]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/regressions/cms-01-basic.c
projects / apple / security.git / blob
? search:


40f66899d451f801d1cc5609c7f9baa5c3810df0
[apple/security.git] / OSX / libsecurity_smime / regressions / cms-01-basic.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include "cms-01-basic.h"
25 #include "smime_regressions.h"
26
27 #include <AssertMacros.h>
28
29 #include <utilities/SecCFRelease.h>
30
31 #include <Security/SecBase.h>
32 #include <Security/SecImportExport.h>
33 #include <Security/SecKeychain.h>
34 #include <Security/SecIdentity.h>
35 #include <Security/SecPolicy.h>
36
37 #include <Security/SecCmsMessage.h>
38 #include <Security/SecCmsSignedData.h>
39 #include <Security/SecCmsContentInfo.h>
40 #include <Security/SecCmsSignerInfo.h>
41 #include <Security/SecCmsEncoder.h>
42 #include <Security/SecCmsDecoder.h>
43 #include <Security/SecCmsEnvelopedData.h>
44 #include <Security/SecCmsRecipientInfo.h>
45
46 #include <security_asn1/secerr.h>
47 #include <security_asn1/seccomon.h>
48
49 #define TMP_KEYCHAIN_PATH "/tmp/cms_01_test.keychain"
50
51 #pragma clang diagnostic push
52 #pragma clang diagnostic ignored "-Wunused-variable"
53 #pragma clang diagnostic ignored "-Wunused-function"
54
55 #define kNumberSetupTests 10
56 static SecKeychainRef setup_keychain(const uint8_t *p12, size_t p12_len, SecIdentityRef *identity, SecCertificateRef *cert) {
57 CFDataRef p12Data = NULL;
58 CFArrayRef imported_items = NULL, oldSearchList = NULL;
59 CFMutableArrayRef newSearchList = NULL;
60 SecKeychainRef keychain = NULL;
61 SecExternalFormat sef = kSecFormatPKCS12;
62 SecItemImportExportKeyParameters keyParams = {
63 .passphrase = CFSTR("password")
64 };
65
66 /* Create keychain and add to search list (for decryption) */
67 unlink(TMP_KEYCHAIN_PATH);
68 ok_status(SecKeychainCopySearchList(&oldSearchList),
69 "Copy keychain search list");
70 require(oldSearchList, out);
71 ok(newSearchList = CFArrayCreateMutableCopy(NULL, CFArrayGetCount(oldSearchList)+1, oldSearchList),
72 "Create new search list");
73 ok_status(SecKeychainCreate(TMP_KEYCHAIN_PATH, 8, "password", false, NULL, &keychain),
74 "Create keychain for identity");
75 require(keychain, out);
76 CFArrayAppendValue(newSearchList, keychain);
77 ok_status(SecKeychainSetSearchList(newSearchList),
78 "Set keychain search list");
79
80 /* Load identity and set as signer */
81 ok(p12Data = CFDataCreate(NULL, p12, p12_len),
82 "Create p12 data");
83 ok_status(SecItemImport(p12Data, NULL, &sef, NULL, 0, &keyParams, keychain, &imported_items),
84 "Import identity");
85 is(CFArrayGetCount(imported_items),1,"Imported 1 items");
86 is(CFGetTypeID(CFArrayGetValueAtIndex(imported_items, 0)), SecIdentityGetTypeID(),
87 "Got back an identity");
88 ok(*identity = (SecIdentityRef) CFRetainSafe(CFArrayGetValueAtIndex(imported_items, 0)),
89 "Retrieve identity");
90 ok_status(SecIdentityCopyCertificate(*identity, cert),
91 "Copy certificate");
92
93 CFReleaseNull(p12Data);
94 CFReleaseNull(imported_items);
95
96 out:
97 return keychain;
98 }
99
100 #define kNumberCleanupTests 1
101 static void cleanup_keychain(SecKeychainRef keychain, SecIdentityRef identity, SecCertificateRef cert) {
102 /* Delete keychain - from the search list and from disk */
103 ok_status(SecKeychainDelete(keychain), "Delete temporary keychain");
104 CFReleaseNull(keychain);
105 CFReleaseNull(cert);
106 CFReleaseNull(identity);
107 }
108
109 static OSStatus sign_please(SecIdentityRef identity, SECOidTag digestAlgTag, bool withAttrs, uint8_t *expected_output, size_t expected_len) {
