSL_SLHDSA_PARAM_192S
164 XMEMSET(&key, 0, sizeof(key));
165 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID),
166 0);
167 wc_SlhDsaKey_Free(&key);
168#endif
169#ifdef WOLFSSL_SLHDSA_PARAM_192F
170 XMEMSET(&key, 0, sizeof(key));
171 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID),
172 0);
173 wc_SlhDsaKey_Free(&key);
174#endif
175#ifdef WOLFSSL_SLHDSA_PARAM_256S
176 XMEMSET(&key, 0, sizeof(key));
177 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID),
178 0);
179 wc_SlhDsaKey_Free(&key);
180#endif
181#ifdef WOLFSSL_SLHDSA_PARAM_256F
182 XMEMSET(&key, 0, sizeof(key));
183 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID),
184 0);
185 wc_SlhDsaKey_Free(&key);
186#endif
187#ifdef WOLFSSL_SLHDSA_SHA2
188#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
189 XMEMSET(&key, 0, sizeof(key));
190 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128S, NULL, INVALID_DEVID),
191 0);
192 wc_SlhDsaKey_Free(&key);
193#endif
194#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
195 XMEMSET(&key, 0, sizeof(key));
196 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128F, NULL, INVALID_DEVID),
197 0);
198 wc_SlhDsaKey_Free(&key);
199#endif
200#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
201 XMEMSET(&key, 0, sizeof(key));
202 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192S, NULL, INVALID_DEVID),
203 0);
204 wc_SlhDsaKey_Free(&key);
205#endif
206#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
207 XMEMSET(&key, 0, sizeof(key));
208 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192F, NULL, INVALID_DEVID),
209 0);
210 wc_SlhDsaKey_Free(&key);
211#endif
212#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
213 XMEMSET(&key, 0, sizeof(key));
214 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256S, NULL, INVALID_DEVID),
215 0);
216 wc_SlhDsaKey_Free(&key);
217#endif
218#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
219 XMEMSET(&key, 0, sizeof(key));
220 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256F, NULL, INVALID_DEVID),
221 0);
222 wc_SlhDsaKey_Free(&key);
223#endif
224#endif /* WOLFSSL_SLHDSA_SHA2 */
225
226#endif /* WOLFSSL_HAVE_SLHDSA */
227 return EXPECT_RESULT();
228}
229
230/*
231 * Test size functions for SLH-DSA.
232 */
233int test_wc_slhdsa_sizes(void)
234{
235 EXPECT_DECLS;
236#ifdef WOLFSSL_HAVE_SLHDSA
237 /* See test_wc_slhdsa() for the rationale on this guard. */
238#ifdef TEST_SLHDSA_DEFAULT_PARAM
239 SlhDsaKey key;
240#endif
241
242 /* Test NULL parameter handling for size functions. */
243#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
244 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
245#endif
246 ExpectIntEQ(wc_SlhDsaKey_PublicSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
247 ExpectIntEQ(wc_SlhDsaKey_SigSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
248
249 /* Test sizes for each parameter set. */
250#ifdef WOLFSSL_SLHDSA_PARAM_128S
251 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID),
252 0);
253#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
254 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE128S_PRIV_LEN);
255#endif
256 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE128S_PUB_LEN);
257 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE128S_SIG_LEN);
258 wc_SlhDsaKey_Free(&key);
259
260#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
261 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE128S),
262 WC_SLHDSA_SHAKE128S_PRIV_LEN);
263#endif
264 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE128S),
265 WC_SLHDSA_SHAKE128S_PUB_LEN);
266 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE128S),
267 WC_SLHDSA_SHAKE128S_SIG_LEN);
268#endif
269
270#ifdef WOLFSSL_SLHDSA_PARAM_128F
271 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID),
272 0);
273#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
274 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE128F_PRIV_LEN);
275#endif
276 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE128F_PUB_LEN);
277 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE128F_SIG_LEN);
278 wc_SlhDsaKey_Free(&key);
279
280#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
281 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE128F),
282 WC_SLHDSA_SHAKE128F_PRIV_LEN);
283#endif
284 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE128F),
285 WC_SLHDSA_SHAKE128F_PUB_LEN);
286 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE128F),
287 WC_SLHDSA_SHAKE128F_SIG_LEN);
288#endif
289
290#ifdef WOLFSSL_SLHDSA_PARAM_192S
291 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID),
292 0);
293#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
294 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE192S_PRIV_LEN);
295#endif
296 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE192S_PUB_LEN);
297 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE192S_SIG_LEN);
298 wc_SlhDsaKey_Free(&key);
299
300#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
301 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE192S),
302 WC_SLHDSA_SHAKE192S_PRIV_LEN);
303#endif
304 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE192S),
305 WC_SLHDSA_SHAKE192S_PUB_LEN);
306 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE192S),
307 WC_SLHDSA_SHAKE192S_SIG_LEN);
308#endif
309
310#ifdef WOLFSSL_SLHDSA_PARAM_192F
311 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID),
312 0);
313#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
314 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE192F_PRIV_LEN);
315#endif
316 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE192F_PUB_LEN);
317 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE192F_SIG_LEN);
318 wc_SlhDsaKey_Free(&key);
319
320#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
321 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE192F),
322 WC_SLHDSA_SHAKE192F_PRIV_LEN);
323#endif
324 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE192F),
325 WC_SLHDSA_SHAKE192F_PUB_LEN);
326 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE192F),
327 WC_SLHDSA_SHAKE192F_SIG_LEN);
328#endif
329
330#ifdef WOLFSSL_SLHDSA_PARAM_256S
331 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID),
332 0);
333#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
334 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE256S_PRIV_LEN);
335#endif
336 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE256S_PUB_LEN);
337 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE256S_SIG_LEN);
338 wc_SlhDsaKey_Free(&key);
339
340#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
341 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE256S),
342 WC_SLHDSA_SHAKE256S_PRIV_LEN);
343#endif
344 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE256S),
345 WC_SLHDSA_SHAKE256S_PUB_LEN);
346 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE256S),
347 WC_SLHDSA_SHAKE256S_SIG_LEN);
348#endif
349
350#ifdef WOLFSSL_SLHDSA_PARAM_256F
351 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID),
352 0);
353#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
354 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE256F_PRIV_LEN);
355#endif
356 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE256F_PUB_LEN);
357 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE256F_SIG_LEN);
358 wc_SlhDsaKey_Free(&key);
359
360#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
361 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE256F),
362 WC_SLHDSA_SHAKE256F_PRIV_LEN);
363#endif
364 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE256F),
365 WC_SLHDSA_SHAKE256F_PUB_LEN);
366 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE256F),
367 WC_SLHDSA_SHAKE256F_SIG_LEN);
368#endif
369
370#ifdef WOLFSSL_SLHDSA_SHA2
371#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
372 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128S, NULL, INVALID_DEVID),
373 0);
374#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
375 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHA2_128S_PRIV_LEN);
376#endif
377 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHA2_128S_PUB_LEN);
378 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHA2_128S_SIG_LEN);
379 wc_SlhDsaKey_Free(&key);
380
381#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
382 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHA2_128S),
383 WC_SLHDSA_SHA2_128S_PRIV_LEN);
384#endif
385 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHA2_128S),
386 WC_SLHDSA_SHA2_128S_PUB_LEN);
387 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHA2_128S),
388 WC_SLHDSA_SHA2_128S_SIG_LEN);
389#endif
390
391#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
392 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128F, NULL, INVALID_DEVID),
393 0);
394#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
395 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHA2_128F_PRIV_LEN);
396#endif
397 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHA2_128F_PUB_LEN);
398 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHA2_128F_SIG_LEN);
399 wc_SlhDsaKey_Free(&key);
400
401#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
402 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHA2_128F),
403 WC_SLHDSA_SHA2_128F_PRIV_LEN);
404#endif
405 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHA2_128F),
406 WC_SLHDSA_SHA2_128F_PUB_LEN);
407 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHA2_128F),
408 WC_SLHDSA_SHA2_128F_SIG_LEN);
409#endif
410
411#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
412 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192S, NULL, INVALID_DEVID),
413 0);
414#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
415 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHA2_192S_PRIV_LEN);
416#endif
417 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHA2_192S_PUB_LEN);
418 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHA2_192S_SIG_LEN);
419 wc_SlhDsaKey_Free(&key);
420
421#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
422 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHA2_192S),
423 WC_SLHDSA_SHA2_192S_PRIV_LEN);
424#endif
425 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHA2_192S),
426 WC_SLHDSA_SHA2_192S_PUB_LEN);
427 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHA2_192S),
428 WC_SLHDSA_SHA2_192S_SIG_LEN);
429#endif
430
431#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
432 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192F, NULL, INVALID_DEVID),
433 0);
434#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
435 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHA2_192F_PRIV_LEN);
436#endif
437 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHA2_192F_PUB_LEN);
438 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHA2_192F_SIG_LEN);
439 wc_SlhDsaKey_Free(&key);
440
441#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
442 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHA2_192F),
443 WC_SLHDSA_SHA2_192F_PRIV_LEN);
444#endif
445 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHA2_192F),
446 WC_SLHDSA_SHA2_192F_PUB_LEN);
447 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHA2_192F),
448 WC_SLHDSA_SHA2_192F_SIG_LEN);
449#endif
450
451#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
452 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256S, NULL, INVALID_DEVID),
453 0);
454#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
455 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHA2_256S_PRIV_LEN);
456#endif
457 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHA2_256S_PUB_LEN);
458 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHA2_256S_SIG_LEN);
459 wc_SlhDsaKey_Free(&key);
460
461#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
462 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHA2_256S),
463 WC_SLHDSA_SHA2_256S_PRIV_LEN);
464#endif
465 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHA2_256S),
466 WC_SLHDSA_SHA2_256S_PUB_LEN);
467 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHA2_256S),
468 WC_SLHDSA_SHA2_256S_SIG_LEN);
469#endif
470
471#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
472 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256F, NULL, INVALID_DEVID),
473 0);
474#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
475 ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHA2_256F_PRIV_LEN);
476#endif
477 ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHA2_256F_PUB_LEN);
478 ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHA2_256F_SIG_LEN);
479 wc_SlhDsaKey_Free(&key);
480
481#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
482 ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHA2_256F),
483 WC_SLHDSA_SHA2_256F_PRIV_LEN);
484#endif
485 ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHA2_256F),
486 WC_SLHDSA_SHA2_256F_PUB_LEN);
487 ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHA2_256F),
488 WC_SLHDSA_SHA2_256F_SIG_LEN);
489#endif
490#endif /* WOLFSSL_SLHDSA_SHA2 */
491
492#endif /* WOLFSSL_HAVE_SLHDSA */
493 return EXPECT_RESULT();
494}
495
496/*
497 * Test key generation for SLH-DSA.
498 */
499int test_wc_slhdsa_make_key(void)
500{
501 EXPECT_DECLS;
502#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
503 SlhDsaKey key;
504 WC_RNG rng;
505
506 XMEMSET(&rng, 0, sizeof(WC_RNG));
507 ExpectIntEQ(wc_InitRng(&rng), 0);
508
509 /* Test NULL parameter handling. */
510 ExpectIntEQ(wc_SlhDsaKey_MakeKey(NULL, &rng),
511 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
512
513#ifdef WOLFSSL_SLHDSA_PARAM_128S
514 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID),
515 0);
516 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, NULL),
517 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
518 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
519 wc_SlhDsaKey_Free(&key);
520#endif
521
522#ifdef WOLFSSL_SLHDSA_PARAM_128F
523 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID),
524 0);
525 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
526 wc_SlhDsaKey_Free(&key);
527#endif
528
529#ifdef WOLFSSL_SLHDSA_PARAM_192S
530 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID),
531 0);
532 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
533 wc_SlhDsaKey_Free(&key);
534#endif
535
536#ifdef WOLFSSL_SLHDSA_PARAM_192F
537 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID),
538 0);
539 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
540 wc_SlhDsaKey_Free(&key);
541#endif
542
543#ifdef WOLFSSL_SLHDSA_PARAM_256S
544 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID),
545 0);
546 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
547 wc_SlhDsaKey_Free(&key);
548#endif
549
550#ifdef WOLFSSL_SLHDSA_PARAM_256F
551 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID),
552 0);
553 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
554 wc_SlhDsaKey_Free(&key);
555#endif
556
557#ifdef WOLFSSL_SLHDSA_SHA2
558#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
559 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128S, NULL, INVALID_DEVID),
560 0);
561 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
562 wc_SlhDsaKey_Free(&key);
563#endif
564#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
565 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128F, NULL, INVALID_DEVID),
566 0);
567 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
568 wc_SlhDsaKey_Free(&key);
569#endif
570#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
571 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192S, NULL, INVALID_DEVID),
572 0);
573 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
574 wc_SlhDsaKey_Free(&key);
575#endif
576#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
577 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192F, NULL, INVALID_DEVID),
578 0);
579 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
580 wc_SlhDsaKey_Free(&key);
581#endif
582#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
583 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256S, NULL, INVALID_DEVID),
584 0);
585 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
586 wc_SlhDsaKey_Free(&key);
587#endif
588#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
589 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256F, NULL, INVALID_DEVID),
590 0);
591 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
592 wc_SlhDsaKey_Free(&key);
593#endif
594#endif /* WOLFSSL_SLHDSA_SHA2 */
595
596 /* Test MakeKeyWithRandom. */
597#ifdef TEST_SLHDSA_DEFAULT_PARAM
598 {
599 byte sk_seed[TEST_SLHDSA_DEFAULT_SEED_LEN];
600 byte sk_prf[TEST_SLHDSA_DEFAULT_SEED_LEN];
601 byte pk_seed[TEST_SLHDSA_DEFAULT_SEED_LEN];
602
603 XMEMSET(sk_seed, 0x01, sizeof(sk_seed));
604 XMEMSET(sk_prf, 0x02, sizeof(sk_prf));
605 XMEMSET(pk_seed, 0x03, sizeof(pk_seed));
606
607 /* Test NULL parameter handling. */
608 ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(NULL, sk_seed,
609 sizeof(sk_seed), sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)),
610 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
611
612 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
613 INVALID_DEVID), 0);
614 ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, NULL, sizeof(sk_seed),
615 sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)),
616 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
617 ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed,
618 sizeof(sk_seed), NULL, sizeof(sk_prf), pk_seed, sizeof(pk_seed)),
619 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
620 ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed,
621 sizeof(sk_seed), sk_prf, sizeof(sk_prf), NULL, sizeof(pk_seed)),
622 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
623 /* Test wrong size. */
624 ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed, 8,
625 sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)),
626 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
627
628 ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed,
629 sizeof(sk_seed), sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)),
630 0);
631 wc_SlhDsaKey_Free(&key);
632 }
633#endif
634
635 wc_FreeRng(&rng);
636#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_VERIFY_ONLY */
637 return EXPECT_RESULT();
638}
639
640/*
641 * Test signing for SLH-DSA.
