mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 02:37:28 +02:00
Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free. Updated the test examples to use the dynamic method. Add API unit test for wc_PKCS7_New.
This commit is contained in:
David Garske
102
tests/api.c
102
tests/api.c
@ -3263,7 +3263,7 @@ static void test_wolfSSL_mcast(void)
|
||||
| Wolfcrypt
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
||||
/*
|
||||
/*
|
||||
* Unit test for the wc_InitBlake2b()
|
||||
*/
|
||||
static int test_wc_InitBlake2b (void)
|
||||
@ -7609,7 +7609,7 @@ static int test_wc_Des3_SetKey (void)
|
||||
return ret;
|
||||
|
||||
} /* END test_wc_Des3_SetKey */
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
|
||||
@ -7856,7 +7856,7 @@ static int test_wc_Chacha_SetKey (void)
|
||||
static int test_wc_Poly1305SetKey(void)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
|
||||
#ifdef HAVE_POLY1305
|
||||
Poly1305 ctx;
|
||||
const byte key[] =
|
||||
@ -7868,8 +7868,8 @@ static int test_wc_Poly1305SetKey(void)
|
||||
};
|
||||
|
||||
printf(testingFmt, "wc_Poly1305_SetKey()");
|
||||
|
||||
ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
|
||||
|
||||
ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
|
||||
/* Test bad args. */
|
||||
if (ret == 0) {
|
||||
ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
|
||||
@ -7887,7 +7887,7 @@ static int test_wc_Poly1305SetKey(void)
|
||||
}
|
||||
|
||||
printf(resultFmt, ret == 0 ? passed : failed);
|
||||
|
||||
|
||||
#endif
|
||||
return ret;
|
||||
} /* END test_wc_Poly1305_SetKey() */
|
||||
@ -10112,7 +10112,7 @@ static int test_wc_RsaKeyToDer (void)
|
||||
* Testing wc_RsaKeyToPublicDer()
|
||||
*/
|
||||
static int test_wc_RsaKeyToPublicDer (void)
|
||||
{
|
||||
{
|
||||
int ret = 0;
|
||||
#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\
|
||||
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
|
||||
@ -14185,6 +14185,25 @@ static int test_wc_ecc_is_valid_idx (void)
|
||||
} /* END test_wc_ecc_is_valid_idx */
|
||||
|
||||
|
||||
/*
|
||||
* Testing wc_PKCS7_New()
|
||||
*/
|
||||
static void test_wc_PKCS7_New (void)
|
||||
{
|
||||
#if defined(HAVE_PKCS7)
|
||||
PKCS7* pkcs7;
|
||||
void* heap = NULL;
|
||||
|
||||
printf(testingFmt, "wc_PKCS7_New()");
|
||||
|
||||
pkcs7 = wc_PKCS7_New(heap, devId);
|
||||
AssertNotNull(pkcs7);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
#endif
|
||||
} /* END test-wc_PKCS7_New */
|
||||
|
||||
/*
|
||||
* Testing wc_PKCS7_Init()
|
||||
*/
|
||||
@ -15038,43 +15057,43 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
|
||||
|
||||
/* Testing wc_SignatureGetSize() for signature type ECC */
|
||||
static int test_wc_SignatureGetSize_ecc(void)
|
||||
{
|
||||
int ret = 0;
|
||||
{
|
||||
int ret = 0;
|
||||
#if defined(HAVE_ECC) && !defined(NO_ECC256)
|
||||
enum wc_SignatureType sig_type;
|
||||
word32 key_len;
|
||||
|
||||
/* Initialize ECC Key */
|
||||
ecc_key ecc;
|
||||
ecc_key ecc;
|
||||
const char* qx =
|
||||
"fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
|
||||
const char* qy =
|
||||
const char* qy =
|
||||
"d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
|
||||
const char* d =
|
||||
const char* d =
|
||||
"be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
|
||||
|
||||
|
||||
ret = wc_ecc_init(&ecc);
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
|
||||
}
|
||||
printf(testingFmt, "wc_SigntureGetSize_ecc()");
|
||||
if (ret == 0) {
|
||||
if (ret == 0) {
|
||||
/* Input for signature type ECC */
|
||||
sig_type = WC_SIGNATURE_TYPE_ECC;
|
||||
