]> git.saurik.com Git - apple/security.git/blame - OSX/sec/Security/Regressions/secitem/si-64-ossl-cms.c
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-64-ossl-cms.c
CommitLineData
427c49bc 1/*
d8f41ccd 2 * Copyright (c) 2009,2012-2014 Apple Inc. All Rights Reserved.
427c49bc 3 *
d8f41ccd
A		 4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
427c49bc 22 */
d8f41ccd 23
427c49bc
A		 24#include "si-64-ossl-cms/attached_no_data_signed_data.h"
25#include "si-64-ossl-cms/attached_signed_data.h"
26#include "si-64-ossl-cms/detached_content.h"
27#include "si-64-ossl-cms/detached_signed_data.h"
28#include "si-64-ossl-cms/signer.h"
29#include "si-64-ossl-cms/privkey.h"
30
31#include <CoreFoundation/CoreFoundation.h>
32#include <Security/SecCMS.h>
33#include <Security/SecRSAKey.h>
34#include <Security/SecCertificatePriv.h>
35#include <Security/SecIdentityPriv.h>
866f8763 36#include <Security/SecItem.h>
b54c578e 37#include <Security/SecPolicy.h>
427c49bc
A		 38#include <utilities/SecCFWrappers.h>
39
40#include <unistd.h>
41#include <AssertMacros.h>
42
866f8763 43#include "shared_regressions.h"
427c49bc
A		 44
45/*
46openssl req -new -newkey rsa:512 -x509 -nodes -subj "/O=foo/CN=bar" -out signer.pem
47echo -n "hoi joh" > detached_content
48openssl smime -sign -outform der -signer signer.pem -in detached_content -inkey privkey.pem -out detached_signed_data.der
49openssl smime -nodetach -sign -outform der -signer test.pem -in detached_content -inkey privkey.pem -out attached_signed_data.der
50openssl smime -nodetach -sign -outform der -signer test.pem -inkey privkey.pem -out attached_no_data_signed_data.der < /dev/null
51
52xxd -i detached_content > detached_content.h
53xxd -i attached_no_data_signed_data.der > attached_no_data_signed_data.h
54xxd -i attached_signed_data.der > attached_signed_data.h
55xxd -i detached_signed_data.der > detached_signed_data.h
56
57openssl x509 -in test.pem -outform der -out signer.der
58xxd -i signer.der > signer.h
59
60
61attached difference:
62
63 33 NDEF: SEQUENCE {
64 <06 09>
65 35 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
66 <A0 80>
67 46 NDEF: [0] {
68 <24 80>
69 48 NDEF: OCTET STRING {
70 <04 07>
71 50 7: OCTET STRING 'hoi joh'
72 <00 00>
73 : }
74 <00 00>
75 : }
76 <00 00>
77 : }
78
79 39 22: SEQUENCE {
80 <06 09>
81 41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
82 <A0 09>
83 52 9: [0] {
84 <04 07>
85 54 7: OCTET STRING 'hoi joh'
86 : }
87 : }
88
89detached:
90
91 <30 80>
92 33 NDEF: SEQUENCE {
93 <06 09>
94 35 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
95 <00 00>
96 : }
97
98 <30 0B>
99 39 11: SEQUENCE {
100 <06 09>
101 41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
102 : }
103
104attached empty:
105
106 <30 80>
107 33 NDEF: SEQUENCE {
108 <06 09>
109 35 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
110 <A0 80>
111 46 NDEF: [0] {
112 <24 80>
113 48 NDEF: OCTET STRING {
114 <00 00>
115 : }
116 <00 00>
117 : }
118 <00 00>
119 : }
120
121 <30 0F>
122 39 15: SEQUENCE {
123 <06 09>
124 41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
125 <A0 02>
126 52 2: [0] {
127 <04 00>
128 54 0: OCTET STRING
129 : Error: Object has zero length.