642 */
643int test_wc_slhdsa_sign(void)
644{
645 EXPECT_DECLS;
646#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
647 SlhDsaKey key;
648 WC_RNG rng;
649 byte msg[64];
650 byte* sig = NULL;
651 word32 sigLen;
652 word32 expSigLen;
653 byte ctx[10];
654
655 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
656 ExpectNotNull(sig);
657
658 XMEMSET(&rng, 0, sizeof(WC_RNG));
659 XMEMSET(msg, 0xAA, sizeof(msg));
660 XMEMSET(ctx, 0x01, sizeof(ctx));
661
662 ExpectIntEQ(wc_InitRng(&rng), 0);
663
664 /* Test NULL parameter handling. */
665 sigLen = WC_SLHDSA_MAX_SIG_LEN;
666 ExpectIntEQ(wc_SlhDsaKey_Sign(NULL, ctx, sizeof(ctx), msg, sizeof(msg),
667 sig, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
668
669 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
670 INVALID_DEVID), 0);
671 expSigLen = TEST_SLHDSA_DEFAULT_SIG_LEN;
672 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
673
674 sigLen = WC_SLHDSA_MAX_SIG_LEN;
675 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), NULL, sizeof(msg),
676 sig, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
677 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
678 NULL, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
679 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
680 sig, NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
681 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
682 sig, &sigLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
683
684 /* Test buffer too small. */
685 sigLen = 10;
686 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
687 sig, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_LENGTH_E));
688
689 /* Test successful signing. */
690 sigLen = WC_SLHDSA_MAX_SIG_LEN;
691 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
692 sig, &sigLen, &rng), 0);
693 ExpectIntEQ(sigLen, expSigLen);
694
695 /* Test signing with NULL context (allowed). */
696 sigLen = WC_SLHDSA_MAX_SIG_LEN;
697 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, NULL, 0, msg, sizeof(msg),
698 sig, &sigLen, &rng), 0);
699
700 wc_SlhDsaKey_Free(&key);
701
702 /* Test SignDeterministic. */
703 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
704 INVALID_DEVID), 0);
705 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
706
707 sigLen = WC_SLHDSA_MAX_SIG_LEN;
708 ExpectIntEQ(wc_SlhDsaKey_SignDeterministic(NULL, ctx, sizeof(ctx),
709 msg, sizeof(msg), sig, &sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
710 ExpectIntEQ(wc_SlhDsaKey_SignDeterministic(&key, ctx, sizeof(ctx),
711 msg, sizeof(msg), sig, &sigLen), 0);
712 ExpectIntEQ(sigLen, expSigLen);
713
714 wc_SlhDsaKey_Free(&key);
715
716 /* Test SignWithRandom. */
717 {
718 byte addRnd[WC_SLHDSA_MAX_SEED];
719 XMEMSET(addRnd, 0x55, sizeof(addRnd));
720
721 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
722 INVALID_DEVID), 0);
723 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
724
725 sigLen = WC_SLHDSA_MAX_SIG_LEN;
726 ExpectIntEQ(wc_SlhDsaKey_SignWithRandom(NULL, ctx, sizeof(ctx),
727 msg, sizeof(msg), sig, &sigLen, addRnd),
728 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
729 ExpectIntEQ(wc_SlhDsaKey_SignWithRandom(&key, ctx, sizeof(ctx),
730 msg, sizeof(msg), sig, &sigLen, NULL),
731 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
732 ExpectIntEQ(wc_SlhDsaKey_SignWithRandom(&key, ctx, sizeof(ctx),
733 msg, sizeof(msg), sig, &sigLen, addRnd), 0);
734 ExpectIntEQ(sigLen, expSigLen);
735
736 wc_SlhDsaKey_Free(&key);
737 }
738
739 wc_FreeRng(&rng);
740 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
741#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_VERIFY_ONLY */
742 return EXPECT_RESULT();
743}
744
745/*
746 * Test verification for SLH-DSA.
747 */
748int test_wc_slhdsa_verify(void)
749{
750 EXPECT_DECLS;
751#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
752 SlhDsaKey key;
753 WC_RNG rng;
754 byte msg[64];
755 byte* sig = NULL;
756 word32 sigLen;
757 byte ctx[10];
758
759 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
760 ExpectNotNull(sig);
761
762 XMEMSET(&rng, 0, sizeof(WC_RNG));
763 XMEMSET(msg, 0xAA, sizeof(msg));
764 XMEMSET(ctx, 0x01, sizeof(ctx));
765
766 ExpectIntEQ(wc_InitRng(&rng), 0);
767
768 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
769 INVALID_DEVID), 0);
770 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
771
772 /* Generate a signature. */
773 sigLen = WC_SLHDSA_MAX_SIG_LEN;
774 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
775 sig, &sigLen, &rng), 0);
776
777 /* Test NULL parameter handling. */
778 ExpectIntEQ(wc_SlhDsaKey_Verify(NULL, ctx, sizeof(ctx), msg, sizeof(msg),
779 sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
780 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), NULL, sizeof(msg),
781 sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
782 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
783 NULL, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
784
785 /* Test successful verification. */
786 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
787 sig, sigLen), 0);
788
789 /* Test verification with wrong message. */
790 msg[0] ^= 0xFF;
791 ExpectIntNE(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
792 sig, sigLen), 0);
793 msg[0] ^= 0xFF;
794
795 /* Test verification with wrong context. */
796 ctx[0] ^= 0xFF;
797 ExpectIntNE(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
798 sig, sigLen), 0);
799 ctx[0] ^= 0xFF;
800
801 /* Test verification with corrupted signature. */
802 sig[0] ^= 0xFF;
803 ExpectIntNE(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
804 sig, sigLen), 0);
805 sig[0] ^= 0xFF;
806
807 /* Test verification with NULL context (allowed, but must match signing). */
808 sigLen = WC_SLHDSA_MAX_SIG_LEN;
809 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, NULL, 0, msg, sizeof(msg),
810 sig, &sigLen, &rng), 0);
811 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, NULL, 0, msg, sizeof(msg),
812 sig, sigLen), 0);
813
814 wc_SlhDsaKey_Free(&key);
815
816 wc_FreeRng(&rng);
817 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
818#endif /* WOLFSSL_HAVE_SLHDSA */
819 return EXPECT_RESULT();
820}
821
822/*
823 * Test combined sign and verify for all parameter sets.
824 */
825int test_wc_slhdsa_sign_vfy(void)
826{
827 EXPECT_DECLS;
828#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
829 SlhDsaKey key;
830 WC_RNG rng;
831 byte msg[64];
832 byte* sig = NULL;
833 word32 sigLen;
834 byte ctx[10];
835
836 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
837 ExpectNotNull(sig);
838
839 XMEMSET(&rng, 0, sizeof(WC_RNG));
840 XMEMSET(msg, 0xAA, sizeof(msg));
841 XMEMSET(ctx, 0x01, sizeof(ctx));
842
843 ExpectIntEQ(wc_InitRng(&rng), 0);
844
845#ifdef WOLFSSL_SLHDSA_PARAM_128S
846 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID),
847 0);
848 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
849
850 sigLen = WC_SLHDSA_MAX_SIG_LEN;
851 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
852 sig, &sigLen, &rng), 0);
853 ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE128S_SIG_LEN);
854 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
855 sig, sigLen), 0);
856
857 wc_SlhDsaKey_Free(&key);
858#endif
859
860#ifdef WOLFSSL_SLHDSA_PARAM_128F
861 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID),
862 0);
863 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
864
865 sigLen = WC_SLHDSA_MAX_SIG_LEN;
866 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
867 sig, &sigLen, &rng), 0);
868 ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE128F_SIG_LEN);
869 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
870 sig, sigLen), 0);
871
872 wc_SlhDsaKey_Free(&key);
873#endif
874
875#ifdef WOLFSSL_SLHDSA_PARAM_192S
876 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID),
877 0);
878 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
879
880 sigLen = WC_SLHDSA_MAX_SIG_LEN;
881 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
882 sig, &sigLen, &rng), 0);
883 ExpectIntEQ(sigLen, (word32)wc_SlhDsaKey_SigSize(&key));
884 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
885 sig, sigLen), 0);
886
887 wc_SlhDsaKey_Free(&key);
888#endif
889
890#ifdef WOLFSSL_SLHDSA_PARAM_192F
891 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID),
892 0);
893 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
894
895 sigLen = WC_SLHDSA_MAX_SIG_LEN;
896 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
897 sig, &sigLen, &rng), 0);
898 ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE192F_SIG_LEN);
899 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
900 sig, sigLen), 0);
901
902 wc_SlhDsaKey_Free(&key);
903#endif
904
905#ifdef WOLFSSL_SLHDSA_PARAM_256S
906 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID),
907 0);
908 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
909
910 sigLen = WC_SLHDSA_MAX_SIG_LEN;
911 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
912 sig, &sigLen, &rng), 0);
913 ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE256S_SIG_LEN);
914 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
915 sig, sigLen), 0);
916
917 wc_SlhDsaKey_Free(&key);
918#endif
919
920#ifdef WOLFSSL_SLHDSA_PARAM_256F
921 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID),
922 0);
923 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
924
925 sigLen = WC_SLHDSA_MAX_SIG_LEN;
926 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
927 sig, &sigLen, &rng), 0);
928 ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE256F_SIG_LEN);
929 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
930 sig, sigLen), 0);
931
932 wc_SlhDsaKey_Free(&key);
933#endif
934
935#ifdef WOLFSSL_SLHDSA_SHA2
936#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
937 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128S, NULL, INVALID_DEVID),
938 0);
939 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
940 sigLen = WC_SLHDSA_MAX_SIG_LEN;
941 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
942 sig, &sigLen, &rng), 0);
943 ExpectIntEQ(sigLen, WC_SLHDSA_SHA2_128S_SIG_LEN);
944 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
945 sig, sigLen), 0);
946 wc_SlhDsaKey_Free(&key);
947#endif
948#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
949 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128F, NULL, INVALID_DEVID),
950 0);
951 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
952 sigLen = WC_SLHDSA_MAX_SIG_LEN;
953 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
954 sig, &sigLen, &rng), 0);
955 ExpectIntEQ(sigLen, WC_SLHDSA_SHA2_128F_SIG_LEN);
956 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
957 sig, sigLen), 0);
958 wc_SlhDsaKey_Free(&key);
959#endif
960#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
961 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192S, NULL, INVALID_DEVID),
962 0);
963 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
964 sigLen = WC_SLHDSA_MAX_SIG_LEN;
965 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
966 sig, &sigLen, &rng), 0);
967 ExpectIntEQ(sigLen, WC_SLHDSA_SHA2_192S_SIG_LEN);
968 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
969 sig, sigLen), 0);
970 wc_SlhDsaKey_Free(&key);
971#endif
972#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
973 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192F, NULL, INVALID_DEVID),
974 0);
975 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
976 sigLen = WC_SLHDSA_MAX_SIG_LEN;
977 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
978 sig, &sigLen, &rng), 0);
979 ExpectIntEQ(sigLen, WC_SLHDSA_SHA2_192F_SIG_LEN);
980 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
981 sig, sigLen), 0);
982 wc_SlhDsaKey_Free(&key);
983#endif
984#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
985 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256S, NULL, INVALID_DEVID),
986 0);
987 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
988 sigLen = WC_SLHDSA_MAX_SIG_LEN;
989 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
990 sig, &sigLen, &rng), 0);
991 ExpectIntEQ(sigLen, WC_SLHDSA_SHA2_256S_SIG_LEN);
992 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
993 sig, sigLen), 0);
994 wc_SlhDsaKey_Free(&key);
995#endif
996#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
997 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256F, NULL, INVALID_DEVID),
998 0);
999 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
1000 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1001 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
1002 sig, &sigLen, &rng), 0);
1003 ExpectIntEQ(sigLen, WC_SLHDSA_SHA2_256F_SIG_LEN);
1004 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
1005 sig, sigLen), 0);
1006 wc_SlhDsaKey_Free(&key);
1007#endif
1008#endif /* WOLFSSL_SLHDSA_SHA2 */
1009
1010 wc_FreeRng(&rng);
1011 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1012#endif /* WOLFSSL_HAVE_SLHDSA */
1013 return EXPECT_RESULT();
1014}
1015
1016/*
1017 * Test hash signing and verification for SLH-DSA.
