mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 02:37:28 +02:00
Add streaming support for PKCS7_VerifySignedData.
This commit is contained in:
TakayukiMatsuo
455
tests/api.c
455
tests/api.c
@ -27001,6 +27001,31 @@ static int test_wc_PKCS7_EncodeSignedData(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, signedSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, signedSz), 0);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
{
|
||||||
|
word32 z;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming mode */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
}
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
|
|
||||||
/* Pass in bad args. */
|
/* Pass in bad args. */
|
||||||
ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
|
ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
|
||||||
@ -27209,6 +27234,10 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
|
|||||||
{
|
{
|
||||||
byte* output = NULL;
|
byte* output = NULL;
|
||||||
word32 outputSz = 0;
|
word32 outputSz = 0;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
word32 z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
ExpectNotNull(output = (byte*)XMALLOC(
|
ExpectNotNull(output = (byte*)XMALLOC(
|
||||||
outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
|
outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
|
||||||
@ -27225,6 +27254,32 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
|
|||||||
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming mode */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -27672,6 +27727,10 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
|
|||||||
struct tm tmpTimeStorage;
|
struct tm tmpTimeStorage;
|
||||||
struct tm* tmpTime = &tmpTimeStorage;
|
struct tm* tmpTime = &tmpTimeStorage;
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
word32 z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
#endif /* !NO_ASN && !NO_ASN_TIME */
|
#endif /* !NO_ASN && !NO_ASN_TIME */
|
||||||
|
|
||||||
XMEMSET(&hash, 0, sizeof(wc_HashAlg));
|
XMEMSET(&hash, 0, sizeof(wc_HashAlg));
|
||||||
@ -27691,6 +27750,26 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* Check that decoded signed attributes are correct */
|
/* Check that decoded signed attributes are correct */
|
||||||
|
|
||||||
/* messageDigest should be first */
|
/* messageDigest should be first */
|
||||||
@ -27785,9 +27864,36 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
|
|||||||
}
|
}
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
|
||||||
SIG_VERIFY_E);
|
SIG_VERIFY_E);
|
||||||
|
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
if (pkcs7 != NULL) {
|
||||||
|
pkcs7->content = badContent;
|
||||||
|
pkcs7->contentSz = sizeof(badContent);
|
||||||
|
}
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret == WC_PKCS7_WANT_READ_E){
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
else if (ret < 0) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, SIG_VERIFY_E);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
|
|
||||||
/* Test success case with detached signature and valid content */
|
/* Test success case with detached signature and valid content */
|
||||||
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
@ -27799,6 +27905,30 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
|
|||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
if (pkcs7 != NULL) {
|
||||||
|
pkcs7->content = data;
|
||||||
|
pkcs7->contentSz = sizeof(data);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* verify using pre-computed content digest only (no content) */
|
/* verify using pre-computed content digest only (no content) */
|
||||||
{
|
{
|
||||||
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
@ -27822,6 +27952,27 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
#endif /* !NO_RSA */
|
#endif /* !NO_RSA */
|
||||||
#endif
|
#endif
|
||||||
return EXPECT_RESULT();
|
return EXPECT_RESULT();
|
||||||
@ -27840,6 +27991,10 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
|
|||||||
byte data[] = "Test data to encode.";
|
byte data[] = "Test data to encode.";
|
||||||
byte badContent[] = "This is different content than was signed";
|
byte badContent[] = "This is different content than was signed";
|
||||||
wc_HashAlg hash;
|
wc_HashAlg hash;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
word32 z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
#ifdef NO_SHA
|
#ifdef NO_SHA
|
||||||
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
|
enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
|
||||||
#else
|
#else
|
||||||
@ -27863,6 +28018,25 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
|
|||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* Invalid content should error, use detached signature so we can
|
/* Invalid content should error, use detached signature so we can
|
||||||
* easily change content */
|
* easily change content */
|
||||||
outputSz = sizeof(output);
|
outputSz = sizeof(output);
|
||||||
@ -27880,6 +28054,33 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
|
|||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
if (pkcs7 != NULL) {
|
||||||
|
pkcs7->content = badContent;