110
111 OSStatus status = SECFailure;
112
113 SecCmsMessageRef cmsg = NULL;
114 SecCmsSignedDataRef sigd = NULL;
115 SecCmsContentInfoRef cinfo = NULL;
116 SecCmsSignerInfoRef signerInfo = NULL;
117 SecCmsEncoderRef encoder = NULL;
118 SecArenaPoolRef arena = NULL;
119 CSSM_DATA cms_data = {
120 .Data = NULL,
121 .Length = 0
122 };
123 uint8_t string_to_sign[] = "This message is signed. Ain't it pretty?";
124
125 /* setup the message */
126 require_action_string(cmsg = SecCmsMessageCreate(NULL), out,
127 status = errSecAllocate, "Failed to create message");
128 require_action_string(sigd = SecCmsSignedDataCreate(cmsg), out,
129 status = errSecAllocate, "Failed to create signed data");
130 require_action_string(cinfo = SecCmsMessageGetContentInfo(cmsg), out,
131 status = errSecParam, "Failed to get cms content info");
132 require_noerr_string(status = SecCmsContentInfoSetContentSignedData(cmsg, cinfo, sigd), out,
133 "Failed to set signed data into content info");
134 require_action_string(cinfo = SecCmsSignedDataGetContentInfo(sigd), out,
135 status = errSecParam, "Failed to get content info from signed data");
136 require_noerr_string(status = SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out,
137 "Failed to set signed data content info");
138 require_action_string(signerInfo = SecCmsSignerInfoCreate(cmsg, identity, digestAlgTag), out,
139 status = errSecAllocate, "Failed to create signer info");
140 require_noerr_string(status = SecCmsSignerInfoIncludeCerts(signerInfo, SecCmsCMCertOnly,
141 certUsageEmailSigner), out,
142 "Failed to put certs in signer info");
143
144 if(withAttrs) {
145 require_noerr_string(status = SecCmsSignerInfoAddSigningTime(signerInfo, 480000000.0), out,
146 "Couldn't add an attribute");
147 }
148 require_noerr_string(status = SecCmsSignedDataAddSignerInfo(sigd, signerInfo), out,
149 "Couldn't add signer info to signed data");
150
151 /* encode now */
152 require_noerr_string(status = SecArenaPoolCreate(1024, &arena), out,
153 "Failed to create arena");
154 require_noerr_string(status = SecCmsEncoderCreate(cmsg, NULL, NULL, &cms_data, arena, NULL, NULL,
155 NULL, NULL, NULL, NULL, &encoder), out,
156 "Failed to create encoder");
157 require_noerr_string(status = SecCmsEncoderUpdate(encoder, string_to_sign, sizeof(string_to_sign)), out,
158 "Failed to add data ");
159 status = SecCmsEncoderFinish(encoder);
160 encoder = NULL; // SecCmsEncoderFinish always frees the encoder but doesn't NULL it.
161 require_noerr_quiet(status, out);
162
163 /* verify the output matches expected results */
164 if (expected_output) {
165 require_action_string(expected_len == cms_data.Length, out,
166 status = -1, "Output size differs from expected");
167 require_noerr_action_string(memcmp(expected_output, cms_data.Data, expected_len), out,
168 status = -1, "Output differs from expected");
169 }
170
171 out:
172 if (encoder) {
173 SecCmsEncoderDestroy(encoder);
174 }
175 if (arena) {
176 SecArenaPoolFree(arena, false);
177 }
178 if (cmsg) {
179 SecCmsMessageDestroy(cmsg);
180 }
181 return status;
182
183 }
184
185 static OSStatus verify_please(SecKeychainRef keychain, uint8_t *data_to_verify, size_t length) {
186 OSStatus status = SECFailure;
187 SecCmsDecoderRef decoder = NULL;
188 SecCmsMessageRef cmsg = NULL;
189 SecCmsContentInfoRef cinfo = NULL;
190 SecCmsSignedDataRef sigd = NULL;
191 SecPolicyRef policy = NULL;
192 SecTrustRef trust = NULL;
193
194 if (!data_to_verify) {
195 return errSecSuccess; // reasons...