1018 */
1019int test_wc_slhdsa_sign_hash(void)
1020{
1021 EXPECT_DECLS;
1022#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
1023 SlhDsaKey key;
1024 WC_RNG rng;
1025 byte hash[64];
1026 byte* sig = NULL;
1027 word32 sigLen;
1028 word32 expSigLen;
1029 byte ctx[10];
1030
1031 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1032 ExpectNotNull(sig);
1033
1034 XMEMSET(&rng, 0, sizeof(WC_RNG));
1035 XMEMSET(hash, 0xBB, sizeof(hash));
1036 XMEMSET(ctx, 0x01, sizeof(ctx));
1037
1038 ExpectIntEQ(wc_InitRng(&rng), 0);
1039
1040 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1041 INVALID_DEVID), 0);
1042 expSigLen = TEST_SLHDSA_DEFAULT_SIG_LEN;
1043 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
1044
1045 /* Test SignHash NULL parameter handling. Use 32-byte hash length so the
1046 * NULL check trips before the digest-length check (HashSLH-DSA expects
1047 * SHA-256 digest = 32 bytes). */
1048 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1049 ExpectIntEQ(wc_SlhDsaKey_SignHash(NULL, ctx, sizeof(ctx), hash,
1050 32, WC_HASH_TYPE_SHA256, sig, &sigLen, &rng),
1051 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1052 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), NULL,
1053 32, WC_HASH_TYPE_SHA256, sig, &sigLen, &rng),
1054 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1055 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash,
1056 32, WC_HASH_TYPE_SHA256, NULL, &sigLen, &rng),
1057 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1058 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash,
1059 32, WC_HASH_TYPE_SHA256, sig, NULL, &rng),
1060 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1061 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash,
1062 32, WC_HASH_TYPE_SHA256, sig, &sigLen, NULL),
1063 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1064
1065 /* HashSLH-DSA must reject digest lengths that don't match hashType. */
1066 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1067 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 31,
1068 WC_HASH_TYPE_SHA256, sig, &sigLen, &rng),
1069 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1070 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 33,
1071 WC_HASH_TYPE_SHA256, sig, &sigLen, &rng),
1072 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1073 /* Generate a real signature first so VerifyHash gets to its length check
1074 * rather than failing on signature size. */
1075 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32,
1076 WC_HASH_TYPE_SHA256, sig, &sigLen, &rng), 0);
1077 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 31,
1078 WC_HASH_TYPE_SHA256, sig, sigLen),
1079 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1080 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 33,
1081 WC_HASH_TYPE_SHA256, sig, sigLen),
1082 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1083
1084 /* Unsupported hashType (FIPS 205 doesn't list WC_HASH_TYPE_NONE) hits
1085 * the default branch of slhdsakey_validate_prehash. */
1086 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1087 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32,
1088 WC_HASH_TYPE_NONE, sig, &sigLen, &rng),
1089 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
1090
1091 /* Test SignHash with SHA-256. */
1092 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1093 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32,
1094 WC_HASH_TYPE_SHA256, sig, &sigLen, &rng), 0);
1095 ExpectIntEQ(sigLen, expSigLen);
1096 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1097 WC_HASH_TYPE_SHA256, sig, sigLen), 0);
1098
1099 /* Test VerifyHash NULL parameter handling. */
1100 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(NULL, ctx, sizeof(ctx), hash, 32,
1101 WC_HASH_TYPE_SHA256, sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1102 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), NULL, 32,
1103 WC_HASH_TYPE_SHA256, sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1104 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1105 WC_HASH_TYPE_SHA256, NULL, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1106
1107 /* Test VerifyHash with wrong hash. */
1108 hash[0] ^= 0xFF;
1109 ExpectIntNE(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1110 WC_HASH_TYPE_SHA256, sig, sigLen), 0);
1111 hash[0] ^= 0xFF;
1112
1113 /* Test SignHashDeterministic. */
1114 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1115 ExpectIntEQ(wc_SlhDsaKey_SignHashDeterministic(NULL, ctx, sizeof(ctx),
1116 hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen),
1117 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1118 ExpectIntEQ(wc_SlhDsaKey_SignHashDeterministic(&key, ctx, sizeof(ctx),
1119 hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen), 0);
1120 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1121 WC_HASH_TYPE_SHA256, sig, sigLen), 0);
1122
1123 /* Test SignHashWithRandom. */
1124 {
1125 byte addRnd[WC_SLHDSA_MAX_SEED];
1126 XMEMSET(addRnd, 0x55, sizeof(addRnd));
1127
1128 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1129 ExpectIntEQ(wc_SlhDsaKey_SignHashWithRandom(NULL, ctx, sizeof(ctx),
1130 hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen, addRnd),
1131 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1132 ExpectIntEQ(wc_SlhDsaKey_SignHashWithRandom(&key, ctx, sizeof(ctx),
1133 hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen, NULL),
1134 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1135 ExpectIntEQ(wc_SlhDsaKey_SignHashWithRandom(&key, ctx, sizeof(ctx),
1136 hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen, addRnd), 0);
1137 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1138 WC_HASH_TYPE_SHA256, sig, sigLen), 0);
1139 }
1140
1141#ifdef WOLFSSL_SHA512
1142 /* SHA-512 round-trip exercises a 64-byte digest path. */
1143 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1144 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 64,
1145 WC_HASH_TYPE_SHA512, sig, &sigLen, &rng), 0);
1146 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 64,
1147 WC_HASH_TYPE_SHA512, sig, sigLen), 0);
1148 /* SHA-512 must also reject the wrong digest length. */
1149 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32,
1150 WC_HASH_TYPE_SHA512, sig, &sigLen, &rng),
1151 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1152#endif
1153
1154#ifdef WOLFSSL_SHAKE128
1155 /* SHAKE128 PHM is fixed at 256 bits per FIPS 205 Section 10.2.2. */
1156 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1157 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32,
1158 WC_HASH_TYPE_SHAKE128, sig, &sigLen, &rng), 0);
1159 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1160 WC_HASH_TYPE_SHAKE128, sig, sigLen), 0);
1161 /* SignHash and VerifyHash both reject mismatched digest length. */
1162 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 64,
1163 WC_HASH_TYPE_SHAKE128, sig, &sigLen, &rng),
1164 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1165 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 64,
1166 WC_HASH_TYPE_SHAKE128, sig, sigLen),
1167 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1168#endif
1169
1170#ifdef WOLFSSL_SHAKE256
1171 /* SHAKE256 PHM is fixed at 512 bits per FIPS 205 Section 10.2.2. */
1172 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1173 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 64,
1174 WC_HASH_TYPE_SHAKE256, sig, &sigLen, &rng), 0);
1175 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 64,
1176 WC_HASH_TYPE_SHAKE256, sig, sigLen), 0);
1177 /* SignHash and VerifyHash both reject mismatched digest length. */
1178 ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32,
1179 WC_HASH_TYPE_SHAKE256, sig, &sigLen, &rng),
1180 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1181 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32,
1182 WC_HASH_TYPE_SHAKE256, sig, sigLen),
1183 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1184#endif
1185
1186 wc_SlhDsaKey_Free(&key);
1187
1188 wc_FreeRng(&rng);
1189 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1190#endif /* WOLFSSL_HAVE_SLHDSA */
1191 return EXPECT_RESULT();
1192}
1193
1194/*
1195 * Test the FIPS 205 internal interface (M' supplied directly) for SLH-DSA.
1196 * Covers wc_SlhDsaKey_SignMsgDeterministic, wc_SlhDsaKey_SignMsgWithRandom,
1197 * and wc_SlhDsaKey_VerifyMsg, plus a HashSLH-DSA equivalence cross-check
1198 * that proves an externally-built M' matches the SignHash/VerifyHash path.
1199 */
1200int test_wc_slhdsa_sign_msg(void)
1201{
1202 EXPECT_DECLS;
1203#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
1204 !defined(NO_SHA256)
1205 SlhDsaKey key;
1206 WC_RNG rng;
1207 byte mprime[64];
1208 byte* sig = NULL;
1209 word32 sigLen;
1210 byte addRnd[WC_SLHDSA_MAX_SEED];
1211
1212 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1213 ExpectNotNull(sig);
1214
1215 XMEMSET(&rng, 0, sizeof(WC_RNG));
1216 XMEMSET(mprime, 0xAA, sizeof(mprime));
1217 XMEMSET(addRnd, 0x55, sizeof(addRnd));
1218
1219 ExpectIntEQ(wc_InitRng(&rng), 0);
1220
1221 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1222 INVALID_DEVID), 0);
1223 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
1224
1225 /* SignMsgDeterministic NULL-arg checks. */
1226 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1227 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(NULL, mprime, sizeof(mprime),
1228 sig, &sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1229 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(&key, NULL, sizeof(mprime),
1230 sig, &sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1231 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(&key, mprime, sizeof(mprime),
1232 NULL, &sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1233 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(&key, mprime, sizeof(mprime),
1234 sig, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1235
1236 /* SignMsgDeterministic must reject sigSz smaller than params->sigLen. */
1237 sigLen = 1;
1238 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(&key, mprime,
1239 sizeof(mprime), sig, &sigLen), WC_NO_ERR_TRACE(BAD_LENGTH_E));
1240
1241 /* Round-trip: Deterministic. */
1242 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1243 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(&key, mprime,
1244 sizeof(mprime), sig, &sigLen), 0);
1245 ExpectIntEQ(wc_SlhDsaKey_VerifyMsg(&key, mprime, sizeof(mprime), sig,
1246 sigLen), 0);
1247
1248 /* SignMsgWithRandom NULL-arg checks. */
1249 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1250 ExpectIntEQ(wc_SlhDsaKey_SignMsgWithRandom(NULL, mprime, sizeof(mprime),
1251 sig, &sigLen, addRnd), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1252 ExpectIntEQ(wc_SlhDsaKey_SignMsgWithRandom(&key, mprime, sizeof(mprime),
1253 sig, &sigLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1254
1255 /* SignMsgWithRandom must reject sigSz smaller than params->sigLen. */
1256 sigLen = 1;
1257 ExpectIntEQ(wc_SlhDsaKey_SignMsgWithRandom(&key, mprime, sizeof(mprime),
1258 sig, &sigLen, addRnd), WC_NO_ERR_TRACE(BAD_LENGTH_E));
1259
1260 /* Round-trip: WithRandom. Reset sigLen explicitly so the test doesn't
1261 * silently rely on the previous call having set it to params->sigLen. */
1262 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1263 ExpectIntEQ(wc_SlhDsaKey_SignMsgWithRandom(&key, mprime, sizeof(mprime),
1264 sig, &sigLen, addRnd), 0);
1265 ExpectIntEQ(wc_SlhDsaKey_VerifyMsg(&key, mprime, sizeof(mprime), sig,
1266 sigLen), 0);
1267
1268 /* VerifyMsg NULL-arg checks. */
1269 ExpectIntEQ(wc_SlhDsaKey_VerifyMsg(NULL, mprime, sizeof(mprime), sig,
1270 sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1271 ExpectIntEQ(wc_SlhDsaKey_VerifyMsg(&key, NULL, sizeof(mprime), sig,
1272 sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1273 ExpectIntEQ(wc_SlhDsaKey_VerifyMsg(&key, mprime, sizeof(mprime), NULL,
1274 sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1275
1276 /* Equivalence cross-check: build M' = 0x01 || ctxSz || OID(SHA-256) ||
1277 * SHA256(orig) externally, sign it via SignMsgDeterministic, and verify
1278 * via VerifyHash with the same SHA-256 digest. Both paths must agree. */
1279 {
1280 static const byte sha256_oid[] = {
1281 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
1282 0x04, 0x02, 0x01
1283 };
1284 static const byte orig[] = "Hello World!";
1285 byte digest[WC_SHA256_DIGEST_SIZE];
1286 byte built_mprime[2 + sizeof(sha256_oid) + WC_SHA256_DIGEST_SIZE];
1287 word32 idx = 0;
1288 word32 sigLen2;
1289
1290 ExpectIntEQ(wc_Sha256Hash(orig, (word32)sizeof(orig) - 1, digest), 0);
1291
1292 built_mprime[idx++] = 0x01; /* HashSLH-DSA domain separator */
1293 built_mprime[idx++] = 0; /* ctxSz = 0 */
1294 XMEMCPY(built_mprime + idx, sha256_oid, sizeof(sha256_oid));
1295 idx += (word32)sizeof(sha256_oid);
1296 XMEMCPY(built_mprime + idx, digest, sizeof(digest));
1297 idx += (word32)sizeof(digest);
1298
1299 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1300 ExpectIntEQ(wc_SlhDsaKey_SignMsgDeterministic(&key, built_mprime,
1301 idx, sig, &sigLen), 0);
1302
1303 /* The same signature must verify via the HashSLH-DSA external API. */
1304 ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, NULL, 0, digest,
1305 sizeof(digest), WC_HASH_TYPE_SHA256, sig, sigLen), 0);
1306
1307 /* And the deterministic HashSLH-DSA path must produce the SAME
1308 * signature bytes (this is the strongest interop check). */
1309 sigLen2 = WC_SLHDSA_MAX_SIG_LEN;
1310 {
1311 byte* sig2 = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL,
1312 DYNAMIC_TYPE_TMP_BUFFER);
1313 ExpectNotNull(sig2);
1314 ExpectIntEQ(wc_SlhDsaKey_SignHashDeterministic(&key, NULL, 0,
1315 digest, sizeof(digest), WC_HASH_TYPE_SHA256, sig2,
1316 &sigLen2), 0);
1317 ExpectIntEQ(sigLen2, sigLen);
1318 ExpectIntEQ(XMEMCMP(sig2, sig, sigLen), 0);
1319 XFREE(sig2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1320 }
1321 }
1322
1323 wc_SlhDsaKey_Free(&key);
1324 wc_FreeRng(&rng);
1325 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1326#endif
1327 return EXPECT_RESULT();
1328}
1329
1330/*
1331 * Test export and import for SLH-DSA keys.