|
||||||
|
pkcs7->contentSz = sizeof(badContent);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret == WC_PKCS7_WANT_READ_E){
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
else if (ret < 0) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, SIG_VERIFY_E);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
|
|
||||||
/* Test success case with detached signature and valid content */
|
/* Test success case with detached signature and valid content */
|
||||||
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
@ -27891,6 +28092,30 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
|
|||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
if (pkcs7 != NULL) {
|
||||||
|
pkcs7->content = data;
|
||||||
|
pkcs7->contentSz = sizeof(data);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* verify using pre-computed content digest only (no content) */
|
/* verify using pre-computed content digest only (no content) */
|
||||||
{
|
{
|
||||||
/* calculate hash for content */
|
/* calculate hash for content */
|
||||||
@ -27917,6 +28142,27 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outputSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectIntNE(pkcs7->contentSz, 0);
|
||||||
|
ExpectNotNull(pkcs7->contentDynamic);
|
||||||
|
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
return EXPECT_RESULT();
|
return EXPECT_RESULT();
|
||||||
} /* END test_wc_PKCS7_VerifySignedData_ECC() */
|
} /* END test_wc_PKCS7_VerifySignedData_ECC() */
|
||||||
@ -28679,7 +28925,10 @@ static int test_wc_PKCS7_Degenerate(void)
|
|||||||
XFILE f = XBADFILE;
|
XFILE f = XBADFILE;
|
||||||
byte der[4096];
|
byte der[4096];
|
||||||
word32 derSz = 0;
|
word32 derSz = 0;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
word32 z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
|
ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
|
||||||
ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
|
ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
|
||||||
if (f != XBADFILE)
|
if (f != XBADFILE)
|
||||||
@ -28691,9 +28940,27 @@ static int test_wc_PKCS7_Degenerate(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < derSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
#else
|
#else
|
||||||
ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
||||||
#endif
|
#endif /* NO_RSA */
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
@ -28704,6 +28971,28 @@ static int test_wc_PKCS7_Degenerate(void)
|
|||||||
wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
|
wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
|
||||||
PKCS7_NO_SIGNER_E);
|
PKCS7_NO_SIGNER_E);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < derSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
|
||||||
|
if (ret == WC_PKCS7_WANT_READ_E){
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, PKCS7_NO_SIGNER_E);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
#endif
|
#endif
|
||||||
return EXPECT_RESULT();
|
return EXPECT_RESULT();
|
||||||
@ -28920,6 +29209,10 @@ static int test_wc_PKCS7_BER(void)
|
|||||||
byte decoded[2048];
|
byte decoded[2048];
|
||||||
#endif
|
#endif
|
||||||
word32 derSz = 0;
|
word32 derSz = 0;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
word32 z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
|
ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
|
||||||
ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
|
ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
|
||||||
@ -28933,6 +29226,24 @@ static int test_wc_PKCS7_BER(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < derSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
#else
|
#else
|
||||||
ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
|
||||||
#endif
|
#endif
|
||||||
@ -29005,6 +29316,10 @@ static int test_wc_PKCS7_signed_enveloped(void)
|
|||||||
unsigned char decoded[FOURK_BUF];
|
unsigned char decoded[FOURK_BUF];
|
||||||
int decodedSz = FOURK_BUF;
|
int decodedSz = FOURK_BUF;
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
int z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
XMEMSET(&rng, 0, sizeof(WC_RNG));
|
XMEMSET(&rng, 0, sizeof(WC_RNG));
|
||||||
|
|
||||||
@ -29119,6 +29434,24 @@ static int test_wc_PKCS7_signed_enveloped(void)
|
|||||||
ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
|
||||||
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
|
||||||
|
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < sigSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
@ -29147,6 +29480,43 @@ static int test_wc_PKCS7_signed_enveloped(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
|
||||||
ExpectNotNull(pkcs7->content);
|
ExpectNotNull(pkcs7->content);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
/* create valid degenerate bundle */
|
||||||
|
sigSz = FOURK_BUF * 2;
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
|
||||||
|
if (pkcs7 != NULL) {
|
||||||
|
pkcs7->content = env;
|
||||||
|
pkcs7->contentSz = envSz;
|
||||||
|
pkcs7->contentOID = DATA;
|
||||||
|
pkcs7->privateKey = key;
|
||||||
|
pkcs7->privateKeySz = keySz;
|
||||||
|
pkcs7->encryptOID = RSAk;
|
||||||
|
pkcs7->hashOID = SHA256h;