196 }
197
198 require_noerr_string(status = SecCmsDecoderCreate(NULL, NULL, NULL, NULL, NULL,
199 NULL, NULL, &decoder), out,
200 "Failed to create decoder");
201 require_noerr_string(status = SecCmsDecoderUpdate(decoder, data_to_verify, length), out,
202 "Failed to add data ");
203 status = SecCmsDecoderFinish(decoder, &cmsg);
204 decoder = NULL; // SecCmsDecoderFinish always frees the decoder
205 require_noerr_quiet(status, out);
206
207 require_action_string(cinfo = SecCmsMessageContentLevel(cmsg, 0), out,
208 status = errSecDecode, "Failed to get content info");
209 require_action_string(SEC_OID_PKCS7_SIGNED_DATA == SecCmsContentInfoGetContentTypeTag(cinfo), out,
210 status = errSecDecode, "Content type was pkcs7 signed data");
211 require_action_string(sigd = (SecCmsSignedDataRef)SecCmsContentInfoGetContent(cinfo), out,
212 status = errSecDecode, "Failed to get signed data");
213 require_action_string(policy = SecPolicyCreateBasicX509(), out,
214 status = errSecAllocate, "Failed to create basic policy");
215 status = SecCmsSignedDataVerifySignerInfo(sigd, 0, keychain, policy, &trust);
216
217 out:
218 if (decoder) {
219 SecCmsDecoderDestroy(decoder);
220 }
221 if (cmsg) {
222 SecCmsMessageDestroy(cmsg);
223 }
224 CFReleaseNull(policy);
225 CFReleaseNull(trust);
226 return status;
227 }
228
229 static uint8_t *invalidate_signature(uint8_t *cms_data, size_t length) {
230 if (!cms_data || !length || (length < 10)) {
231 return NULL;
232 }
233 uint8_t *invalid_cms = NULL;
234
235 invalid_cms = malloc(length);
236 if (invalid_cms) {
237 memcpy(invalid_cms, cms_data, length);
238 /* This modifies the signature part of the test cms binaries */
239 invalid_cms[length - 10] = 0x00;
240 }
241
242 return invalid_cms;
243 }
244
245 static OSStatus invalidate_and_verify(SecKeychainRef kc, uint8_t *cms_data, size_t length) {
246 OSStatus status = SECFailure;
247 uint8_t *invalid_cms_data = NULL;
248
249 if (!cms_data) {
250 return SECFailure; // reasons...
251 }
252
253 require_action_string(invalid_cms_data = invalidate_signature(cms_data, length), out,
254 status = errSecAllocate, "Unable to allocate buffer for invalid cms data");
255 status = verify_please(kc, invalid_cms_data, length);
256
257 out:
258 if (invalid_cms_data) {
259 free(invalid_cms_data);
260 }
261 return status;
262 }
263
264 /* forward declaration */
265 static OSStatus decrypt_please(uint8_t *data_to_decrypt, size_t length);
266
267 static OSStatus encrypt_please(SecCertificateRef recipient, SECOidTag encAlg, int keysize) {
268 OSStatus status = SECFailure;
269 SecCmsMessageRef cmsg = NULL;
270 SecCmsEnvelopedDataRef envd = NULL;
271 SecCmsContentInfoRef cinfo = NULL;
272 SecCmsRecipientInfoRef rinfo = NULL;
273 SecArenaPoolRef arena = NULL;
274 SecCmsEncoderRef encoder = NULL;
275 CSSM_DATA cms_data = {
276 .Data = NULL,
277 .Length = 0
278 };
279 const uint8_t data_to_encrypt[] = "This data is encrypted. Is cool, no?";
280
281 /* set up the message */
282 require_action_string(cmsg = SecCmsMessageCreate(NULL), out,
283 status = errSecAllocate, "Failed to create message");
284 require_action_string(envd = SecCmsEnvelopedDataCreate(cmsg, encAlg, keysize), out,
285 status = errSecAllocate, "Failed to create enveloped data");
286 require_action_string(cinfo = SecCmsMessageGetContentInfo(cmsg), out,
287 status = errSecParam, "Failed to get content info from cms message");
288 require_noerr_string(status = SecCmsContentInfoSetContentEnvelopedData(cmsg, cinfo, envd), out,
289 "Failed to set enveloped data in cms message");
290 require_action_string(cinfo = SecCmsEnvelopedDataGetContentInfo(envd), out,
291 status = errSecParam, "Failed to get content info from enveloped data");
292 require_noerr_string(status = SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out,
293 "Failed to set data type in envelope");
294 require_action_string(rinfo = SecCmsRecipientInfoCreate(cmsg, recipient), out,
295 status = errSecAllocate, "Failed to create recipient info");
296 require_noerr_string(status = SecCmsEnvelopedDataAddRecipient(envd, rinfo), out,
297 "Failed to add recipient info to envelope");
298
299 /* encode the message */
300 require_noerr_string(status = SecArenaPoolCreate(1024, &arena), out,
301 "Failed to create arena");
302 require_noerr_string(status = SecCmsEncoderCreate(cmsg, NULL, NULL, &cms_data, arena, NULL, NULL,
303 NULL, NULL, NULL, NULL, &encoder), out,
304 "Failed to create encoder");
305 require_noerr_string(status = SecCmsEncoderUpdate(encoder, data_to_encrypt, sizeof(data_to_encrypt)), out,
306 "Failed to update encoder with data");
307 status = SecCmsEncoderFinish(encoder);
308 encoder = NULL; // SecCmsEncoderFinish always frees the encoder but doesn't NULL it.