1332 */
1333int test_wc_slhdsa_export_import(void)
1334{
1335 EXPECT_DECLS;
1336#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
1337 SlhDsaKey key;
1338 SlhDsaKey key2;
1339 WC_RNG rng;
1340 byte* privKey = NULL;
1341 byte* pubKey = NULL;
1342 word32 privKeyLen;
1343 word32 expPrivKeyLen;
1344 word32 pubKeyLen;
1345 word32 expPubKeyLen;
1346 byte msg[64];
1347 byte* sig = NULL;
1348 word32 sigLen;
1349 byte ctx[10];
1350
1351 privKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PRIV_LEN, NULL,
1352 DYNAMIC_TYPE_TMP_BUFFER);
1353 ExpectNotNull(privKey);
1354 pubKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PUB_LEN, NULL,
1355 DYNAMIC_TYPE_TMP_BUFFER);
1356 ExpectNotNull(pubKey);
1357 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1358 ExpectNotNull(sig);
1359
1360 XMEMSET(&rng, 0, sizeof(WC_RNG));
1361 XMEMSET(msg, 0xAA, sizeof(msg));
1362 XMEMSET(ctx, 0x01, sizeof(ctx));
1363
1364 ExpectIntEQ(wc_InitRng(&rng), 0);
1365
1366 /* Test NULL parameter handling for export functions. */
1367 privKeyLen = WC_SLHDSA_MAX_PRIV_LEN;
1368 pubKeyLen = WC_SLHDSA_MAX_PUB_LEN;
1369 ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(NULL, privKey, &privKeyLen),
1370 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1371 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(NULL, pubKey, &pubKeyLen),
1372 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1373
1374 /* Test NULL parameter handling for import functions. */
1375 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(NULL, privKey, privKeyLen),
1376 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1377 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(NULL, pubKey, pubKeyLen),
1378 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1379
1380 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1381 INVALID_DEVID), 0);
1382 expPrivKeyLen = TEST_SLHDSA_DEFAULT_PRIV_LEN;
1383 expPubKeyLen = TEST_SLHDSA_DEFAULT_PUB_LEN;
1384 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
1385
1386 /* Test export with NULL buffer. */
1387 ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, NULL, &privKeyLen),
1388 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1389 ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, NULL),
1390 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1391 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, NULL, &pubKeyLen),
1392 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1393 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, NULL),
1394 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1395
1396 /* Test export with buffer too small. */
1397 privKeyLen = 10;
1398 ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, &privKeyLen),
1399 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1400 pubKeyLen = 10;
1401 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, &pubKeyLen),
1402 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1403
1404 /* Test successful export. */
1405 privKeyLen = WC_SLHDSA_MAX_PRIV_LEN;
1406 ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, &privKeyLen), 0);
1407 ExpectIntEQ(privKeyLen, expPrivKeyLen);
1408
1409 pubKeyLen = WC_SLHDSA_MAX_PUB_LEN;
1410 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, &pubKeyLen), 0);
1411 ExpectIntEQ(pubKeyLen, expPubKeyLen);
1412
1413 /* Sign with original key. */
1414 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1415 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg),
1416 sig, &sigLen, &rng), 0);
1417
1418 /* Test import into new key and verify. */
1419 ExpectIntEQ(wc_SlhDsaKey_Init(&key2, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1420 INVALID_DEVID), 0);
1421
1422 /* Test import with NULL data. */
1423 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key2, NULL, privKeyLen),
1424 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1425 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key2, NULL, pubKeyLen),
1426 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1427
1428 /* Test import with wrong size. */
1429 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key2, privKey, 10),
1430 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1431 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key2, pubKey, 10),
1432 WC_NO_ERR_TRACE(BAD_LENGTH_E));
1433
1434 /* Test successful import of public key only. */
1435 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key2, pubKey, pubKeyLen), 0);
1436 /* Verify with imported public key. */
1437 ExpectIntEQ(wc_SlhDsaKey_Verify(&key2, ctx, sizeof(ctx), msg, sizeof(msg),
1438 sig, sigLen), 0);
1439 wc_SlhDsaKey_Free(&key2);
1440
1441 /* Test import of private key. */
1442 ExpectIntEQ(wc_SlhDsaKey_Init(&key2, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1443 INVALID_DEVID), 0);
1444 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key2, privKey, privKeyLen), 0);
1445 /* Sign with imported key. */
1446 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1447 ExpectIntEQ(wc_SlhDsaKey_Sign(&key2, ctx, sizeof(ctx), msg, sizeof(msg),
1448 sig, &sigLen, &rng), 0);
1449 /* Verify with original key. */
1450 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg),
1451 sig, sigLen), 0);
1452
1453 wc_SlhDsaKey_Free(&key2);
1454 wc_SlhDsaKey_Free(&key);
1455
1456 wc_FreeRng(&rng);
1457 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1458 XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1459 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1460#endif /* WOLFSSL_HAVE_SLHDSA */
1461 return EXPECT_RESULT();
1462}
1463
1464/*
1465 * Test key check for SLH-DSA.
1466 */
1467int test_wc_slhdsa_check_key(void)
1468{
1469 EXPECT_DECLS;
1470#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
1471 SlhDsaKey key;
1472 WC_RNG rng;
1473 byte* privKey = NULL;
1474 byte* pubKey = NULL;
1475 word32 privKeyLen;
1476 word32 pubKeyLen;
1477
1478 privKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PRIV_LEN, NULL,
1479 DYNAMIC_TYPE_TMP_BUFFER);
1480 ExpectNotNull(privKey);
1481 pubKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PUB_LEN, NULL,
1482 DYNAMIC_TYPE_TMP_BUFFER);
1483 ExpectNotNull(pubKey);
1484
1485 XMEMSET(&rng, 0, sizeof(WC_RNG));
1486 ExpectIntEQ(wc_InitRng(&rng), 0);
1487
1488 /* Test NULL parameter handling. */
1489 ExpectIntEQ(wc_SlhDsaKey_CheckKey(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1490
1491 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1492 INVALID_DEVID), 0);
1493 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0);
1494
1495 /* Test check of valid key. */
1496 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0);
1497
1498 /* Export keys. */
1499 privKeyLen = WC_SLHDSA_MAX_PRIV_LEN;
1500 ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, &privKeyLen), 0);
1501 pubKeyLen = WC_SLHDSA_MAX_PUB_LEN;
1502 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, &pubKeyLen), 0);
1503
1504 wc_SlhDsaKey_Free(&key);
1505
1506 /* Test check with only public key imported - requires private key. */
1507 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1508 INVALID_DEVID), 0);
1509 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key, pubKey, pubKeyLen), 0);
1510 /* CheckKey requires a private key to validate. */
1511 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), WC_NO_ERR_TRACE(MISSING_KEY));
1512 wc_SlhDsaKey_Free(&key);
1513
1514 /* Test check with only private key imported. */
1515 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1516 INVALID_DEVID), 0);
1517 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key, privKey, privKeyLen), 0);
1518 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0);
1519 wc_SlhDsaKey_Free(&key);
1520
1521 /* Test check with both keys imported. */
1522 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1523 INVALID_DEVID), 0);
1524 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key, pubKey, pubKeyLen), 0);
1525 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key, privKey, privKeyLen), 0);
1526 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0);
1527
1528 key.sk[0] ^= 0x01;
1529 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key),
1530 WC_NO_ERR_TRACE(WC_KEY_MISMATCH_E));
1531 wc_SlhDsaKey_Free(&key);
1532
1533 /* Regression: Private-then-Public order. ImportPrivate sets
1534 * flags = WC_SLHDSA_FLAG_BOTH_KEYS; if ImportPublic clobbered flags
1535 * with `=` instead of `|=`, the FLAG_PRIVATE bit would be dropped and
1536 * CheckKey would return MISSING_KEY. */
1537 ExpectIntEQ(wc_SlhDsaKey_Init(&key, TEST_SLHDSA_DEFAULT_PARAM, NULL,
1538 INVALID_DEVID), 0);
1539 ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key, privKey, privKeyLen), 0);
1540 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key, pubKey, pubKeyLen), 0);
1541 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0);
1542 wc_SlhDsaKey_Free(&key);
1543
1544 wc_FreeRng(&rng);
1545 XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1546 XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1547#endif /* WOLFSSL_HAVE_SLHDSA */
1548 return EXPECT_RESULT();
1549}
1550
1551#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
1552 defined(WC_ENABLE_ASYM_KEY_EXPORT)
1553/* Round-trip a single SLH-DSA parameter set through the DER codec:
1554 * generate -> KeyToDer -> PrivateKeyDecode -> sign/verify round-trip.
1555 * Also tests PublicKeyToDer -> PublicKeyDecode, and that the decode
1556 * correctly auto-detects the parameter set from the OID. */
1557static int slhdsa_der_roundtrip_one(enum SlhDsaParam param)
1558{
1559 EXPECT_DECLS;
1560 SlhDsaKey keyGen;
1561 SlhDsaKey keyPriv;
1562 SlhDsaKey keyPub;
1563 WC_RNG rng;
1564 byte* derBuf = NULL;
1565 byte* sig = NULL;
1566 const word32 derBufSz = 16 * 1024;
1567 word32 derLen = 0; /* initialize to suppress false -Wmaybe-uninitialized */
1568 word32 idx;
1569 word32 sigLen;
1570 enum SlhDsaParam placeholder = param;
1571 static const byte msg[] = "SLH-DSA DER round-trip";
1572 static const enum SlhDsaParam candidates[] = {
1573 SLHDSA_SHAKE256S, SLHDSA_SHAKE128F, SLHDSA_SHAKE192S,
1574 SLHDSA_SHAKE192F, SLHDSA_SHAKE256F, SLHDSA_SHAKE128S,
1575 #ifdef WOLFSSL_SLHDSA_SHA2
1576 SLHDSA_SHA2_128S, SLHDSA_SHA2_128F, SLHDSA_SHA2_192S,
1577 SLHDSA_SHA2_192F, SLHDSA_SHA2_256S, SLHDSA_SHA2_256F,
1578 #endif
1579 };
1580 size_t cIdx;
1581
1582 /* Pick a placeholder different from the encoded param so a regression
1583 * that disables OID auto-detection would fail the post-decode equality
1584 * check. Walk the candidate list and probe each via wc_SlhDsaKey_Init;
1585 * the first one that initialises successfully (i.e. is compiled in) is
1586 * used. Falls back to the encoded param if no other variant is
1587 * available, in which case the test reduces to a smoke check. */
1588 for (cIdx = 0; cIdx < sizeof(candidates)/sizeof(candidates[0]); cIdx++) {
1589 SlhDsaKey probe;
1590 if (candidates[cIdx] == param) {
1591 continue;
1592 }
1593 XMEMSET(&probe, 0, sizeof(probe));
1594 if (wc_SlhDsaKey_Init(&probe, candidates[cIdx], NULL,
1595 INVALID_DEVID) == 0) {
1596 placeholder = candidates[cIdx];
1597 wc_SlhDsaKey_Free(&probe);
1598 break;
1599 }
1600 }
1601
1602 XMEMSET(&rng, 0, sizeof(rng));
1603 XMEMSET(&keyGen, 0, sizeof(keyGen));
1604 XMEMSET(&keyPriv, 0, sizeof(keyPriv));
1605 XMEMSET(&keyPub, 0, sizeof(keyPub));
1606
1607 derBuf = (byte*)XMALLOC(derBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1608 ExpectNotNull(derBuf);
