wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Split two PKCS7 tests into two functions.

Browse Source
This commit is contained in:
John Safranek
2014-01-16 16:29:33 -08:00
parent cf22e49117
commit eb2e987a29
1 changed files with 175 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

340
ctaocrypt/test/test.c
View File

@@ -178,7 +178,8 @@ int pbkdf2_test(void);
int compress_test(void);
#endif
#ifdef HAVE_PKCS7
int pkcs7_test(void);
int pkcs7enveloped_test(void);
int pkcs7signed_test(void);
#endif
@@ -465,10 +466,15 @@ void ctaocrypt_test(void* args)
#endif
#ifdef HAVE_PKCS7
if ( (ret = pkcs7_test()) != 0)
err_sys("PKCS7 test failed!\n", ret);
if ( (ret = pkcs7enveloped_test()) != 0)
err_sys("PKCS7enveloped test failed!\n", ret);
else
printf( "PKCS7 test passed!\n");
printf( "PKCS7enveloped test passed!\n");
if ( (ret = pkcs7signed_test()) != 0)
err_sys("PKCS7signed test failed!\n", ret);
else
printf( "PKCS7signed test passed!\n");
#endif
((func_args*)args)->return_code = ret;
@@ -4024,196 +4030,200 @@ int compress_test(void)
#ifdef HAVE_PKCS7
int pkcs7_test(void)
int pkcs7enveloped_test(void)
{
int ret = 0;
/* Test the PKCS7 Signed-Data */
{
byte* cert;
byte out[2048];
char data[] = "Hello World";
word32 dataSz, outSz;
PKCS7 msg;
RNG rng;
int cipher = DES3b;
int envelopedSz, decodedSz;
PKCS7 pkcs7;
byte* cert;
byte* privKey;
byte enveloped[2048];
byte decoded[2048];
word32 certSz;
FILE* file;
FILE* pkcs7File;
size_t certSz;
size_t privKeySz;
FILE* certFile;
FILE* keyFile;
FILE* pkcs7File;
const char* pkcs7OutFile = "pkcs7envelopedData.der";
byte transIdOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x07 };
byte messageTypeOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x02 };
byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
byte pkiStatusOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x03 };
byte transId[(SHA_DIGEST_SIZE + 1) * 2 + 1];
byte messageType[] = { 0x13, 2, '1', '9' };
byte senderNonce[34];
byte pkiStatus[] = { 0x13, 1, '0' };
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
PKCS7Attrib attribs[] =
{
{ transIdOid, sizeof(transIdOid),
transId, sizeof(transId) - 1 }, /* take off the null */
{ messageTypeOid, sizeof(messageTypeOid),
messageType, sizeof(messageType) },
{ senderNonceOid, sizeof(senderNonceOid),
senderNonce, sizeof(senderNonce) },
{ pkiStatusOid, sizeof(pkiStatusOid),
pkiStatus, sizeof(pkiStatus) }
};
/* read client cert and key in DER format */
cert = (byte*)malloc(FOURK_BUF);
if (cert == NULL)
return -201;
dataSz = (word32) strlen(data);
outSz = sizeof(out);
privKey = (byte*)malloc(FOURK_BUF);
if (privKey == NULL)
return -202;
cert = (byte*)malloc(FOURK_BUF);
if (cert == NULL)
return -40;
certFile = fopen(clientCert, "rb");
if (!certFile)
err_sys("can't open ./certs/client-cert.der, "
"Please run from CyaSSL home dir", -42);
/* read in DER cert of recipient, into cert of size certSz */
file = fopen(clientCert, "rb");
certSz = fread(cert, 1, FOURK_BUF, certFile);
fclose(certFile);
if (!file)
err_sys("can't open ./certs/client-cert.der, "
"Please run from CyaSSL home dir", -40);
