wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

add tests for PKCS7_sign(), PKCS7_final(), SMIME_write_PKCS7()

Browse Source
This commit is contained in:
Chris Conlon
2022-02-07 17:43:06 -07:00
parent ce514e6fc5
commit 6762cd90da
1 changed files with 309 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

313
tests/api.c
View File

@ -46850,6 +46850,165 @@ static void test_wolfssl_PKCS7(void)
#endif
}
static void test_wolfSSL_PKCS7_sign(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
PKCS7* p7 = NULL;
PKCS7* p7Ver = NULL;
byte* out = NULL;
byte* tmpPtr = NULL;
int outLen = 0;
int flags = 0;
byte data[] = "Test data to encode.";
const char* cert = "./certs/server-cert.pem";
const char* key = "./certs/server-key.pem";
const char* ca = "./certs/ca-cert.pem";
WOLFSSL_BIO* certBio = NULL;
WOLFSSL_BIO* keyBio = NULL;
WOLFSSL_BIO* caBio = NULL;
WOLFSSL_BIO* inBio = NULL;
X509* signCert = NULL;
EVP_PKEY* signKey = NULL;
X509* caCert = NULL;
X509_STORE* store = NULL;
printf(testingFmt, "wolfSSL_PKCS7_sign()");
/* read signer cert/key into BIO */
AssertNotNull(certBio = BIO_new_file(cert, "r"));
AssertNotNull(keyBio = BIO_new_file(key, "r"));
AssertNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
AssertNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
/* read CA cert into store (for verify) */
AssertNotNull(caBio = BIO_new_file(ca, "r"));
AssertNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
AssertNotNull(store = X509_STORE_new());
AssertIntEQ(X509_STORE_add_cert(store, caCert), 1);
/* data to be signed into BIO */
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
/* PKCS7_sign, bad args: signer NULL */
AssertNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0));
/* PKCS7_sign, bad args: signer key NULL */
AssertNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0));
/* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */
AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0));
/* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */
AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS));
/* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */
AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL));
/* TEST SUCCESS: Not detached, not streaming, not MIME */
{
flags = PKCS7_BINARY;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
/* verify with d2i_PKCS7 */
tmpPtr = out;
AssertNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
PKCS7_free(p7Ver);
/* verify with wc_PKCS7_VerifySignedData */
AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
wc_PKCS7_Free(p7Ver);
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL;
}
PKCS7_free(p7);
}
/* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg
* tests for PKCS7_final() while we have a PKCS7 pointer to use */
{
flags = PKCS7_BINARY | PKCS7_STREAM;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntEQ(PKCS7_final(p7, inBio, flags), 1);
AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
/* PKCS7_final, bad args: PKCS7 null */
AssertIntEQ(PKCS7_final(NULL, inBio, 0), 0);
/* PKCS7_final, bad args: PKCS7 null */
AssertIntEQ(PKCS7_final(p7, NULL, 0), 0);
tmpPtr = out;
AssertNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
PKCS7_free(p7Ver);
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL;
}
PKCS7_free(p7);
}
/* TEST SUCCESS: Detached, not streaming, not MIME */
{
flags = PKCS7_BINARY | PKCS7_DETACHED;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
/* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, devId));
p7Ver->content = data;
p7Ver->contentSz = sizeof(data);
AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
wc_PKCS7_Free(p7Ver);
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL;
}
PKCS7_free(p7);
}
/* TEST SUCCESS: Detached, streaming, not MIME */
{
flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntEQ(PKCS7_final(p7, inBio, flags), 1);
AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
/* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, devId));
p7Ver->content = data;
p7Ver->contentSz = sizeof(data);
AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
wc_PKCS7_Free(p7Ver);
if (out != NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL;
}
PKCS7_free(p7);
}
X509_STORE_free(store);
X509_free(caCert);
X509_free(signCert);
EVP_PKEY_free(signKey);
BIO_free(inBio);
BIO_free(keyBio);