1609 sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1610 ExpectNotNull(sig);
1611
1612 ExpectIntEQ(wc_InitRng(&rng), 0);
1613 ExpectIntEQ(wc_SlhDsaKey_Init(&keyGen, param, NULL, INVALID_DEVID), 0);
1614 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&keyGen, &rng), 0);
1615
1616 /* Size-query contract: passing output=NULL returns the encoded size
1617 * without touching the buffer. The real encode below must produce
1618 * exactly this many bytes -- a size-query regression (e.g. forgetting
1619 * to add verSz) would surface here as a mismatch. */
1620 {
1621 int querySize;
1622 ExpectIntGT(querySize = wc_SlhDsaKey_KeyToDer(&keyGen, NULL, 0), 0);
1623 ExpectIntGT(derLen = (word32)wc_SlhDsaKey_KeyToDer(&keyGen, derBuf,
1624 derBufSz), 0);
1625 ExpectIntEQ((int)derLen, querySize);
1626
1627 /* BUFFER_E contract: too-small buffer is rejected without writing
1628 * anything past the limit. Pass inLen = querySize - 1 so the
1629 * length check fails for any encoding. */
1630 ExpectIntEQ(wc_SlhDsaKey_KeyToDer(&keyGen, derBuf,
1631 (word32)(querySize - 1)), WC_NO_ERR_TRACE(BUFFER_E));
1632
1633 /* PrivateKeyToDer is an RFC 9909 alias of KeyToDer; sizes must
1634 * match and BUFFER_E must propagate. */
1635 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyToDer(&keyGen, NULL, 0), querySize);
1636 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyToDer(&keyGen, derBuf,
1637 (word32)(querySize - 1)), WC_NO_ERR_TRACE(BUFFER_E));
1638 }
1639
1640 /* Decode into a fresh key. The decode must auto-detect the real
1641 * parameter set from the OID embedded in the DER encoding. */
1642 ExpectIntEQ(wc_SlhDsaKey_Init(&keyPriv, placeholder, NULL, INVALID_DEVID),
1643 0);
1644 idx = 0;
1645 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(derBuf, &idx, &keyPriv, derLen),
1646 0);
1647 /* Verify the decoded key reports the ORIGINAL parameter set. */
1648 if (keyPriv.params != NULL) {
1649 ExpectIntEQ((int)keyPriv.params->param, (int)param);
1650 }
1651 /* Byte-level equivalence check: re-encode the decoded private key
1652 * and compare against the original DER. This catches a regression
1653 * even in single-variant builds where placeholder == param made the
1654 * params equality test above tautological -- if the decoder ignored
1655 * the OID and kept stale state, the bytes won't match. */
1656 {
1657 byte* roundBuf = (byte*)XMALLOC(derBufSz, NULL,
1658 DYNAMIC_TYPE_TMP_BUFFER);
1659 word32 roundLen;
1660 ExpectNotNull(roundBuf);
1661 ExpectIntGT(roundLen = (word32)wc_SlhDsaKey_KeyToDer(&keyPriv,
1662 roundBuf, derBufSz), 0);
1663 ExpectIntEQ((int)roundLen, (int)derLen);
1664 if (roundBuf != NULL) {
1665 ExpectIntEQ(XMEMCMP(roundBuf, derBuf, roundLen), 0);
1666 }
1667 XFREE(roundBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1668 }
1669
1670 /* Sign with the decoded private key and verify with the originally
1671 * generated key. This proves the decoded key material is correct. */
1672 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1673 ExpectIntEQ(wc_SlhDsaKey_Sign(&keyPriv, NULL, 0, msg, (word32)sizeof(msg),
1674 sig, &sigLen, &rng), 0);
1675 ExpectIntEQ(wc_SlhDsaKey_Verify(&keyGen, NULL, 0, msg, (word32)sizeof(msg),
1676 sig, sigLen), 0);
1677
1678 /* Also test PrivateKeyToDer -> PrivateKeyDecode round-trip. */
1679 {
1680 SlhDsaKey keyPriv2;
1681 word32 derLen2;
1682 word32 idx2 = 0;
1683 XMEMSET(&keyPriv2, 0, sizeof(keyPriv2));
1684 ExpectIntGT(derLen2 = (word32)wc_SlhDsaKey_PrivateKeyToDer(&keyGen,
1685 derBuf, derBufSz), 0);
1686 ExpectIntEQ(wc_SlhDsaKey_Init(&keyPriv2, placeholder, NULL,
1687 INVALID_DEVID), 0);
1688 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(derBuf, &idx2, &keyPriv2,
1689 derLen2), 0);
1690 /* Verify the PrivateKeyToDer output matches KeyToDer. */
1691 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1692 ExpectIntEQ(wc_SlhDsaKey_Sign(&keyPriv2, NULL, 0, msg,
1693 (word32)sizeof(msg), sig, &sigLen, &rng), 0);
1694 ExpectIntEQ(wc_SlhDsaKey_Verify(&keyGen, NULL, 0, msg,
1695 (word32)sizeof(msg), sig, sigLen), 0);
1696 wc_SlhDsaKey_Free(&keyPriv2);
1697 }
1698
1699 /* PKCS#8 v2 (RFC 5958) acceptance: the decoder explicitly allows
1700 * version=0 or version=1. The encoder only ever writes version=0,
1701 * so without a targeted check the v=1 branch would never fire and a
1702 * regression that rejected v2 wrappers (legal RFC 5958 OneAsymmetricKey
1703 * input from external tools) would slip through. Walk past the outer
1704 * SEQUENCE header (which uses short or long-form length depending on
1705 * the parameter set's encoded size) to land on the INTEGER version
1706 * field, then flip its value from 0 to 1. */
1707 {
1708 SlhDsaKey keyPrivV2;
1709 word32 idxV2 = 0;
1710 word32 verPos;
1711 byte saved;
1712
1713 XMEMSET(&keyPrivV2, 0, sizeof(keyPrivV2));
1714 ExpectIntGT((int)derLen, 5);
1715 ExpectIntEQ((int)derBuf[0], 0x30); /* outer SEQUENCE tag */
1716 if ((derBuf[1] & 0x80) == 0) {
1717 verPos = 2; /* short-form length */
1718 }
1719 else {
1720 verPos = 2 + (derBuf[1] & 0x7F); /* long-form length */
1721 }
1722 ExpectIntLT((int)verPos + 3, (int)derLen);
1723 ExpectIntEQ((int)derBuf[verPos], 0x02); /* INTEGER tag */
1724 ExpectIntEQ((int)derBuf[verPos + 1], 0x01); /* INTEGER length */
1725 ExpectIntEQ((int)derBuf[verPos + 2], 0x00); /* v0 baseline */
1726 saved = derBuf[verPos + 2];
1727 derBuf[verPos + 2] = 0x01;
1728
1729 ExpectIntEQ(wc_SlhDsaKey_Init(&keyPrivV2, placeholder, NULL,
1730 INVALID_DEVID), 0);
1731 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(derBuf, &idxV2, &keyPrivV2,
1732 derLen), 0);
1733 if (keyPrivV2.params != NULL) {
1734 ExpectIntEQ((int)keyPrivV2.params->param, (int)param);
1735 }
1736 /* Confirm the v2-decoded private material is functionally
1737 * identical: a signature it produces verifies under keyGen. */
1738 sigLen = WC_SLHDSA_MAX_SIG_LEN;
1739 ExpectIntEQ(wc_SlhDsaKey_Sign(&keyPrivV2, NULL, 0, msg,
1740 (word32)sizeof(msg), sig, &sigLen, &rng), 0);
1741 ExpectIntEQ(wc_SlhDsaKey_Verify(&keyGen, NULL, 0, msg,
1742 (word32)sizeof(msg), sig, sigLen), 0);
1743 derBuf[verPos + 2] = saved;
1744 wc_SlhDsaKey_Free(&keyPrivV2);
1745 }
1746
1747 /* Now round-trip the public key alone, with size-query and BUFFER_E
1748 * contract checks for both withAlg modes. */
1749 {
1750 int querySpki, queryRaw;
1751 byte rawPub[WC_SLHDSA_MAX_PUB_LEN];
1752 word32 rawPubLen = (word32)sizeof(rawPub);
1753
1754 /* withAlg=1: full SubjectPublicKeyInfo (used by certificate code). */
1755 ExpectIntGT(querySpki = wc_SlhDsaKey_PublicKeyToDer(&keyGen, NULL, 0,
1756 1), 0);
1757 ExpectIntGT(derLen = (word32)wc_SlhDsaKey_PublicKeyToDer(&keyGen,
1758 derBuf, derBufSz, 1), 0);
1759 ExpectIntEQ((int)derLen, querySpki);
1760 ExpectIntEQ(wc_SlhDsaKey_PublicKeyToDer(&keyGen, derBuf,
1761 (word32)(querySpki - 1), 1), WC_NO_ERR_TRACE(BUFFER_E));
1762
1763 /* withAlg=0: raw 2*n public-key bytes only -- this is the path
1764 * SetKeyIdFromPublicKey in asn.c walks when computing SKID/AKID
1765 * for SLH-DSA certificates. Verify the bytes match what
1766 * ExportPublic produces so a regression in this branch (e.g.
1767 * accidentally emitting the SPKI envelope, or returning the
1768 * wrong length) breaks the test rather than silently corrupting
1769 * key identifiers in issued certs. */
1770 ExpectIntGT(queryRaw = wc_SlhDsaKey_PublicKeyToDer(&keyGen, NULL, 0,
1771 0), 0);
1772 ExpectIntEQ(queryRaw, (int)(2 * keyGen.params->n));
1773 ExpectIntGT(wc_SlhDsaKey_PublicKeyToDer(&keyGen, derBuf, derBufSz, 0),
1774 0);
1775 ExpectIntEQ(wc_SlhDsaKey_PublicKeyToDer(&keyGen, derBuf,
1776 (word32)(queryRaw - 1), 0), WC_NO_ERR_TRACE(BUFFER_E));
1777
1778 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&keyGen, rawPub, &rawPubLen), 0);
1779 ExpectIntEQ((int)rawPubLen, queryRaw);
1780 ExpectIntEQ(XMEMCMP(derBuf, rawPub, rawPubLen), 0);
1781
1782 /* Re-encode the SPKI so the decode test below sees the
1783 * withAlg=1 buffer (raw output above is not decodable as SPKI). */
1784 ExpectIntGT(derLen = (word32)wc_SlhDsaKey_PublicKeyToDer(&keyGen,
1785 derBuf, derBufSz, 1), 0);
1786 }
1787
1788 ExpectIntEQ(wc_SlhDsaKey_Init(&keyPub, placeholder, NULL, INVALID_DEVID),
1789 0);
1790 idx = 0;
1791 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(derBuf, &idx, &keyPub, derLen), 0);
1792 if (keyPub.params != NULL) {
1793 ExpectIntEQ((int)keyPub.params->param, (int)param);
1794 }
1795 /* The decoded public key should verify the signature we just produced. */
1796 ExpectIntEQ(wc_SlhDsaKey_Verify(&keyPub, NULL, 0, msg, (word32)sizeof(msg),
1797 sig, sigLen), 0);
1798
1799 wc_SlhDsaKey_Free(&keyPub);
1800 wc_SlhDsaKey_Free(&keyPriv);
1801 wc_SlhDsaKey_Free(&keyGen);
1802 wc_FreeRng(&rng);
1803 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1804 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1805
1806 return EXPECT_RESULT();
1807}
1808#endif
1809
1810/*
1811 * DER codec round-trip test: encode each compiled-in SLH-DSA parameter set
1812 * to DER, decode it (without telling the decoder which parameter set it is),
1813 * confirm auto-detect produces the right parameter, and verify a signature
1814 * produced with the decoded key. This test would fail if PrivateKeyDecode
1815 * / PublicKeyDecode did not auto-detect the parameter set from the OID.
1816 */
1817int test_wc_slhdsa_der_roundtrip(void)
1818{
1819 EXPECT_DECLS;
1820#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
1821 defined(WC_ENABLE_ASYM_KEY_EXPORT)
1822#ifdef WOLFSSL_SLHDSA_PARAM_128S
1823 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHAKE128S), TEST_SUCCESS);
1824#endif
1825#ifdef WOLFSSL_SLHDSA_PARAM_128F
1826 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHAKE128F), TEST_SUCCESS);
1827#endif
1828#ifdef WOLFSSL_SLHDSA_PARAM_192S
1829 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHAKE192S), TEST_SUCCESS);
1830#endif
1831#ifdef WOLFSSL_SLHDSA_PARAM_192F
1832 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHAKE192F), TEST_SUCCESS);
1833#endif
1834#ifdef WOLFSSL_SLHDSA_PARAM_256S
1835 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHAKE256S), TEST_SUCCESS);
1836#endif
1837#ifdef WOLFSSL_SLHDSA_PARAM_256F
1838 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHAKE256F), TEST_SUCCESS);
1839#endif
1840#ifdef WOLFSSL_SLHDSA_SHA2
1841#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
1842 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHA2_128S), TEST_SUCCESS);
1843#endif
1844#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
1845 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHA2_128F), TEST_SUCCESS);
1846#endif
1847#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
1848 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHA2_192S), TEST_SUCCESS);
1849#endif
1850#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
1851 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHA2_192F), TEST_SUCCESS);
1852#endif
1853#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
1854 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHA2_256S), TEST_SUCCESS);
1855#endif
1856#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
1857 ExpectIntEQ(slhdsa_der_roundtrip_one(SLHDSA_SHA2_256F), TEST_SUCCESS);
1858#endif
1859#endif /* WOLFSSL_SLHDSA_SHA2 */
1860#endif /* WOLFSSL_HAVE_SLHDSA && !VERIFY_ONLY && WC_ENABLE_ASYM_KEY_EXPORT */
1861 return EXPECT_RESULT();
1862}
1863
1864/*
1865 * Negative / error-path tests for the DER encode/decode functions.