key_len = sizeof(ecc_key);
|
||||
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
|
||||
|
||||
/* Test bad args */
|
||||
|
||||
/* Test bad args */
|
||||
if (ret > 0) {
|
||||
sig_type = (enum wc_SignatureType) 100;
|
||||
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
sig_type = WC_SIGNATURE_TYPE_ECC;
|
||||
ret = wc_SignatureGetSize(sig_type, NULL, key_len);
|
||||
}
|
||||
}
|
||||
if (ret >= 0) {
|
||||
key_len = (word32) 0;
|
||||
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
|
||||
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
|
||||
}
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
ret = SIG_TYPE_E;
|
||||
@ -15102,7 +15121,7 @@ static int test_wc_SignatureGetSize_ecc(void)
|
||||
/* Testing wc_SignatureGetSize() for signature type rsa */
|
||||
static int test_wc_SignatureGetSize_rsa(void)
|
||||
{
|
||||
int ret = 0;
|
||||
int ret = 0;
|
||||
#ifndef NO_RSA
|
||||
enum wc_SignatureType sig_type;
|
||||
word32 key_len;
|
||||
@ -15112,7 +15131,7 @@ static int test_wc_SignatureGetSize_rsa(void)
|
||||
RsaKey rsa_key;
|
||||
byte* tmp = NULL;
|
||||
size_t bytes;
|
||||
|
||||
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
bytes = (size_t)sizeof_client_key_der_1024;
|
||||
if (bytes < (size_t)sizeof_client_key_der_1024)
|
||||
@ -15128,10 +15147,10 @@ static int test_wc_SignatureGetSize_rsa(void)
|
||||
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp != NULL) {
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
XMEMCPY(tmp, client_key_der_1024,
|
||||
XMEMCPY(tmp, client_key_der_1024,
|
||||
(size_t)sizeof_client_key_der_1024);
|
||||
#elif defined(USE_CERT_BUFFERS_2048)
|
||||
XMEMCPY(tmp, client_key_der_2048,
|
||||
XMEMCPY(tmp, client_key_der_2048,
|
||||
(size_t)sizeof_client_key_der_2048);
|
||||
#elif !defined(NO_FILESYSTEM)
|
||||
file = fopen(clientKey, "rb");
|
||||
@ -15148,7 +15167,7 @@ static int test_wc_SignatureGetSize_rsa(void)
|
||||
if (ret == 0) {
|
||||
ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key,
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key,
|
||||
(word32)bytes);
|
||||
}
|
||||
}
|
||||
@ -15162,7 +15181,7 @@ static int test_wc_SignatureGetSize_rsa(void)
|
||||
sig_type = WC_SIGNATURE_TYPE_RSA;
|
||||
key_len = sizeof(RsaKey);
|
||||
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
|
||||
|
||||
|
||||
/* Test bad args */
|
||||
if (ret > 0) {
|
||||
sig_type = (enum wc_SignatureType) 100;
|
||||
@ -15173,7 +15192,7 @@ static int test_wc_SignatureGetSize_rsa(void)
|
||||
}
|
||||
#ifndef HAVE_USER_RSA
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
#else
|
||||
#else
|
||||
if (ret == 0) {
|
||||
#endif
|
||||
key_len = (word32)0;
|
||||
@ -15191,21 +15210,21 @@ static int test_wc_SignatureGetSize_rsa(void)
|
||||
#else
|
||||
ret = SIG_TYPE_E;
|
||||
#endif
|
||||
|
||||
|
||||
if (ret == SIG_TYPE_E) {
|
||||
ret = 0;
|
||||
}else {
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
|
||||
printf(resultFmt, ret == 0 ? passed : failed);
|
||||
return ret;
|
||||
}/* END test_wc_SignatureGetSize_rsa(void) */
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| hash.h Tests
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
||||
|
||||
static int test_wc_HashInit(void)
|
||||
{
|
||||
int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */
|
||||
@ -15604,7 +15623,7 @@ static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){
|
||||
|
||||
XMEMSET(nullstr, 0, 32);
|
||||
asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
|
||||
sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
|
||||
sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
|
||||
wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
|
||||
@ -18374,14 +18393,14 @@ static void test_wolfSSL_SHA(void)
|
||||
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
|
||||
"\x15\xAD";
|
||||
unsigned char out[WC_SHA256_DIGEST_SIZE];
|
||||
|
||||
|
||||
XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
|
||||
AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
|
||||
AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
|
||||
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
|
||||
{
|
||||
const unsigned char in[] = "abc";
|
||||
unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
|
||||
@ -18590,9 +18609,9 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){
|
||||
unsigned long flags;
|
||||
int p_len;
|
||||
unsigned char rbuf[255];
|
||||
|
||||
|
||||
printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");
|
||||
|
||||
|
||||
/* setup */
|
||||
XMEMSET(rbuf, 0, 255);
|
||||
bio = BIO_new(BIO_s_mem());
|
||||
@ -19777,7 +19796,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
tpp = pp;
|
||||
XMEMSET(pp, 0, ret + 1);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
pp--;
|
||||
AssertIntEQ(*pp, 40);
|
||||
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@ -19792,7 +19811,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
tpp = pp;
|
||||
XMEMSET(pp, 0, ret + 1);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
pp--;
|
||||
AssertIntEQ(*(pp--), 128);
|
||||
AssertIntEQ(*pp, 0);
|
||||
@ -19809,7 +19828,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
tpp = pp;
|
||||
XMEMSET(pp, 0, ret + 1);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
pp--;
|
||||
AssertIntEQ(*pp, 216);
|
||||
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@ -19825,7 +19844,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
tpp = pp;
|
||||
XMEMSET(pp, 0, ret + 1);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
pp--;
|
||||
AssertIntEQ(*pp, 128);
|
||||
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@ -19841,13 +19860,13 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
|
||||
DYNAMIC_TYPE_TMP_BUFFER));
|
||||
tpp = pp;
|
||||
XMEMSET(pp, 0, ret + 1);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
|
||||
pp--;
|
||||
AssertIntEQ(*(pp--), 56);
|
||||
AssertIntEQ(*pp, 255);
|
||||
|
||||
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wolfSSL_ASN1_INTEGER_free(a);
|
||||
wolfSSL_ASN1_INTEGER_free(a);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
@ -20176,6 +20195,7 @@ void ApiTest(void)
|
||||
AssertIntEQ(test_wc_ecc_mulmod(), 0);
|
||||
AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
|
||||
|
||||
test_wc_PKCS7_New();
|
||||
test_wc_PKCS7_Init();
|
||||
test_wc_PKCS7_InitWithCert();
|
||||
test_wc_PKCS7_EncodeData();
|
||||
@ -20183,7 +20203,7 @@ void ApiTest(void)
|
||||
test_wc_PKCS7_VerifySignedData();
|
||||
test_wc_PKCS7_EncodeDecodeEnvelopedData();
|
||||
test_wc_PKCS7_EncodeEncryptedData();
|
||||
|
||||
|
||||
printf(" End API Tests\n");
|
||||
|
||||
}
|
||||
|
||||
@ -228,6 +228,17 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
|
||||
}
|
||||
|
||||
|
||||
PKCS7* wc_PKCS7_New(void* heap, int devId)
|
||||
{
|
||||
PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (pkcs7) {
|
||||
XMEMSET(pkcs7, 0, sizeof(PKCS7));
|
||||
wc_PKCS7_Init(pkcs7, heap, devId);
|
||||
pkcs7->isDynamic = 1;
|
||||
}
|
||||
return pkcs7;
|
||||
}
|
||||
|
||||
/* This is to initialize a PKCS7 structure. It sets all values to 0 and can be
|
||||
* used to set the heap hint.