|
||||||
|
pkcs7->rng = &rng;
|
||||||
|
}
|
||||||
|
ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
|
||||||
|
ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
wc_FreeRng(&rng);
|
||||||
|
|
||||||
|
/* check verify */
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
|
||||||
|
ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < sigSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
#ifdef HAVE_AES_CBC
|
#ifdef HAVE_AES_CBC
|
||||||
/* check decode */
|
/* check decode */
|
||||||
ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
|
ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
|
||||||
@ -29172,6 +29542,24 @@ static int test_wc_PKCS7_signed_enveloped(void)
|
|||||||
ExpectIntNE(pkcs7->singleCertSz, 0);
|
ExpectIntNE(pkcs7->singleCertSz, 0);
|
||||||
wc_PKCS7_Free(pkcs7);
|
wc_PKCS7_Free(pkcs7);
|
||||||
pkcs7 = NULL;
|
pkcs7 = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
|
||||||
|
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < decodedSz && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectNotNull(pkcs7->singleCert);
|
||||||
|
ExpectIntNE(pkcs7->singleCertSz, 0);
|
||||||
|
wc_PKCS7_Free(pkcs7);
|
||||||
|
pkcs7 = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
#endif
|
#endif
|
||||||
#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
|
#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
|
||||||
return EXPECT_RESULT();
|
return EXPECT_RESULT();
|
||||||
@ -52686,6 +53074,10 @@ static int test_wolfSSL_PKCS7_sign(void)
|
|||||||
EVP_PKEY* signKey = NULL;
|
EVP_PKEY* signKey = NULL;
|
||||||
X509* caCert = NULL;
|
X509* caCert = NULL;
|
||||||
X509_STORE* store = NULL;
|
X509_STORE* store = NULL;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
int z;
|
||||||
|
int ret;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* read signer cert/key into BIO */
|
/* read signer cert/key into BIO */
|
||||||
ExpectNotNull(certBio = BIO_new_file(cert, "r"));
|
ExpectNotNull(certBio = BIO_new_file(cert, "r"));
|
||||||
@ -52732,6 +53124,23 @@ static int test_wolfSSL_PKCS7_sign(void)
|
|||||||
ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
|
ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
|
||||||
ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
|
ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
/* verify with wc_PKCS7_VerifySignedData streaming */
|
||||||
|
wc_PKCS7_Free(p7Ver);
|
||||||
|
p7Ver = NULL;
|
||||||
|
ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outLen && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* compare the signer found to expected signer */
|
/* compare the signer found to expected signer */
|
||||||
ExpectIntNE(p7Ver->verifyCertSz, 0);
|
ExpectIntNE(p7Ver->verifyCertSz, 0);
|
||||||
tmpPtr = NULL;
|
tmpPtr = NULL;
|
||||||
@ -52804,6 +53213,26 @@ static int test_wolfSSL_PKCS7_sign(void)
|
|||||||
wc_PKCS7_Free(p7Ver);
|
wc_PKCS7_Free(p7Ver);
|
||||||
p7Ver = NULL;
|
p7Ver = NULL;
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
/* verify with wc_PKCS7_VerifySignedData streaming */
|
||||||
|
ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
if (p7Ver != NULL) {
|
||||||
|
p7Ver->content = data;
|
||||||
|
p7Ver->contentSz = sizeof(data);
|
||||||
|
}
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outLen && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
wc_PKCS7_Free(p7Ver);
|
||||||
|
p7Ver = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
/* verify expected failure (NULL return) from d2i_PKCS7, it does not
|
/* verify expected failure (NULL return) from d2i_PKCS7, it does not
|
||||||
* yet support detached content */
|
* yet support detached content */
|
||||||
tmpPtr = out;
|
tmpPtr = out;
|
||||||
@ -52842,6 +53271,28 @@ static int test_wolfSSL_PKCS7_sign(void)
|
|||||||
p7Ver = NULL;
|
p7Ver = NULL;
|
||||||
|
|
||||||
ExpectNotNull(out);
|
ExpectNotNull(out);
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
/* verify with wc_PKCS7_VerifySignedData streaming */
|
||||||
|
ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
|
||||||
|
if (p7Ver != NULL) {
|
||||||
|
p7Ver->content = data;
|
||||||
|
p7Ver->contentSz = sizeof(data);
|
||||||
|
}
|
||||||
|
/* test for streaming */
|
||||||
|
ret = -1;
|
||||||
|
for (z = 0; z < outLen && ret != 0; z++) {
|
||||||
|
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
|
||||||
|
if (ret < 0){
|
||||||
|
ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ExpectIntEQ(ret, 0);
|
||||||
|
ExpectNotNull(out);
|
||||||
|
wc_PKCS7_Free(p7Ver);
|
||||||
|
p7Ver = NULL;
|
||||||
|
#endif /* !NO_PKCS7_STREAM */
|
||||||
|
|
||||||
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
p7 = NULL;
|
p7 = NULL;
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -112,6 +112,7 @@ enum PKCS7_STATE {
|
|||||||
WC_PKCS7_VERIFY_STAGE4,
|
WC_PKCS7_VERIFY_STAGE4,
|
||||||
WC_PKCS7_VERIFY_STAGE5,
|
WC_PKCS7_VERIFY_STAGE5,
|
||||||
WC_PKCS7_VERIFY_STAGE6,
|
WC_PKCS7_VERIFY_STAGE6,
|
||||||
|
WC_PKCS7_VERIFY_STAGE7,
|
||||||
|
|
||||||
/* parse info set */
|
/* parse info set */
|
||||||
WC_PKCS7_INFOSET_START,
|
WC_PKCS7_INFOSET_START,
|
||||||
|
|||||||
Reference in New Issue
Block a user