wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

PKCS#7: only output test bundles when PKCS7_OUTPUT_TEST_BUNDLES is defined

Browse Source
This commit is contained in:
Chris Conlon
2016-12-13 09:52:25 -07:00
parent dad0cfda92
commit e5d1e3ae10
2 changed files with 34 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
wolfcrypt/src/pkcs7.c
View File

@@ -1052,19 +1052,19 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
/* KARI == KeyAgreeRecipientInfo (key agreement) */ /* KARI == KeyAgreeRecipientInfo (key agreement) */
typedef struct WC_PKCS7_KARI { typedef struct WC_PKCS7_KARI {
DecodedCert* decoded; /* decoded recip cert */ DecodedCert* decoded; /* decoded recip cert */
void* heap; /* user heap, points to PKCS7->heap */
ecc_key* recipKey; /* recip key (pub | priv) */ ecc_key* recipKey; /* recip key (pub | priv) */
ecc_key* senderKey; /* sender key (pub | priv) */ ecc_key* senderKey; /* sender key (pub | priv) */
byte* senderKeyExport; /* sender ephemeral key DER */ byte* senderKeyExport; /* sender ephemeral key DER */
word32 senderKeyExportSz; /* size of sender ephemeral key DER */
byte* kek; /* key encryption key */ byte* kek; /* key encryption key */
word32 kekSz; /* size of key encryption key */
byte* ukm; /* OPTIONAL user keying material */ byte* ukm; /* OPTIONAL user keying material */
word32 ukmSz; /* size of user keying material */
byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */
byte* sharedInfo; /* ECC-CMS-SharedInfo ASN.1 encoded blob */ byte* sharedInfo; /* ECC-CMS-SharedInfo ASN.1 encoded blob */
word32 senderKeyExportSz; /* size of sender ephemeral key DER */
word32 kekSz; /* size of key encryption key */
word32 ukmSz; /* size of user keying material */
word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */
byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */
byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
void* heap; /* user heap, points to PKCS7->heap */
} WC_PKCS7_KARI; } WC_PKCS7_KARI;
@@ -2468,7 +2468,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
word32 encOID; word32 encOID;
word32 keyIdx; word32 keyIdx;
byte issuerHash[SHA_DIGEST_SIZE]; byte issuerHash[SHA_DIGEST_SIZE];
byte* outKey; byte* outKey = NULL;
#ifdef WC_RSA_BLINDING #ifdef WC_RSA_BLINDING
WC_RNG rng; WC_RNG rng;
@@ -2605,7 +2605,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
if (keySz <= 0) { if (keySz <= 0 || outKey == NULL) {
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ); ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
return keySz; return keySz;
} else { } else {

32
wolfcrypt/test/test.c
View File

@@ -9052,6 +9052,15 @@ int compress_test(void)
#ifdef HAVE_PKCS7 #ifdef HAVE_PKCS7
/* External Debugging/Testing Note:
*
* PKCS#7 test functions can output generated PKCS#7/CMS bundles for
* additional testing. To dump bundles to files DER encoded files, please
* define:
*
* #define PKCS7_OUTPUT_TEST_BUNDLES
*/
typedef struct { typedef struct {
const byte* content; const byte* content;
word32 contentSz; word32 contentSz;
@@ -9080,7 +9089,9 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
byte enveloped[2048]; byte enveloped[2048];
byte decoded[2048]; byte decoded[2048];
PKCS7 pkcs7; PKCS7 pkcs7;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
FILE* pkcs7File; FILE* pkcs7File;
#endif
const byte data[] = { /* Hello World */ const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
@@ -9179,6 +9190,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (XMEMCMP(decoded, data, sizeof(data)) != 0) if (XMEMCMP(decoded, data, sizeof(data)) != 0)
return -212; return -212;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */ /* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(testVectors[i].outFileName, "wb"); pkcs7File = fopen(testVectors[i].outFileName, "wb");
if (!pkcs7File) if (!pkcs7File)
@@ -9186,6 +9198,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File); ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
fclose(pkcs7File); fclose(pkcs7File);
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(&pkcs7);
} }
@@ -9294,10 +9307,10 @@ int pkcs7enveloped_test(void)
fclose(keyFile); fclose(keyFile);
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
ret = pkcs7enveloped_run_vectors(rsaCert, rsaCertSz, ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
rsaPrivKey, rsaPrivKeySz, rsaPrivKey, (word32)rsaPrivKeySz,
eccCert, eccCertSz, eccCert, (word32)eccCertSz,
eccPrivKey, eccPrivKeySz); eccPrivKey, (word32)eccPrivKeySz);
if (ret != 0) { if (ret != 0) {
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9330,12 +9343,15 @@ typedef struct {
int pkcs7encrypted_test(void) int pkcs7encrypted_test(void)
{ {
int ret, i, testSz; int ret = 0;
int i, testSz;
int encryptedSz, decodedSz, attribIdx; int encryptedSz, decodedSz, attribIdx;
PKCS7 pkcs7; PKCS7 pkcs7;
byte encrypted[2048]; byte encrypted[2048];
byte decoded[2048]; byte decoded[2048];
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
FILE* pkcs7File; FILE* pkcs7File;
#endif
PKCS7Attrib* expectedAttrib; PKCS7Attrib* expectedAttrib;
PKCS7DecodedAttrib* decodedAttrib; PKCS7DecodedAttrib* decodedAttrib;
@@ -9488,6 +9504,7 @@ int pkcs7encrypted_test(void)
} }
} }
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */ /* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(testVectors[i].outFileName, "wb"); pkcs7File = fopen(testVectors[i].outFileName, "wb");
if (!pkcs7File) if (!pkcs7File)
@@ -9495,6 +9512,7 @@ int pkcs7encrypted_test(void)
ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
fclose(pkcs7File); fclose(pkcs7File);
#endif
wc_PKCS7_Free(&pkcs7); wc_PKCS7_Free(&pkcs7);
} }
@@ -9646,6 +9664,7 @@ int pkcs7signed_test(void)
else else
outSz = ret; outSz = ret;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* write PKCS#7 to output file for more testing */ /* write PKCS#7 to output file for more testing */
file = fopen("./pkcs7signedData.der", "wb"); file = fopen("./pkcs7signedData.der", "wb");
if (!file) { if (!file) {
@@ -9664,6 +9683,7 @@ int pkcs7signed_test(void)
wc_PKCS7_Free(&msg); wc_PKCS7_Free(&msg);
return -218; return -218;
} }
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(&msg); wc_PKCS7_Free(&msg);
wc_PKCS7_InitWithCert(&msg, NULL, 0); wc_PKCS7_InitWithCert(&msg, NULL, 0);
@@ -9685,6 +9705,7 @@ int pkcs7signed_test(void)
return -215; return -215;
} }
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
file = fopen("./pkcs7cert.der", "wb"); file = fopen("./pkcs7cert.der", "wb");
if (!file) { if (!file) {
XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9695,6 +9716,7 @@ int pkcs7signed_test(void)
} }
ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file); ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file);
fclose(file); fclose(file);
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);