1866 */
1867int test_wc_slhdsa_der_negative(void)
1868{
1869 EXPECT_DECLS;
1870#ifdef WOLFSSL_HAVE_SLHDSA
1871 SlhDsaKey key;
1872 word32 idx;
1873 byte buf[16];
1874
1875 XMEMSET(&key, 0, sizeof(key));
1876
1877 /* PrivateKeyDecode: NULL parameters */
1878#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
1879 idx = 0;
1880 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(NULL, &idx, &key, 10),
1881 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1882 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(buf, NULL, &key, 10),
1883 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1884 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(buf, &idx, NULL, 10),
1885 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1886 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(buf, &idx, &key, 0),
1887 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1888 /* PrivateKeyDecode: truncated data */
1889 idx = 0;
1890 XMEMSET(buf, 0, sizeof(buf));
1891 ExpectIntNE(wc_SlhDsaKey_PrivateKeyDecode(buf, &idx, &key, sizeof(buf)), 0);
1892#endif
1893
1894 /* PublicKeyDecode: NULL parameters */
1895 idx = 0;
1896 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(NULL, &idx, &key, 10),
1897 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1898 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(buf, NULL, &key, 10),
1899 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1900 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(buf, &idx, NULL, 10),
1901 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1902 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(buf, &idx, &key, 0),
1903 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1904
1905#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
1906 /* KeyToDer / PrivateKeyToDer: NULL key */
1907 ExpectIntEQ(wc_SlhDsaKey_KeyToDer(NULL, buf, sizeof(buf)),
1908 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1909 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyToDer(NULL, buf, sizeof(buf)),
1910 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1911
1912 /* KeyToDer: public-only key should return MISSING_KEY. Build the
1913 * public-only state through the public API (generate a key, export
1914 * the public part, import it into a fresh key) rather than poking
1915 * key->flags directly. */
1916#ifdef WOLFSSL_SLHDSA_PARAM_128S
1917 {
1918 SlhDsaKey srcKey;
1919 SlhDsaKey pubOnly;
1920 WC_RNG rng;
1921 byte pub[WC_SLHDSA_MAX_PUB_LEN];
1922 word32 pubLen = (word32)sizeof(pub);
1923
1924 XMEMSET(&srcKey, 0, sizeof(srcKey));
1925 XMEMSET(&pubOnly, 0, sizeof(pubOnly));
1926 XMEMSET(&rng, 0, sizeof(rng));
1927
1928 ExpectIntEQ(wc_InitRng(&rng), 0);
1929 ExpectIntEQ(wc_SlhDsaKey_Init(&srcKey, SLHDSA_SHAKE128S, NULL,
1930 INVALID_DEVID), 0);
1931 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&srcKey, &rng), 0);
1932 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&srcKey, pub, &pubLen), 0);
1933
1934 ExpectIntEQ(wc_SlhDsaKey_Init(&pubOnly, SLHDSA_SHAKE128S, NULL,
1935 INVALID_DEVID), 0);
1936 ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&pubOnly, pub, pubLen), 0);
1937 ExpectIntEQ(wc_SlhDsaKey_KeyToDer(&pubOnly, NULL, 0),
1938 WC_NO_ERR_TRACE(MISSING_KEY));
1939 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyToDer(&pubOnly, NULL, 0),
1940 WC_NO_ERR_TRACE(MISSING_KEY));
1941 wc_SlhDsaKey_Free(&pubOnly);
1942 wc_SlhDsaKey_Free(&srcKey);
1943 wc_FreeRng(&rng);
1944 }
1945#endif
1946#endif /* WC_ENABLE_ASYM_KEY_EXPORT && !VERIFY_ONLY */
1947
1948 /* PublicKeyToDer: NULL key */
1949#ifdef WC_ENABLE_ASYM_KEY_EXPORT
1950 ExpectIntEQ(wc_SlhDsaKey_PublicKeyToDer(NULL, buf, sizeof(buf), 1),
1951 WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1952#endif
1953
1954 /* RFC 5958 OneAsymmetricKey trailing-field validation:
1955 * [0] IMPLICIT Attributes OPTIONAL -- at most once
1956 * [1] IMPLICIT PublicKey OPTIONAL -- at most once, after [0]
1957 * The decoder must reject duplicates, out-of-order tags, and
1958 * unrecognised tags. Build a valid SHAKE128S DER then mutate it. */
1959#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && \
1960 !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
1961 defined(WOLFSSL_SLHDSA_PARAM_128S)
1962 {
1963 SlhDsaKey srcKey;
1964 WC_RNG rng;
1965 byte goodDer[256];
1966 int goodLen = 0;
1967 size_t i;
1968 struct {
1969 const byte* trailing;
1970 word32 trailingLen;
1971 int expectAccept; /* 0 = expect ASN_PARSE_E */
1972 const char* desc;
1973 } cases[5];
1974 const byte tDupAttr[] = { 0xA0, 0x00, 0xA0, 0x00 };
1975 const byte tDupPub[] = { 0xA1, 0x00, 0xA1, 0x00 };
1976 const byte tOutOfOrder[]= { 0xA1, 0x00, 0xA0, 0x00 };
1977 const byte tUnknown[] = { 0xA2, 0x00 };
1978 const byte tValidAttr[] = { 0xA0, 0x00 };
1979
1980 cases[0].trailing = tDupAttr;
1981 cases[0].trailingLen = (word32)sizeof(tDupAttr);
1982 cases[0].expectAccept = 0;
1983 cases[0].desc = "duplicate [0] attributes";
1984 cases[1].trailing = tDupPub;
1985 cases[1].trailingLen = (word32)sizeof(tDupPub);
1986 cases[1].expectAccept = 0;
1987 cases[1].desc = "duplicate [1] publicKey";
1988 cases[2].trailing = tOutOfOrder;
1989 cases[2].trailingLen = (word32)sizeof(tOutOfOrder);
1990 cases[2].expectAccept = 0;
1991 cases[2].desc = "[1] before [0]";
1992 cases[3].trailing = tUnknown;
1993 cases[3].trailingLen = (word32)sizeof(tUnknown);
1994 cases[3].expectAccept = 0;
1995 cases[3].desc = "unknown context tag [2]";
1996 /* Sanity: a single [0] is permitted -- if this rejects, the
1997 * tightening above is overzealous and the four rejection cases
1998 * are testing nothing useful. */
1999 cases[4].trailing = tValidAttr;
2000 cases[4].trailingLen = (word32)sizeof(tValidAttr);
2001 cases[4].expectAccept = 1;
2002 cases[4].desc = "single [0] attributes (accepted)";
2003
2004 XMEMSET(&srcKey, 0, sizeof(srcKey));
2005 XMEMSET(&rng, 0, sizeof(rng));
2006 ExpectIntEQ(wc_InitRng(&rng), 0);
2007 ExpectIntEQ(wc_SlhDsaKey_Init(&srcKey, SLHDSA_SHAKE128S, NULL,
2008 INVALID_DEVID), 0);
2009 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&srcKey, &rng), 0);
2010 ExpectIntGT(goodLen = wc_SlhDsaKey_KeyToDer(&srcKey, goodDer,
2011 sizeof(goodDer)), 0);
2012
2013 /* The mutator below tweaks goodDer[1] (length byte) in place,
2014 * which only works if the encoder used short-form SEQUENCE
2015 * length. SHAKE128S body is ~82 bytes so this holds, but assert
2016 * it so a future encoder change surfaces here rather than
2017 * silently producing buffers that decode despite the mutation. */
2018 ExpectIntEQ((int)goodDer[0], 0x30);
2019 ExpectIntLT((int)goodDer[1], 0x80);
2020 ExpectIntLT((int)goodDer[1] + 4, 0x80);
2021
2022 for (i = 0; i < sizeof(cases)/sizeof(cases[0]); i++) {
2023 byte mut[260];
2024 word32 mutLen;
2025 word32 idx2 = 0;
2026 SlhDsaKey k;
2027 int decRet;
2028 XMEMSET(&k, 0, sizeof(k));
2029 XMEMCPY(mut, goodDer, (size_t)goodLen);
2030 XMEMCPY(mut + goodLen, cases[i].trailing, cases[i].trailingLen);
2031 mutLen = (word32)goodLen + cases[i].trailingLen;
2032 mut[1] = (byte)(goodDer[1] + cases[i].trailingLen);
2033 ExpectIntEQ(wc_SlhDsaKey_Init(&k, SLHDSA_SHAKE128S, NULL,
2034 INVALID_DEVID), 0);
2035 decRet = wc_SlhDsaKey_PrivateKeyDecode(mut, &idx2, &k, mutLen);
2036 if (cases[i].expectAccept) {
2037 ExpectIntEQ(decRet, 0);
2038 }
2039 else {
2040 ExpectIntEQ(decRet, WC_NO_ERR_TRACE(ASN_PARSE_E));
2041 }
2042 (void)cases[i].desc;
2043 wc_SlhDsaKey_Free(&k);
2044 }
2045
2046 wc_SlhDsaKey_Free(&srcKey);
2047 wc_FreeRng(&rng);
2048 }
2049#endif /* WC_ENABLE_ASYM_KEY_EXPORT && !VERIFY_ONLY && PARAM_128S */
2050
2051#endif /* WOLFSSL_HAVE_SLHDSA */
2052 return EXPECT_RESULT();
2053}
2054
2055#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
2056 !defined(NO_FILESYSTEM)
2057/* Load an RFC 9909 compliant DER file from disk and confirm that
2058 * wc_SlhDsaKey_PrivateKeyDecode accepts it, auto-detects the parameter
2059 * set from the OID, and produces a usable signing key. This test
2060 * exercises the on-disk certs/slhdsa/ fixtures - any future file-format
2061 * drift (nested wrapper, seed-only, wrong length) will be caught here. */
2062/* doSign=0 skips the sign/verify smoke check; the 192s and 256s parameter
2063 * sets are slow enough (multi-second per Sign) that running them on every
2064 * make-check would balloon test time. The decoder is still exercised. */
2065static int slhdsa_decode_file_one(const char *path, enum SlhDsaParam expected,
2066 int doSign)
2067{
2068 EXPECT_DECLS;
2069 XFILE f = XBADFILE;
2070 byte der[256];
2071 int derSz = 0;
2072 SlhDsaKey key;
2073 WC_RNG rng;
2074 word32 idx = 0;
2075 byte sig[WC_SLHDSA_MAX_SIG_LEN];
2076 word32 sigLen = (word32)sizeof(sig);
2077 static const byte msg[] = "slhdsa decode-file test";
2078
2079 XMEMSET(&key, 0, sizeof(key));
2080 XMEMSET(&rng, 0, sizeof(rng));
2081
2082 ExpectTrue((f = XFOPEN(path, "rb")) != XBADFILE);
2083 if (f != XBADFILE) {
2084 ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0);
2085 XFCLOSE(f);
2086 }
2087
2088 /* Pick a seed param different from `expected` when more than one
2089 * variant is built. The decoder always overwrites this from the OID
2090 * in the DER, so a different placeholder actually tests the auto-
2091 * detect contract on disk-loaded fixtures (mirroring the helper
2092 * logic in slhdsa_der_roundtrip_one). Falls back to `expected` when
2093 * no alternative variant is available. */
2094 {
2095 static const enum SlhDsaParam candidates[] = {
2096 SLHDSA_SHAKE128S, SLHDSA_SHAKE128F, SLHDSA_SHAKE192S,
2097 SLHDSA_SHAKE192F, SLHDSA_SHAKE256S, SLHDSA_SHAKE256F,
2098 #ifdef WOLFSSL_SLHDSA_SHA2
2099 SLHDSA_SHA2_128S, SLHDSA_SHA2_128F, SLHDSA_SHA2_192S,
2100 SLHDSA_SHA2_192F, SLHDSA_SHA2_256S, SLHDSA_SHA2_256F,
2101 #endif
2102 };
2103 enum SlhDsaParam placeholder = expected;
2104 size_t cIdx;
2105 for (cIdx = 0; cIdx < sizeof(candidates)/sizeof(candidates[0]);
2106 cIdx++) {
2107 SlhDsaKey probe;
2108 if (candidates[cIdx] == expected) continue;
2109 XMEMSET(&probe, 0, sizeof(probe));
2110 if (wc_SlhDsaKey_Init(&probe, candidates[cIdx], NULL,
2111 INVALID_DEVID) == 0) {
2112 placeholder = candidates[cIdx];
2113 wc_SlhDsaKey_Free(&probe);
2114 break;
2115 }
2116 }
2117 ExpectIntEQ(wc_SlhDsaKey_Init(&key, placeholder, NULL, INVALID_DEVID),
2118 0);
2119 }
2120
2121 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(der, &idx, &key, (word32)derSz),
2122 0);
2123 ExpectNotNull(key.params);
2124 if (key.params != NULL) {
2125 ExpectIntEQ((int)key.params->param, (int)expected);
2126 }
2127
2128 if (doSign) {
2129 /* Sanity: signing works with the decoded key. */
2130 ExpectIntEQ(wc_InitRng(&rng), 0);
2131 ExpectIntEQ(wc_SlhDsaKey_Sign(&key, NULL, 0, msg, (word32)sizeof(msg),
2132 sig, &sigLen, &rng), 0);
2133 ExpectIntEQ(wc_SlhDsaKey_Verify(&key, NULL, 0, msg,
2134 (word32)sizeof(msg), sig, sigLen), 0);
2135 wc_FreeRng(&rng);
2136 }
2137 else {
2138 /* Cheap structural validation when the full sign/verify is
2139 * skipped (slow 192s/256s variants): catches an uninitialised SK
2140 * half or a botched SHA-2 precompute without paying the
2141 * multi-second cost of an actual Sign. */
2142 ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0);
2143 }
2144
2145 wc_SlhDsaKey_Free(&key);
2146 return EXPECT_RESULT();
2147}
2148#endif
2149
2150/* Load each checked-in bench_slhdsa_shake*_key.der fixture and confirm it
2151 * decodes via wc_SlhDsaKey_PrivateKeyDecode with correct auto-detection.