keyFile = fopen(clientKey, "rb");
if (!keyFile)
err_sys("can't open ./certs/client-key.der, "
"Please run from CyaSSL home dir", -43);
certSz = (word32)fread(cert, 1, FOURK_BUF, file);
fclose(file);
privKeySz = fread(privKey, 1, FOURK_BUF, keyFile);
fclose(keyFile);
ret = InitRng(&rng);
senderNonce[0] = 0x04;
senderNonce[1] = 0x20;
RNG_GenerateBlock(&rng, &senderNonce[2], 32);
PKCS7_InitWithCert(&pkcs7, cert, (word32)certSz);
pkcs7.content = (byte*)data;
pkcs7.contentSz = (word32)sizeof(data);
pkcs7.contentOID = DATA;
pkcs7.encryptOID = cipher;
pkcs7.privateKey = privKey;
pkcs7.privKeySize = (word32)privKeySz;
PKCS7_InitWithCert(&msg, cert, certSz);
msg.content = (byte*)data;
msg.contentSz = dataSz;
msg.hashOID = SHAh;
msg.encryptOID = RSAk;
msg.signedAttribs = attribs;
msg.signedAttribsSz = sizeof(attribs)/sizeof(PKCS7Attrib);
msg.rng = &rng;
{
Sha sha;
byte digest[SHA_DIGEST_SIZE];
int i,j;
/* encode envelopedData */
envelopedSz = PKCS7_EncodeEnvelopeData(&pkcs7, enveloped,
sizeof(enveloped));
if (envelopedSz <= 0)
return -203;
transId[0] = 0x13;
transId[1] = SHA_DIGEST_SIZE * 2;
/* decode envelopedData */
decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
decoded, sizeof(decoded));
if (decodedSz <= 0)
return -204;
InitSha(&sha);
ShaUpdate(&sha, msg.publicKey, msg.publicKeySz);
ShaFinal(&sha, digest);
for (i = 0, j = 2; i < SHA_DIGEST_SIZE; i++, j += 2) {
snprintf((char*)&transId[j], 3, "%02x", digest[i]);
}
}
ret = PKCS7_EncodeSignedData(&msg, out, outSz);
if (ret < 0) {
printf("Pkcs7_encrypt failed\n");
return -42;
}
else
outSz = ret;
/* write PKCS#7 to output file for more testing */
pkcs7File = fopen("./pkcs7signedData.der", "wb");
if (!pkcs7File)
return -43;
ret = (int)fwrite(out, outSz, 1, pkcs7File);
fclose(pkcs7File);
/* test decode result */
if (memcmp(decoded, data, sizeof(data)) != 0) {
return -205;
}
/* Test the PKCS7 Enveloped-Data */
/* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(pkcs7OutFile, "wb");
if (!pkcs7File)
return -206;
ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
fclose(pkcs7File);
free(cert);
free(privKey);
if (ret > 0)
return 0;
return ret;
}
int pkcs7signed_test(void)
{
int ret = 0;
byte* cert;
byte out[2048];
char data[] = "Hello World";
word32 dataSz, outSz;
PKCS7 msg;
RNG rng;
word32 certSz;
FILE* file;
FILE* pkcs7File;
byte transIdOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x07 };
byte messageTypeOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x02 };
byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
byte pkiStatusOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x03 };
byte transId[(SHA_DIGEST_SIZE + 1) * 2 + 1];
byte messageType[] = { 0x13, 2, '1', '9' };
byte senderNonce[34];
byte pkiStatus[] = { 0x13, 1, '0' };
PKCS7Attrib attribs[] =
{
int cipher = DES3b;
int envelopedSz, decodedSz;
PKCS7 pkcs7;
byte* cert;
byte* privKey;
byte enveloped[2048];
byte decoded[2048];
{ transIdOid, sizeof(transIdOid),
transId, sizeof(transId) - 1 }, /* take off the null */
{ messageTypeOid, sizeof(messageTypeOid),
messageType, sizeof(messageType) },