|
||||
*
|
||||
@ -246,7 +257,11 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
|
||||
}
|
||||
|
||||
XMEMSET(pkcs7, 0, sizeof(PKCS7));
|
||||
#ifdef WOLFSSL_HEAP_TEST
|
||||
pkcs7->heap = (void*)WOLFSSL_HEAP_TEST;
|
||||
#else
|
||||
pkcs7->heap = heap;
|
||||
#endif
|
||||
pkcs7->devId = devId;
|
||||
|
||||
return 0;
|
||||
@ -254,34 +269,30 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
|
||||
|
||||
|
||||
/* init PKCS7 struct with recipient cert, decode into DecodedCert
|
||||
* NOTE: keeps previously set pkcs7 memory heap hint */
|
||||
* NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */
|
||||
int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
|
||||
{
|
||||
int ret = 0;
|
||||
void* heap;
|
||||
int devId;
|
||||
word16 isDynamic;
|
||||
|
||||
if (pkcs7 == NULL || (cert == NULL && certSz != 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_HEAP_TEST
|
||||
heap = (void*)WOLFSSL_HEAP_TEST;
|
||||
#else
|
||||
heap = pkcs7->heap;
|
||||
#endif
|
||||
devId = pkcs7->devId;
|
||||
|
||||
XMEMSET(pkcs7, 0, sizeof(PKCS7));
|
||||
pkcs7->heap = heap;
|
||||
pkcs7->devId = devId;
|
||||
isDynamic = pkcs7->isDynamic;
|
||||
wc_PKCS7_Init(pkcs7, heap, devId);
|
||||
pkcs7->isDynamic = isDynamic;
|
||||
|
||||
if (cert != NULL && certSz > 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DecodedCert* dCert;
|
||||
|
||||
dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
|
||||
DYNAMIC_TYPE_PKCS7);
|
||||
dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap,
|
||||
DYNAMIC_TYPE_DCERT);
|
||||
if (dCert == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
@ -297,7 +308,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
|
||||
if (ret < 0) {
|
||||
FreeDecodedCert(dCert);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@ -313,7 +324,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
|
||||
FreeDecodedCert(dCert);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -359,6 +370,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
|
||||
if (pkcs7->der != NULL)
|
||||
XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
#endif
|
||||
|
||||
if (pkcs7->isDynamic) {
|
||||
pkcs7->isDynamic = 0;
|
||||
XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -2834,7 +2834,7 @@ int hash_test(void)
|
||||
if (hashType != WC_HASH_TYPE_NONE)
|
||||
return -3071;
|
||||
#endif
|
||||
|
||||
|
||||
ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
|
||||
#ifndef NO_MD5
|
||||
if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
|
||||
@ -18050,7 +18050,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
|
||||
byte enveloped[2048];
|
||||
byte decoded[2048];
|
||||
PKCS7 pkcs7;
|
||||
PKCS7* pkcs7;
|
||||
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||
FILE* pkcs7File;
|
||||
#endif
|
||||
@ -18128,64 +18128,75 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
|
||||
|
||||
for (i = 0; i < testSz; i++) {
|
||||
ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT,
|
||||
pkcs7 = wc_PKCS7_New(HEAP_HINT,
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
INVALID_DEVID /* async PKCS7 is not supported */
|
||||
#else
|
||||
devId
|
||||
#endif
|
||||
);
|
||||
if (ret != 0)
|
||||
if (pkcs7 == NULL)
|
||||
return -9214;
|
||||
|
||||
ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert,
|
||||
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
||||
(word32)testVectors[i].certSz);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9215;
|
||||
}
|
||||
|
||||
pkcs7.content = (byte*)testVectors[i].content;
|
||||
pkcs7.contentSz = testVectors[i].contentSz;
|
||||
pkcs7.contentOID = testVectors[i].contentOID;
|
||||
pkcs7.encryptOID = testVectors[i].encryptOID;
|
||||
pkcs7.keyWrapOID = testVectors[i].keyWrapOID;
|
||||
pkcs7.keyAgreeOID = testVectors[i].keyAgreeOID;
|
||||
pkcs7.privateKey = testVectors[i].privateKey;
|
||||
pkcs7.privateKeySz = testVectors[i].privateKeySz;
|
||||
pkcs7.ukm = testVectors[i].optionalUkm;
|
||||
pkcs7.ukmSz = testVectors[i].optionalUkmSz;
|
||||
pkcs7->content = (byte*)testVectors[i].content;
|
||||
pkcs7->contentSz = testVectors[i].contentSz;
|
||||
pkcs7->contentOID = testVectors[i].contentOID;
|
||||
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||
pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