130 : }
131 : }
132
133
134*/
135
136#include <fcntl.h>
d8f41ccd 137__unused static inline void write_data(const char * path, CFDataRef data)
427c49bc
A		 138{
139 int data_file = open(path, O_CREAT|O_WRONLY|O_TRUNC, 0644);
140 write(data_file, CFDataGetBytePtr(data), CFDataGetLength(data));
141 close(data_file);
142}
143
144static void tests(void)
145{
146 CFDataRef attached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_signed_data_der, attached_signed_data_der_len, kCFAllocatorNull);
147 CFDataRef detached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_signed_data_der, detached_signed_data_der_len, kCFAllocatorNull);
148 CFDataRef attached_no_data_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_no_data_signed_data_der, attached_no_data_signed_data_der_len, kCFAllocatorNull);
149 CFDataRef detached_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_content, detached_content_len, kCFAllocatorNull);
150 CFDataRef no_data = CFDataCreate(kCFAllocatorDefault, NULL, 0);
151 SecPolicyRef policy = SecPolicyCreateBasicX509();
152 SecTrustRef trust = NULL;
153
154 ok_status(SecCMSVerifyCopyDataAndAttributes(attached_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached data");
866f8763 155 CFReleaseNull(trust);
427c49bc 156 ok_status(SecCMSVerifyCopyDataAndAttributes(detached_signed_data, detached_data, policy, &trust, NULL, NULL), "verify detached data");
866f8763
A		 157 CFReleaseNull(trust);
158#if TARGET_OS_IPHONE
159 /* iOS supports empty data */
160 ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached no data");
161#else
162 /* macOS does not */
163 is_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), errSecAuthFailed, "verify attached no data");
164#endif
165 CFReleaseNull(trust);
427c49bc 166 ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, no_data, policy, &trust, NULL, NULL), "verify attached no data");
866f8763 167 CFReleaseNull(trust);
427c49bc
A		 168
169
170 SecCertificateRef cert = NULL;
171 SecKeyRef privKey = NULL;
172 SecIdentityRef identity = NULL;
173
174 isnt(cert = SecCertificateCreateWithBytes(NULL, signer_der, signer_der_len), NULL, "create certificate");
866f8763
A		 175 CFDataRef keyData = CFDataCreate(NULL, privkey_der, privkey_der_len);
176 CFMutableDictionaryRef keyAttrs = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
177 CFDictionaryAddValue(keyAttrs, kSecAttrKeyType, kSecAttrKeyTypeRSA);
178 CFDictionaryAddValue(keyAttrs, kSecAttrKeyClass, kSecAttrKeyClassPrivate);
179 isnt(privKey = SecKeyCreateWithData(keyData, keyAttrs, NULL), NULL, "Create private key");
427c49bc
A		 180 isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
181 CFReleaseSafe(privKey);
866f8763
A		 182 CFReleaseNull(keyData);
183 CFReleaseNull(keyAttrs);
427c49bc
A		 184
185 CFMutableDataRef cms_data = CFDataCreateMutable(kCFAllocatorDefault, 0);
186 ok_status(SecCMSCreateSignedData(identity, detached_data, NULL, NULL, cms_data), "create attached data");
187 //write_data("/var/tmp/attached", cms_data);
188 CFDataSetLength(cms_data, 0);
5c19dc3a 189 CFDictionaryRef detached_cms_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecCMSSignDetached, (const void **)&kCFBooleanTrue, 1, NULL, NULL);
427c49bc 190 ok_status(SecCMSCreateSignedData(identity, detached_data, detached_cms_dict, NULL, cms_data), "create attached data");
866f8763 191 CFReleaseNull(detached_cms_dict);
427c49bc
A		 192 //write_data("/var/tmp/detached", cms_data);
193 CFDataSetLength(cms_data, 0);
866f8763
A		 194#if TARGET_OS_IPHONE
195 /* iOS supports empty data */
196 ok_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), "create attached data");
197#else
198 /* macOS does not */
199 is_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), errSecParam, "create attached data");
200#endif
201
427c49bc
A		 202 //write_data("/var/tmp/empty_attached", cms_data);
203
204 CFReleaseSafe(cms_data);
205 CFReleaseSafe(cert);
206 CFReleaseNull(identity);
866f8763
A		 207 CFReleaseSafe(attached_signed_data);
208 CFReleaseSafe(detached_signed_data);
209 CFReleaseSafe(attached_no_data_signed_data);
210 CFReleaseSafe(detached_data);
211 CFReleaseSafe(no_data);
212 CFReleaseSafe(policy);
427c49bc
A		 213}
214
215int si_64_ossl_cms(int argc, char *const *argv)
216{
217 plan_tests(10);
218
219
220 tests();
221
222 return 0;
223}
mirror of Security