{ senderNonceOid, sizeof(senderNonceOid),
senderNonce, sizeof(senderNonce) },
{ pkiStatusOid, sizeof(pkiStatusOid),
pkiStatus, sizeof(pkiStatus) }
};
size_t certSz;
size_t privKeySz;
FILE* certFile;
FILE* keyFile;
FILE* pkcs7File;
const char* pkcs7OutFile = "pkcs7envelopedData.der";
dataSz = (word32) strlen(data);
outSz = sizeof(out);
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
cert = (byte*)malloc(FOURK_BUF);
if (cert == NULL)
return -207;
/* read client cert and key in DER format */
cert = (byte*)malloc(FOURK_BUF);
if (cert == NULL)
return -201;
/* read in DER cert of recipient, into cert of size certSz */
file = fopen(clientCert, "rb");
privKey = (byte*)malloc(FOURK_BUF);
if (privKey == NULL)
return -202;
if (!file)
err_sys("can't open ./certs/client-cert.der, "
"Please run from CyaSSL home dir", -44);
certFile = fopen(clientCert, "rb");
if (!certFile)
err_sys("can't open ./certs/client-cert.der, "
"Please run from CyaSSL home dir", -42);
certSz = (word32)fread(cert, 1, FOURK_BUF, file);
fclose(file);
certSz = fread(cert, 1, FOURK_BUF, certFile);
fclose(certFile);
ret = InitRng(&rng);
senderNonce[0] = 0x04;
senderNonce[1] = 0x20;
RNG_GenerateBlock(&rng, &senderNonce[2], 32);
keyFile = fopen(clientKey, "rb");
if (!keyFile)
err_sys("can't open ./certs/client-key.der, "
"Please run from CyaSSL home dir", -43);
PKCS7_InitWithCert(&msg, cert, certSz);
msg.content = (byte*)data;
msg.contentSz = dataSz;
msg.hashOID = SHAh;
msg.encryptOID = RSAk;
msg.signedAttribs = attribs;
msg.signedAttribsSz = sizeof(attribs)/sizeof(PKCS7Attrib);
msg.rng = &rng;
{
Sha sha;
byte digest[SHA_DIGEST_SIZE];
int i,j;
privKeySz = fread(privKey, 1, FOURK_BUF, keyFile);
fclose(keyFile);
transId[0] = 0x13;
transId[1] = SHA_DIGEST_SIZE * 2;
PKCS7_InitWithCert(&pkcs7, cert, (word32)certSz);
pkcs7.content = (byte*)data;
pkcs7.contentSz = (word32)sizeof(data);
pkcs7.contentOID = DATA;
pkcs7.encryptOID = cipher;
pkcs7.privateKey = privKey;
pkcs7.privKeySize = (word32)privKeySz;
InitSha(&sha);
ShaUpdate(&sha, msg.publicKey, msg.publicKeySz);
ShaFinal(&sha, digest);
/* encode envelopedData */
envelopedSz = PKCS7_EncodeEnvelopeData(&pkcs7, enveloped,
sizeof(enveloped));
if (envelopedSz <= 0)
return -203;
/* decode envelopedData */
decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
decoded, sizeof(decoded));
if (decodedSz <= 0)
return -204;
/* test decode result */
if (memcmp(decoded, data, sizeof(data)) != 0) {
return -205;
for (i = 0, j = 2; i < SHA_DIGEST_SIZE; i++, j += 2) {
snprintf((char*)&transId[j], 3, "%02x", digest[i]);
}
/* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(pkcs7OutFile, "wb");
if (!pkcs7File)
return -206;
ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
fclose(pkcs7File);
free(cert);
free(privKey);
}
ret = PKCS7_EncodeSignedData(&msg, out, outSz);
if (ret < 0) {
return -208;
}
else
outSz = ret;
/* write PKCS#7 to output file for more testing */
pkcs7File = fopen("./pkcs7signedData.der", "wb");
if (!pkcs7File)
return -209;
ret = (int)fwrite(out, outSz, 1, pkcs7File);
fclose(pkcs7File);
if (ret > 0)
return 0;