|
||||
pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
|
||||
pkcs7->privateKey = testVectors[i].privateKey;
|
||||
pkcs7->privateKeySz = testVectors[i].privateKeySz;
|
||||
pkcs7->ukm = testVectors[i].optionalUkm;
|
||||
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
|
||||
|
||||
/* encode envelopedData */
|
||||
envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped,
|
||||
envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
|
||||
sizeof(enveloped));
|
||||
if (envelopedSz <= 0) {
|
||||
printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9216;
|
||||
}
|
||||
|
||||
/* decode envelopedData */
|
||||
decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
|
||||
decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
|
||||
decoded, sizeof(decoded));
|
||||
if (decodedSz <= 0)
|
||||
if (decodedSz <= 0) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9217;
|
||||
}
|
||||
|
||||
/* test decode result */
|
||||
if (XMEMCMP(decoded, data, sizeof(data)) != 0)
|
||||
if (XMEMCMP(decoded, data, sizeof(data)) != 0){
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9218;
|
||||
}
|
||||
|
||||
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||
/* output pkcs7 envelopedData for external testing */
|
||||
pkcs7File = fopen(testVectors[i].outFileName, "wb");
|
||||
if (!pkcs7File)
|
||||
if (!pkcs7File) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9219;
|
||||
}
|
||||
|
||||
ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File);
|
||||
fclose(pkcs7File);
|
||||
if (ret != envelopedSz) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9220;
|
||||
}
|
||||
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
|
||||
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
pkcs7 = NULL;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_ECC) || defined(NO_AES)
|
||||
@ -18313,7 +18324,7 @@ int pkcs7encrypted_test(void)
|
||||
int ret = 0;
|
||||
int i, testSz;
|
||||
int encryptedSz, decodedSz, attribIdx;
|
||||
PKCS7 pkcs7;
|
||||
PKCS7* pkcs7;
|
||||
byte encrypted[2048];
|
||||
byte decoded[2048];
|
||||
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||
@ -18437,55 +18448,65 @@ int pkcs7encrypted_test(void)
|
||||
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
|
||||
|
||||
for (i = 0; i < testSz; i++) {
|
||||
ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId);
|
||||
if (ret != 0)
|
||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
|
||||
if (pkcs7 == NULL)
|
||||
return -9400;
|
||||
|
||||
pkcs7.content = (byte*)testVectors[i].content;
|
||||
pkcs7.contentSz = testVectors[i].contentSz;
|
||||
pkcs7.contentOID = testVectors[i].contentOID;
|
||||
pkcs7.encryptOID = testVectors[i].encryptOID;
|
||||
pkcs7.encryptionKey = testVectors[i].encryptionKey;
|
||||
pkcs7.encryptionKeySz = testVectors[i].encryptionKeySz;
|
||||
pkcs7.unprotectedAttribs = testVectors[i].attribs;
|
||||
pkcs7.unprotectedAttribsSz = testVectors[i].attribsSz;
|
||||
pkcs7->content = (byte*)testVectors[i].content;
|
||||
pkcs7->contentSz = testVectors[i].contentSz;
|
||||
pkcs7->contentOID = testVectors[i].contentOID;
|
||||
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||
pkcs7->encryptionKey = testVectors[i].encryptionKey;
|
||||
pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
|
||||
pkcs7->unprotectedAttribs = testVectors[i].attribs;
|
||||
pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
|
||||
|
||||
/* encode encryptedData */
|
||||
encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
|
||||
encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
|
||||
sizeof(encrypted));
|
||||
if (encryptedSz <= 0)
|
||||
if (encryptedSz <= 0) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9401;
|
||||
}
|
||||
|
||||
/* decode encryptedData */
|
||||
decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
|
||||
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
|
||||
decoded, sizeof(decoded));
|
||||
if (decodedSz <= 0)
|
||||
if (decodedSz <= 0){
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9402;
|
||||
}
|
||||
|
||||
/* test decode result */
|
||||
if (XMEMCMP(decoded, data, sizeof(data)) != 0)
|
||||
if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9403;
|
||||
}
|
||||
|
||||