2152 * These fixtures are RFC 9909 compliant (bare OCTET STRING, 4*n bytes) -
2153 * this test would fail if the files drift to a non-compliant encoding
2154 * (e.g. nested OCTET STRING, seed-only). */
2155int test_wc_slhdsa_der_decode_files(void)
2156{
2157 EXPECT_DECLS;
2158#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
2159 !defined(NO_FILESYSTEM)
2160#ifdef WOLFSSL_SLHDSA_PARAM_128S
2161 ExpectIntEQ(slhdsa_decode_file_one(
2162 "./certs/slhdsa/bench_slhdsa_shake128s_key.der", SLHDSA_SHAKE128S, 1),
2163 TEST_SUCCESS);
2164#endif
2165#ifdef WOLFSSL_SLHDSA_PARAM_128F
2166 ExpectIntEQ(slhdsa_decode_file_one(
2167 "./certs/slhdsa/bench_slhdsa_shake128f_key.der", SLHDSA_SHAKE128F, 1),
2168 TEST_SUCCESS);
2169#endif
2170#ifdef WOLFSSL_SLHDSA_PARAM_192S
2171 ExpectIntEQ(slhdsa_decode_file_one(
2172 "./certs/slhdsa/bench_slhdsa_shake192s_key.der", SLHDSA_SHAKE192S, 0),
2173 TEST_SUCCESS);
2174#endif
2175#ifdef WOLFSSL_SLHDSA_PARAM_192F
2176 ExpectIntEQ(slhdsa_decode_file_one(
2177 "./certs/slhdsa/bench_slhdsa_shake192f_key.der", SLHDSA_SHAKE192F, 1),
2178 TEST_SUCCESS);
2179#endif
2180#ifdef WOLFSSL_SLHDSA_PARAM_256S
2181 ExpectIntEQ(slhdsa_decode_file_one(
2182 "./certs/slhdsa/bench_slhdsa_shake256s_key.der", SLHDSA_SHAKE256S, 0),
2183 TEST_SUCCESS);
2184#endif
2185#ifdef WOLFSSL_SLHDSA_PARAM_256F
2186 ExpectIntEQ(slhdsa_decode_file_one(
2187 "./certs/slhdsa/bench_slhdsa_shake256f_key.der", SLHDSA_SHAKE256F, 1),
2188 TEST_SUCCESS);
2189#endif
2190#ifdef WOLFSSL_SLHDSA_SHA2
2191#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
2192 ExpectIntEQ(slhdsa_decode_file_one(
2193 "./certs/slhdsa/bench_slhdsa_sha2_128s_key.der", SLHDSA_SHA2_128S, 1),
2194 TEST_SUCCESS);
2195#endif
2196#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
2197 ExpectIntEQ(slhdsa_decode_file_one(
2198 "./certs/slhdsa/bench_slhdsa_sha2_128f_key.der", SLHDSA_SHA2_128F, 1),
2199 TEST_SUCCESS);
2200#endif
2201#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
2202 ExpectIntEQ(slhdsa_decode_file_one(
2203 "./certs/slhdsa/bench_slhdsa_sha2_192s_key.der", SLHDSA_SHA2_192S, 0),
2204 TEST_SUCCESS);
2205#endif
2206#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
2207 ExpectIntEQ(slhdsa_decode_file_one(
2208 "./certs/slhdsa/bench_slhdsa_sha2_192f_key.der", SLHDSA_SHA2_192F, 1),
2209 TEST_SUCCESS);
2210#endif
2211#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
2212 ExpectIntEQ(slhdsa_decode_file_one(
2213 "./certs/slhdsa/bench_slhdsa_sha2_256s_key.der", SLHDSA_SHA2_256S, 0),
2214 TEST_SUCCESS);
2215#endif
2216#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
2217 ExpectIntEQ(slhdsa_decode_file_one(
2218 "./certs/slhdsa/bench_slhdsa_sha2_256f_key.der", SLHDSA_SHA2_256F, 1),
2219 TEST_SUCCESS);
2220#endif
2221#endif /* WOLFSSL_SLHDSA_SHA2 */
2222#endif
2223 return EXPECT_RESULT();
2224}
2225
2226#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
2227/* Regression: wolfssl_x509_make_der and ConfirmSignature both pass the
2228 * raw 2*n public-key bytes (the BIT STRING contents stashed by StoreKey
2229 * into cert->publicKey) to wc_SlhDsaKey_PublicKeyDecode. Before the
2230 * raw-first fast path landed, that call returned ASN_PARSE_E because
2231 * DecodeAsymKeyPublic_Assign requires an SPKI SEQUENCE. This test pins
2232 * the new contract: when key->params is already set, raw bytes decode
2233 * directly, mirroring wc_Falcon_PublicKeyDecode and
2234 * wc_Dilithium_PublicKeyDecode. */
2235static int slhdsa_raw_public_decode_one(enum SlhDsaParam param)
2236{
2237 EXPECT_DECLS;
2238 SlhDsaKey src;
2239 SlhDsaKey dst;
2240 byte pub[WC_SLHDSA_MAX_PUB_LEN];
2241 word32 pubLen = (word32)sizeof(pub);
2242 word32 idx = 0;
2243 WC_RNG rng;
2244
2245 XMEMSET(&src, 0, sizeof(src));
2246 XMEMSET(&dst, 0, sizeof(dst));
2247 XMEMSET(&rng, 0, sizeof(rng));
2248
2249 ExpectIntEQ(wc_InitRng(&rng), 0);
2250 ExpectIntEQ(wc_SlhDsaKey_Init(&src, param, NULL, INVALID_DEVID), 0);
2251 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&src, &rng), 0);
2252 ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&src, pub, &pubLen), 0);
2253
2254 /* Decode the raw public-key bytes via PublicKeyDecode. The fast
2255 * path triggers because key->params is set by Init. */
2256 ExpectIntEQ(wc_SlhDsaKey_Init(&dst, param, NULL, INVALID_DEVID), 0);
2257 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(pub, &idx, &dst, pubLen), 0);
2258 ExpectIntEQ((int)idx, (int)pubLen);
2259 ExpectNotNull(dst.params);
2260 if (dst.params != NULL) {
2261 ExpectIntEQ((int)dst.params->param, (int)param);
2262 }
2263
2264 wc_SlhDsaKey_Free(&dst);
2265 wc_SlhDsaKey_Free(&src);
2266 wc_FreeRng(&rng);
2267 return EXPECT_RESULT();
2268}
2269#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_VERIFY_ONLY */
2270
2271int test_wc_slhdsa_x509_i2d_roundtrip(void)
2272{
2273 EXPECT_DECLS;
2274#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
2275 /* Exercise the raw public-key fast path for every compiled-in variant
2276 * so a regression in n-dependent buffer math (32/48/64-byte keys)
2277 * fails the test even in restricted builds where SHAKE128S /
2278 * SHA2_128S happen to be excluded. */
2279#ifdef WOLFSSL_SLHDSA_PARAM_128S
2280 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHAKE128S), TEST_SUCCESS);
2281#endif
2282#ifdef WOLFSSL_SLHDSA_PARAM_128F
2283 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHAKE128F), TEST_SUCCESS);
2284#endif
2285#ifdef WOLFSSL_SLHDSA_PARAM_192S
2286 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHAKE192S), TEST_SUCCESS);
2287#endif
2288#ifdef WOLFSSL_SLHDSA_PARAM_192F
2289 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHAKE192F), TEST_SUCCESS);
2290#endif
2291#ifdef WOLFSSL_SLHDSA_PARAM_256S
2292 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHAKE256S), TEST_SUCCESS);
2293#endif
2294#ifdef WOLFSSL_SLHDSA_PARAM_256F
2295 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHAKE256F), TEST_SUCCESS);
2296#endif
2297#ifdef WOLFSSL_SLHDSA_SHA2
2298 #ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
2299 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHA2_128S), TEST_SUCCESS);
2300 #endif
2301 #ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
2302 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHA2_128F), TEST_SUCCESS);
2303 #endif
2304 #ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
2305 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHA2_192S), TEST_SUCCESS);
2306 #endif
2307 #ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
2308 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHA2_192F), TEST_SUCCESS);
2309 #endif
2310 #ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
2311 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHA2_256S), TEST_SUCCESS);
2312 #endif
2313 #ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
2314 ExpectIntEQ(slhdsa_raw_public_decode_one(SLHDSA_SHA2_256F), TEST_SUCCESS);
2315 #endif
2316#endif /* WOLFSSL_SLHDSA_SHA2 */
2317#endif
2318 return EXPECT_RESULT();
2319}
2320
2321#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
2322 defined(WC_ENABLE_ASYM_KEY_EXPORT)
2323/* Build a DER blob using an enabled SLH-DSA variant and patch the
2324 * AlgorithmIdentifier OID's trailing byte to point at a *disabled*
2325 * variant, then push it through the decoders. The contract being
2326 * pinned is that wc_SlhDsaKey_PrivateKeyDecode / PublicKeyDecode pass
2327 * the wc_SlhDsaOidToParam NOT_COMPILED_IN result through verbatim
2328 * rather than collapsing it to ASN_PARSE_E -- if that breaks, x509 /
2329 * TLS lose the precise "variant unavailable" diagnostic and silently
2330 * report malformed-DER instead.
2331 *
2332 * All SLH-DSA OIDs share the prefix 2.16.840.1.101.3.4.3.X with X<128,
2333 * so DER encoding lengths match exactly and the trailing byte is the
2334 * sole discriminator -- patching it in place produces a structurally
2335 * valid SPKI/PKCS#8 buffer that only fails at the OID-lookup step.
2336 *
2337 * @param src Enabled parameter set used to generate real DER.
2338 * @param targetOidByte Trailing OID byte of the disabled variant.
2339 */
2340/* Marked WC_MAYBE_UNUSED because every call site below is gated on a
2341 * per-variant disable macro -- builds that leave every variant enabled
2342 * (e.g. --enable-fips=ready) preprocess all callers away. */
2343static WC_MAYBE_UNUSED int slhdsa_decode_disabled_oid_one(enum SlhDsaParam src,
2344 byte targetOidByte)
2345{
2346 EXPECT_DECLS;
2347 /* OID prefix common to every SLH-DSA variant. */
2348 static const byte oidPrefix[] = {
2349 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03
2350 };
2351 SlhDsaKey srcKey;
2352 SlhDsaKey dstKey;
2353 WC_RNG rng;
2354 byte* derBuf = NULL;
2355 const word32 derBufSz = 16 * 1024;
2356 int derLen = 0;
2357 word32 idx;
2358 word32 j;
2359 int patched;
2360
2361 XMEMSET(&srcKey, 0, sizeof(srcKey));
2362 XMEMSET(&dstKey, 0, sizeof(dstKey));
2363 XMEMSET(&rng, 0, sizeof(rng));
2364
2365 derBuf = (byte*)XMALLOC(derBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2366 ExpectNotNull(derBuf);
2367 ExpectIntEQ(wc_InitRng(&rng), 0);
2368 ExpectIntEQ(wc_SlhDsaKey_Init(&srcKey, src, NULL, INVALID_DEVID), 0);
2369 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&srcKey, &rng), 0);
2370
2371 /* Public-key path: build SPKI, patch the variant byte, decode. */
2372 ExpectIntGT(derLen = wc_SlhDsaKey_PublicKeyToDer(&srcKey, derBuf, derBufSz,
2373 1), 0);
2374 patched = 0;
2375 for (j = 0; derLen > (int)sizeof(oidPrefix) &&
2376 j + sizeof(oidPrefix) < (word32)derLen; j++) {
2377 if (XMEMCMP(derBuf + j, oidPrefix, sizeof(oidPrefix)) == 0) {
2378 derBuf[j + sizeof(oidPrefix)] = targetOidByte;
2379 patched = 1;
2380 break;
2381 }
2382 }
2383 ExpectIntEQ(patched, 1);
2384 /* dstKey is zeroed (no params) so the raw fast path is skipped and
2385 * SPKI parsing surfaces the OID-lookup result. */
2386 idx = 0;
2387 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(derBuf, &idx, &dstKey,
2388 (word32)derLen), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2389
2390 /* Private-key path: same scheme using the PKCS#8 wrapper. */
2391 ExpectIntGT(derLen = wc_SlhDsaKey_KeyToDer(&srcKey, derBuf, derBufSz), 0);
2392 patched = 0;
2393 for (j = 0; derLen > (int)sizeof(oidPrefix) &&
2394 j + sizeof(oidPrefix) < (word32)derLen; j++) {
2395 if (XMEMCMP(derBuf + j, oidPrefix, sizeof(oidPrefix)) == 0) {
2396 derBuf[j + sizeof(oidPrefix)] = targetOidByte;
2397 patched = 1;
2398 break;
2399 }
2400 }
2401 ExpectIntEQ(patched, 1);
2402 /* Free any state PublicKeyDecode may have established before the
2403 * second decode call reuses the key slot. */
2404 wc_SlhDsaKey_Free(&dstKey);
2405 XMEMSET(&dstKey, 0, sizeof(dstKey));
2406 idx = 0;
2407 ExpectIntEQ(wc_SlhDsaKey_PrivateKeyDecode(derBuf, &idx, &dstKey,
2408 (word32)derLen), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2409
2410 wc_SlhDsaKey_Free(&dstKey);
2411 wc_SlhDsaKey_Free(&srcKey);
2412 wc_FreeRng(&rng);
2413 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2414 return EXPECT_RESULT();
2415}
2416
2417/* Round-trip variant: same patcher path but the targetOidByte must equal
2418 * the source's own OID byte, so the decode is expected to succeed. Used
2419 * as an unconditional smoke check so test_wc_slhdsa_decoder_disabled_oid
2420 * exercises the patcher infrastructure even on builds with no per-variant
2421 * disable, where every disabled-branch in the caller is #if'd out. */
2422static int slhdsa_decode_disabled_oid_one_roundtrip(enum SlhDsaParam src,
2423 byte targetOidByte)
2424{
2425 EXPECT_DECLS;
2426 static const byte oidPrefix[] = {
2427 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03
2428 };
2429 SlhDsaKey srcKey;
2430 SlhDsaKey dstKey;
2431 WC_RNG rng;
2432 byte* derBuf = NULL;
2433 const word32 derBufSz = 16 * 1024;
2434 int derLen = 0;
2435 word32 idx;
2436 word32 j;
2437 int patched;
2438
2439 XMEMSET(&srcKey, 0, sizeof(srcKey));
2440 XMEMSET(&dstKey, 0, sizeof(dstKey));
2441 XMEMSET(&rng, 0, sizeof(rng));
2442
2443 derBuf = (byte*)XMALLOC(derBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2444 ExpectNotNull(derBuf);
2445 ExpectIntEQ(wc_InitRng(&rng), 0);
2446 ExpectIntEQ(wc_SlhDsaKey_Init(&srcKey, src, NULL, INVALID_DEVID), 0);
2447 ExpectIntEQ(wc_SlhDsaKey_MakeKey(&srcKey, &rng), 0);
2448
2449 ExpectIntGT(derLen = wc_SlhDsaKey_PublicKeyToDer(&srcKey, derBuf, derBufSz,
2450 1), 0);
2451 patched = 0;
2452 for (j = 0; derLen > (int)sizeof(oidPrefix) &&
2453 j + sizeof(oidPrefix) < (word32)derLen; j++) {
2454 if (XMEMCMP(derBuf + j, oidPrefix, sizeof(oidPrefix)) == 0) {
2455 derBuf[j + sizeof(oidPrefix)] = targetOidByte;
2456 patched = 1;
2457 break;
2458 }
2459 }
2460 ExpectIntEQ(patched, 1);
2461 idx = 0;
2462 ExpectIntEQ(wc_SlhDsaKey_PublicKeyDecode(derBuf, &idx, &dstKey,
2463 (word32)derLen), 0);
2464
2465 wc_SlhDsaKey_Free(&dstKey);
2466 wc_SlhDsaKey_Free(&srcKey);
2467 wc_FreeRng(&rng);
2468 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2469 return EXPECT_RESULT();
2470}
2471
2472/* Probe candidate parameter sets in priority order and return the first
2473 * one whose backend is built in. Used to source a real DER buffer for
2474 * slhdsa_decode_disabled_oid_one regardless of which variants the
2475 * current build excluded. Returns 1 on success, 0 if no variant is
2476 * available (which the build's #error guard makes impossible in
2477 * practice but the test handles defensively). */
2478static int slhdsa_pick_enabled_param(enum SlhDsaParam* out)
2479{
2480 static const enum SlhDsaParam candidates[] = {
2481 SLHDSA_SHAKE128S, SLHDSA_SHAKE128F, SLHDSA_SHAKE192S,
2482 SLHDSA_SHAKE192F, SLHDSA_SHAKE256S, SLHDSA_SHAKE256F,
2483 #ifdef WOLFSSL_SLHDSA_SHA2
2484 SLHDSA_SHA2_128S, SLHDSA_SHA2_128F, SLHDSA_SHA2_192S,
2485 SLHDSA_SHA2_192F, SLHDSA_SHA2_256S, SLHDSA_SHA2_256F,
2486 #endif
2487 };
2488 size_t i;
2489
2490 for (i = 0; i < sizeof(candidates)/sizeof(candidates[0]); i++) {
2491 SlhDsaKey probe;
2492 XMEMSET(&probe, 0, sizeof(probe));
2493 if (wc_SlhDsaKey_Init(&probe, candidates[i], NULL,
2494 INVALID_DEVID) == 0) {
2495 wc_SlhDsaKey_Free(&probe);
2496 *out = candidates[i];
2497 return 1;
2498 }
2499 }
2500 return 0;
2501}
2502#endif /* WOLFSSL_HAVE_SLHDSA && !VERIFY_ONLY && WC_ENABLE_ASYM_KEY_EXPORT */
2503
2504/* Pin the per-variant disable contract: every parameter set whose enum
2505 * value is visible (so the test compiles) but whose backend is excluded
2506 * by a WOLFSSL_SLHDSA_PARAM_NO_* / WOLFSSL_SLHDSA_NO_* macro must surface
2507 * NOT_COMPILED_IN from wc_SlhDsaKey_Init instead of silently succeeding
2508 * or returning a generic error.