BIO_free(certBio);
BIO_free(caBio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS7_SIGNED_new(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
@ -46997,39 +47156,47 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");
/* smime-test.p7s */
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
AssertNotNull(bio);
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
PKCS7_NOVERIFY), SSL_SUCCESS);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
/* smime-test-multipart.p7s */
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
PKCS7_NOVERIFY), SSL_SUCCESS);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
/* smime-test-multipart-badsig.p7s */
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
PKCS7_NOVERIFY), SSL_FAILURE);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
/* smime-test-canon.p7s */
smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
PKCS7_NOVERIFY), SSL_SUCCESS);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
@ -47055,6 +47222,142 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SMIME_write_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA)
PKCS7* p7 = NULL;
PKCS7* p7Ver = NULL;
int flags = 0;
byte data[] = "Test data to encode.";
const char* cert = "./certs/server-cert.pem";
const char* key = "./certs/server-key.pem";
const char* ca = "./certs/ca-cert.pem";
WOLFSSL_BIO* certBio = NULL;
WOLFSSL_BIO* keyBio = NULL;
WOLFSSL_BIO* caBio = NULL;
WOLFSSL_BIO* inBio = NULL;
WOLFSSL_BIO* outBio = NULL;
WOLFSSL_BIO* content = NULL;
X509* signCert = NULL;
EVP_PKEY* signKey = NULL;
X509* caCert = NULL;
X509_STORE* store = NULL;
printf(testingFmt, "wolfSSL_SMIME_write_PKCS7()");
/* read signer cert/key into BIO */
AssertNotNull(certBio = BIO_new_file(cert, "r"));
AssertNotNull(keyBio = BIO_new_file(key, "r"));
AssertNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
AssertNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
/* read CA cert into store (for verify) */
AssertNotNull(caBio = BIO_new_file(ca, "r"));
AssertNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
AssertNotNull(store = X509_STORE_new());
AssertIntEQ(X509_STORE_add_cert(store, caCert), 1);
/* generate and verify SMIME: not detached */
{
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_STREAM;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertNotNull(outBio = BIO_new(BIO_s_mem()));
AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
/* bad arg: out NULL */
AssertIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0);
/* bad arg: pkcs7 NULL */
AssertIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0);
AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
BIO_free(content);
BIO_free(inBio);
BIO_free(outBio);
PKCS7_free(p7Ver);
PKCS7_free(p7);
}
/* generate and verify SMIME: not detached, add Content-Type */
{
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_STREAM | PKCS7_TEXT;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertNotNull(outBio = BIO_new(BIO_s_mem()));
AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
BIO_free(content);
BIO_free(inBio);
BIO_free(outBio);
PKCS7_free(p7Ver);
PKCS7_free(p7);
}
/* generate and verify SMIME: detached */
{
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_DETACHED | PKCS7_STREAM;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertNotNull(outBio = BIO_new(BIO_s_mem()));
AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
BIO_free(content);
BIO_free(inBio);
BIO_free(outBio);
PKCS7_free(p7Ver);
PKCS7_free(p7);
}
/* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */
{
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertNotNull(outBio = BIO_new(BIO_s_mem()));
AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
BIO_free(content);
BIO_free(inBio);
BIO_free(outBio);
PKCS7_free(p7Ver);
PKCS7_free(p7);
}
X509_STORE_free(store);
X509_free(caCert);
X509_free(signCert);
EVP_PKEY_free(signKey);
BIO_free(keyBio);
BIO_free(certBio);
BIO_free(caBio);
printf(resultFmt, passed);
#endif
}
#endif /* HAVE_SMIME*/
#endif /* !NO_BIO */
@ -52952,11 +53255,13 @@ void ApiTest(void)
test_X509_REQ();
/* OpenSSL PKCS7 API test */
test_wolfssl_PKCS7();
test_wolfSSL_PKCS7_sign();
test_wolfSSL_PKCS7_SIGNED_new();
#ifndef NO_BIO
test_wolfSSL_PEM_write_bio_PKCS7();
#ifdef HAVE_SMIME
test_wolfSSL_SMIME_read_PKCS7();
test_wolfSSL_SMIME_write_PKCS7();
#endif
#endif