/* verify decoded unprotected attributes */
|
||||
if (pkcs7.decodedAttrib != NULL) {
|
||||
decodedAttrib = pkcs7.decodedAttrib;
|
||||
if (pkcs7->decodedAttrib != NULL) {
|
||||
decodedAttrib = pkcs7->decodedAttrib;
|
||||
attribIdx = 1;
|
||||
|
||||
while (decodedAttrib != NULL) {
|
||||
|
||||
/* expected attribute, stored list is reversed */
|
||||
expectedAttrib = &(pkcs7.unprotectedAttribs
|
||||
[pkcs7.unprotectedAttribsSz - attribIdx]);
|
||||
expectedAttrib = &(pkcs7->unprotectedAttribs
|
||||
[pkcs7->unprotectedAttribsSz - attribIdx]);
|
||||
|
||||
/* verify oid */
|
||||
if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
|
||||
decodedAttrib->oidSz) != 0)
|
||||
decodedAttrib->oidSz) != 0) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9404;
|
||||
}
|
||||
|
||||
/* verify value */
|
||||
if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
|
||||
decodedAttrib->valueSz) != 0)
|
||||
decodedAttrib->valueSz) != 0) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9405;
|
||||
}
|
||||
|
||||
decodedAttrib = decodedAttrib->next;
|
||||
attribIdx++;
|
||||
@ -18495,8 +18516,10 @@ int pkcs7encrypted_test(void)
|
||||
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||
/* output pkcs7 envelopedData for external testing */
|
||||
pkcs7File = fopen(testVectors[i].outFileName, "wb");
|
||||
if (!pkcs7File)
|
||||
if (!pkcs7File) {
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9406;
|
||||
}
|
||||
|
||||
ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
|
||||
fclose(pkcs7File);
|
||||
@ -18505,7 +18528,7 @@ int pkcs7encrypted_test(void)
|
||||
ret = 0;
|
||||
#endif
|
||||
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
}
|
||||
|
||||
return ret;
|
||||
@ -18539,7 +18562,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
byte* out;
|
||||
word32 outSz;
|
||||
WC_RNG rng;
|
||||
PKCS7 pkcs7;
|
||||
PKCS7* pkcs7;
|
||||
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
|
||||
FILE* file;
|
||||
#endif
|
||||
@ -18679,26 +18702,30 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
}
|
||||
|
||||
for (i = 0; i < testSz; i++) {
|
||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
|
||||
if (pkcs7 == NULL)
|
||||
return -9410;
|
||||
|
||||
pkcs7.heap = HEAP_HINT;
|
||||
pkcs7.devId = INVALID_DEVID;
|
||||
ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert,
|
||||
pkcs7->heap = HEAP_HINT;
|
||||
pkcs7->devId = INVALID_DEVID;
|
||||
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
|
||||
(word32)testVectors[i].certSz);
|
||||
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9410;
|
||||
}
|
||||
|
||||
pkcs7.rng = &rng;
|
||||
pkcs7.content = (byte*)testVectors[i].content;
|
||||
pkcs7.contentSz = testVectors[i].contentSz;
|
||||
pkcs7.hashOID = testVectors[i].hashOID;
|
||||
pkcs7.encryptOID = testVectors[i].encryptOID;
|
||||
pkcs7.privateKey = testVectors[i].privateKey;
|
||||
pkcs7.privateKeySz = testVectors[i].privateKeySz;
|
||||
pkcs7.signedAttribs = testVectors[i].signedAttribs;
|
||||
pkcs7.signedAttribsSz = testVectors[i].signedAttribsSz;
|
||||
pkcs7->rng = &rng;
|
||||
pkcs7->content = (byte*)testVectors[i].content;
|
||||
pkcs7->contentSz = testVectors[i].contentSz;
|
||||
pkcs7->hashOID = testVectors[i].hashOID;
|
||||
pkcs7->encryptOID = testVectors[i].encryptOID;
|
||||
pkcs7->privateKey = testVectors[i].privateKey;
|
||||
pkcs7->privateKeySz = testVectors[i].privateKeySz;
|
||||
pkcs7->signedAttribs = testVectors[i].signedAttribs;
|
||||
pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
|
||||
|
||||
/* generate senderNonce */
|
||||
{
|
||||
@ -18708,7 +18735,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9411;
|
||||
}
|
||||
}
|
||||
@ -18731,20 +18758,20 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9412;
|
||||
}
|
||||
wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
|
||||
wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
|
||||
wc_ShaFinal(&sha, digest);
|
||||
wc_ShaFree(&sha);
|
||||
#else
|
||||
ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9413;
|
||||
}
|
||||
wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
|
||||
wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
|
||||
wc_Sha256Final(&sha, digest);
|
||||
wc_Sha256Free(&sha);
|
||||
#endif
|
||||