2509 *
2510 * This is the only API-level test for the granular disable surface and
2511 * also locks in the contract that wc_SlhDsaOidToParam/CertType in asn.c
2512 * piggyback on -- if Init drifts away from NOT_COMPILED_IN here, the
2513 * mapping helpers will likewise diverge and certificate handling will
2514 * lose its "variant unavailable" diagnostic. */
2515int test_wc_slhdsa_param_disabled(void)
2516{
2517 EXPECT_DECLS;
2518#ifdef WOLFSSL_HAVE_SLHDSA
2519 SlhDsaKey key;
2520 enum SlhDsaParam enabledProbe = SLHDSA_SHAKE128S;
2521 int haveEnabled;
2522
2523 XMEMSET(&key, 0, sizeof(key));
2524
2525 /* Positive smoke check: at least one variant must initialise. Without
2526 * this the disabled-variant branches below can all be #if'd out and
2527 * the test would silently pass on default builds, defeating its
2528 * documented purpose. The probe also validates the contract from the
2529 * other side -- Init must succeed for an enabled param. */
2530 haveEnabled = 0;
2531#if defined(WOLFSSL_SLHDSA_PARAM_128S)
2532 enabledProbe = SLHDSA_SHAKE128S; haveEnabled = 1;
2533#elif defined(WOLFSSL_SLHDSA_PARAM_128F)
2534 enabledProbe = SLHDSA_SHAKE128F; haveEnabled = 1;
2535#elif defined(WOLFSSL_SLHDSA_PARAM_192S)
2536 enabledProbe = SLHDSA_SHAKE192S; haveEnabled = 1;
2537#elif defined(WOLFSSL_SLHDSA_PARAM_192F)
2538 enabledProbe = SLHDSA_SHAKE192F; haveEnabled = 1;
2539#elif defined(WOLFSSL_SLHDSA_PARAM_256S)
2540 enabledProbe = SLHDSA_SHAKE256S; haveEnabled = 1;
2541#elif defined(WOLFSSL_SLHDSA_PARAM_256F)
2542 enabledProbe = SLHDSA_SHAKE256F; haveEnabled = 1;
2543#elif defined(WOLFSSL_SLHDSA_SHA2) && defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S)
2544 enabledProbe = SLHDSA_SHA2_128S; haveEnabled = 1;
2545#endif
2546 ExpectIntEQ(haveEnabled, 1);
2547 if (haveEnabled) {
2548 ExpectIntEQ(wc_SlhDsaKey_Init(&key, enabledProbe, NULL,
2549 INVALID_DEVID), 0);
2550 wc_SlhDsaKey_Free(&key);
2551 XMEMSET(&key, 0, sizeof(key));
2552 }
2553
2554#if defined(WOLFSSL_SLHDSA_PARAM_NO_128S) || \
2555 defined(WOLFSSL_SLHDSA_NO_128) || \
2556 defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL)
2557 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID),
2558 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2559#endif
2560#if defined(WOLFSSL_SLHDSA_PARAM_NO_128F) || \
2561 defined(WOLFSSL_SLHDSA_NO_128) || \
2562 defined(WOLFSSL_SLHDSA_PARAM_NO_FAST)
2563 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID),
2564 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2565#endif
2566#if defined(WOLFSSL_SLHDSA_PARAM_NO_192S) || \
2567 defined(WOLFSSL_SLHDSA_NO_192) || \
2568 defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL)
2569 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID),
2570 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2571#endif
2572#if defined(WOLFSSL_SLHDSA_PARAM_NO_192F) || \
2573 defined(WOLFSSL_SLHDSA_NO_192) || \
2574 defined(WOLFSSL_SLHDSA_PARAM_NO_FAST)
2575 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID),
2576 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2577#endif
2578#if defined(WOLFSSL_SLHDSA_PARAM_NO_256S) || \
2579 defined(WOLFSSL_SLHDSA_NO_256) || \
2580 defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL)
2581 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID),
2582 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2583#endif
2584#if defined(WOLFSSL_SLHDSA_PARAM_NO_256F) || \
2585 defined(WOLFSSL_SLHDSA_NO_256) || \
2586 defined(WOLFSSL_SLHDSA_PARAM_NO_FAST)
2587 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID),
2588 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2589#endif
2590
2591#ifdef WOLFSSL_SLHDSA_SHA2
2592 /* SHA-2 enum values are only declared when WOLFSSL_SLHDSA_SHA2 is set;
2593 * each per-variant disable below is checked under that gate. */
2594 #ifdef WOLFSSL_SLHDSA_PARAM_NO_SHA2_128S
2595 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128S, NULL, INVALID_DEVID),
2596 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2597 #endif
2598 #ifdef WOLFSSL_SLHDSA_PARAM_NO_SHA2_128F
2599 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_128F, NULL, INVALID_DEVID),
2600 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2601 #endif
2602 #ifdef WOLFSSL_SLHDSA_PARAM_NO_SHA2_192S
2603 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192S, NULL, INVALID_DEVID),
2604 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2605 #endif
2606 #ifdef WOLFSSL_SLHDSA_PARAM_NO_SHA2_192F
2607 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_192F, NULL, INVALID_DEVID),
2608 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2609 #endif
2610 #ifdef WOLFSSL_SLHDSA_PARAM_NO_SHA2_256S
2611 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256S, NULL, INVALID_DEVID),
2612 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2613 #endif
2614 #ifdef WOLFSSL_SLHDSA_PARAM_NO_SHA2_256F
2615 ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHA2_256F, NULL, INVALID_DEVID),
2616 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
2617 #endif
2618#endif /* WOLFSSL_SLHDSA_SHA2 */
2619
2620 (void)key;
2621#endif /* WOLFSSL_HAVE_SLHDSA */
2622 return EXPECT_RESULT();
2623}
2624
2625/* Decoder-level companion to test_wc_slhdsa_param_disabled: feed DER for
2626 * each disabled SLH-DSA OID into PrivateKeyDecode/PublicKeyDecode and
2627 * confirm they pass NOT_COMPILED_IN through verbatim. The Init-level
2628 * test above proves the mapping helper is correct; this one proves the
2629 * decoders honour it instead of collapsing the result to ASN_PARSE_E. */
2630int test_wc_slhdsa_decoder_disabled_oid(void)
2631{
2632 EXPECT_DECLS;
2633#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
2634 defined(WC_ENABLE_ASYM_KEY_EXPORT)
2635 enum SlhDsaParam src = SLHDSA_SHAKE128S;
2636 int haveSrc = slhdsa_pick_enabled_param(&src);
2637 ExpectIntEQ(haveSrc, 1);
2638
2639 if (haveSrc) {
2640 /* Positive smoke check: feed src's own OID through the patcher
2641 * (round-trip) and expect a clean decode, so the decoder path
2642 * actually exercises here even when no per-variant disable is
2643 * active. The trailing OID byte for SHAKE128S is 0x1A; we look
2644 * up the byte for `src` from a small table because src may not
2645 * be SHAKE128S in restricted builds. */
2646 {
2647 byte srcOidByte = 0;
2648 switch (src) {
2649 case SLHDSA_SHAKE128S: srcOidByte = 0x1A; break;
2650 case SLHDSA_SHAKE128F: srcOidByte = 0x1B; break;
2651 case SLHDSA_SHAKE192S: srcOidByte = 0x1C; break;
2652 case SLHDSA_SHAKE192F: srcOidByte = 0x1D; break;
2653 case SLHDSA_SHAKE256S: srcOidByte = 0x1E; break;
2654 case SLHDSA_SHAKE256F: srcOidByte = 0x1F; break;
2655 #ifdef WOLFSSL_SLHDSA_SHA2
2656 case SLHDSA_SHA2_128S: srcOidByte = 0x14; break;
2657 case SLHDSA_SHA2_128F: srcOidByte = 0x15; break;
2658 case SLHDSA_SHA2_192S: srcOidByte = 0x16; break;
2659 case SLHDSA_SHA2_192F: srcOidByte = 0x17; break;
2660 case SLHDSA_SHA2_256S: srcOidByte = 0x18; break;
2661 case SLHDSA_SHA2_256F: srcOidByte = 0x19; break;
2662 #endif
2663 default: break;
2664 }
2665 ExpectIntGT((int)srcOidByte, 0);
2666 /* Round-trip: patching src's OID to itself must still decode
2667 * successfully -- this fires unconditionally and validates
2668 * the patcher infrastructure even when no disable branch
2669 * below applies. */
2670 ExpectIntEQ(slhdsa_decode_disabled_oid_one_roundtrip(src,
2671 srcOidByte), TEST_SUCCESS);
2672 }
2673
2674 /* SHAKE family: trailing OID byte = 0x1A..0x1F. */
2675 #if defined(WOLFSSL_SLHDSA_PARAM_NO_128S) || \
2676 defined(WOLFSSL_SLHDSA_NO_128) || \
2677 defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL)
2678 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x1A), TEST_SUCCESS);
2679 #endif
2680 #if defined(WOLFSSL_SLHDSA_PARAM_NO_128F) || \
2681 defined(WOLFSSL_SLHDSA_NO_128) || \
2682 defined(WOLFSSL_SLHDSA_PARAM_NO_FAST)
2683 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x1B), TEST_SUCCESS);
2684 #endif
2685 #if defined(WOLFSSL_SLHDSA_PARAM_NO_192S) || \
2686 defined(WOLFSSL_SLHDSA_NO_192) || \
2687 defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL)
2688 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x1C), TEST_SUCCESS);
2689 #endif
2690 #if defined(WOLFSSL_SLHDSA_PARAM_NO_192F) || \
2691 defined(WOLFSSL_SLHDSA_NO_192) || \
2692 defined(WOLFSSL_SLHDSA_PARAM_NO_FAST)
2693 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x1D), TEST_SUCCESS);
2694 #endif
2695 #if defined(WOLFSSL_SLHDSA_PARAM_NO_256S) || \
2696 defined(WOLFSSL_SLHDSA_NO_256) || \
2697 defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL)
2698 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x1E), TEST_SUCCESS);
2699 #endif
2700 #if defined(WOLFSSL_SLHDSA_PARAM_NO_256F) || \
2701 defined(WOLFSSL_SLHDSA_NO_256) || \
2702 defined(WOLFSSL_SLHDSA_PARAM_NO_FAST)
2703 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x1F), TEST_SUCCESS);
2704 #endif
2705
2706 /* SHA-2 family: trailing OID byte = 0x14..0x19. The whole
2707 * family is also disabled when WOLFSSL_SLHDSA_SHA2 is unset. */
2708 #if !defined(WOLFSSL_SLHDSA_SHA2) || \
2709 defined(WOLFSSL_SLHDSA_PARAM_NO_SHA2_128S)
2710 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x14), TEST_SUCCESS);
2711 #endif
2712 #if !defined(WOLFSSL_SLHDSA_SHA2) || \
2713 defined(WOLFSSL_SLHDSA_PARAM_NO_SHA2_128F)
2714 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x15), TEST_SUCCESS);
2715 #endif
2716 #if !defined(WOLFSSL_SLHDSA_SHA2) || \
2717 defined(WOLFSSL_SLHDSA_PARAM_NO_SHA2_192S)
2718 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x16), TEST_SUCCESS);
2719 #endif
2720 #if !defined(WOLFSSL_SLHDSA_SHA2) || \
2721 defined(WOLFSSL_SLHDSA_PARAM_NO_SHA2_192F)
2722 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x17), TEST_SUCCESS);
2723 #endif
2724 #if !defined(WOLFSSL_SLHDSA_SHA2) || \
2725 defined(WOLFSSL_SLHDSA_PARAM_NO_SHA2_256S)
2726 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x18), TEST_SUCCESS);
2727 #endif
2728 #if !defined(WOLFSSL_SLHDSA_SHA2) || \
2729 defined(WOLFSSL_SLHDSA_PARAM_NO_SHA2_256F)
2730 ExpectIntEQ(slhdsa_decode_disabled_oid_one(src, 0x19), TEST_SUCCESS);
2731 #endif
2732 }
2733#endif
2734 return EXPECT_RESULT();
2735}
2736
2737#ifdef TEST_SLHDSA_DEFAULT_PARAM
2738 #undef TEST_SLHDSA_DEFAULT_PARAM
2739 #undef TEST_SLHDSA_DEFAULT_SIG_LEN
2740 #undef TEST_SLHDSA_DEFAULT_PRIV_LEN
2741 #undef TEST_SLHDSA_DEFAULT_PUB_LEN
2742 #undef TEST_SLHDSA_DEFAULT_SEED_LEN
2743#endif