@ -18754,10 +18781,10 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
}
|
||||
}
|
||||
|
||||
encodedSz = wc_PKCS7_EncodeSignedData(&pkcs7, out, outSz);
|
||||
encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
|
||||
if (encodedSz < 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9414;
|
||||
}
|
||||
|
||||
@ -18766,35 +18793,38 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
file = fopen(testVectors[i].outFileName, "wb");
|
||||
if (!file) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9415;
|
||||
}
|
||||
ret = (int)fwrite(out, 1, encodedSz, file);
|
||||
fclose(file);
|
||||
if (ret != (int)encodedSz) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9416;
|
||||
}
|
||||
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
|
||||
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
|
||||
ret = wc_PKCS7_VerifySignedData(&pkcs7, out, outSz);
|
||||
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
|
||||
if (pkcs7 == NULL)
|
||||
return -9410;
|
||||
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
|
||||
|
||||
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
|
||||
if (ret < 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9417;
|
||||
}
|
||||
|
||||
if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) {
|
||||
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9418;
|
||||
}
|
||||
|
||||
|
||||
{
|
||||
/* check getting signed attributes */
|
||||
#ifndef NO_SHA
|
||||
@ -18807,25 +18837,25 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
int bufSz = 0;
|
||||
|
||||
if (testVectors[i].signedAttribs != NULL &&
|
||||
wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz,
|
||||
wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
|
||||
NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9419;
|
||||
}
|
||||
|
||||
if (bufSz > (int)sizeof(buf)) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9420;
|
||||
}
|
||||
|
||||
bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz,
|
||||
bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
|
||||
buf, (word32*)&bufSz);
|
||||
if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
|
||||
(testVectors[i].signedAttribs == NULL && bufSz > 0)) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9421;
|
||||
}
|
||||
}
|
||||
@ -18834,14 +18864,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
file = fopen("./pkcs7cert.der", "wb");
|
||||
if (!file) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
return -9422;
|
||||
}
|
||||
ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file);
|
||||
ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
|
||||
fclose(file);
|
||||
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
|
||||
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
}
|
||||
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
@ -95,10 +95,13 @@ typedef struct PKCS7DecodedAttrib {
|
||||
} PKCS7DecodedAttrib;
|
||||
|
||||
|
||||
/* Public Structure Warning:
|
||||
* Existing members must not be changed to maintain backwards compatibility!
|
||||
*/
|
||||
typedef struct PKCS7 {
|
||||
WC_RNG* rng;
|
||||
PKCS7Attrib* signedAttribs;
|
||||
byte* content; /* inner content, not owner */
|
||||
byte* content; /* inner content, not owner */
|
||||
byte* singleCert; /* recipient cert, DER, not owner */
|
||||
byte* issuer; /* issuer name of singleCert */
|
||||
byte* privateKey; /* private key, DER, not owner */
|
||||
@ -136,11 +139,17 @@ typedef struct PKCS7 {
|
||||
int devId; /* device ID for HW based private key */
|
||||
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
|
||||
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
|
||||
byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/
|
||||
byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
|
||||
word32 certSz[MAX_PKCS7_CERTS];
|
||||
|
||||
/* flags - up to 32-bits */
|
||||
word16 isDynamic:1;
|
||||
|
||||
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
|
||||
} PKCS7;
|
||||
|
||||
|
||||
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
|
||||
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
|
||||
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
|
||||
WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
|
||||
|
||||
Reference in New Issue
Block a user