309 require_noerr_quiet(status, out);
310
311 require_noerr_string(status = decrypt_please(cms_data.Data, cms_data.Length), out,
312 "Failed to decrypt the data we just encrypted");
313
314 out:
315 if (encoder) {
316 SecCmsEncoderDestroy(encoder);
317 }
318 if (arena) {
319 SecArenaPoolFree(arena, false);
320 }
321 if (cmsg) {
322 SecCmsMessageDestroy(cmsg);
323 }
324 return status;
325 }
326
327 static OSStatus decrypt_please(uint8_t *data_to_decrypt, size_t length) {
328 OSStatus status = SECFailure;
329 SecCmsDecoderRef decoder = NULL;
330 SecCmsMessageRef cmsg = NULL;
331 CSSM_DATA_PTR content = NULL;
332 const uint8_t encrypted_string[] = "This data is encrypted. Is cool, no?";
333
334 require_noerr_string(status = SecCmsDecoderCreate(NULL, NULL, NULL, NULL, NULL,
335 NULL, NULL, &decoder), out,
336 "Failed to create decoder");
337 require_noerr_string(status = SecCmsDecoderUpdate(decoder, data_to_decrypt, length), out,
338 "Failed to add data ");
339 status = SecCmsDecoderFinish(decoder, &cmsg);
340 decoder = NULL; // SecCmsDecoderFinish always frees the decoder
341 require_noerr_quiet(status, out);
342 require_action_string(content = SecCmsMessageGetContent(cmsg), out,
343 status = errSecDecode, "Unable to get message contents");
344
345 /* verify the output matches expected results */
346 require_action_string(sizeof(encrypted_string) == content->Length, out,
347 status = -1, "Output size differs from expected");
348 require_noerr_action_string(memcmp(encrypted_string, content->Data, content->Length), out,
349 status = -1, "Output differs from expected");
350
351 out:
352 if (cmsg) {
353 SecCmsMessageDestroy(cmsg);
354 }
355 return status;
356 }
357
358 /* Signing with attributes goes through a different code path than signing without,
359 * so we need to test both. */
360 #define kNumberSignTests 10
361 static void sign_tests(SecIdentityRef identity, bool isRSA) {
362
363 /* no attributes */
364 is(sign_please(identity, SEC_OID_MD5, false, NULL, 0),
365 SEC_ERROR_INVALID_ALGORITHM, "Signed with MD5. Not cool.");
366 is(sign_please(identity, SEC_OID_SHA1, false, (isRSA) ? rsa_sha1 : NULL,
367 (isRSA) ? sizeof(rsa_sha1) : 0),
368 errSecSuccess, "Signed with SHA-1");
369 is(sign_please(identity, SEC_OID_SHA256, false, (isRSA) ? rsa_sha256 : NULL,
370 (isRSA) ? sizeof(rsa_sha256) : 0),
371 errSecSuccess, "Signed with SHA-256");
372 is(sign_please(identity, SEC_OID_SHA384, false, NULL, 0), errSecSuccess, "Signed with SHA-384");
373 is(sign_please(identity, SEC_OID_SHA512, false, NULL, 0), errSecSuccess, "Signed with SHA-512");
374
375 /* with attributes */
376 is(sign_please(identity, SEC_OID_MD5, true, NULL, 0),
377 SEC_ERROR_INVALID_ALGORITHM, "Signed with MD5 and attributes. Not cool.");
378 is(sign_please(identity, SEC_OID_SHA1, true, (isRSA) ? rsa_sha1_attr : NULL,
379 (isRSA) ? sizeof(rsa_sha1_attr) : 0),
380 errSecSuccess, "Signed with SHA-1 and attributes");
381 is(sign_please(identity, SEC_OID_SHA256, true, (isRSA) ? rsa_sha256_attr : NULL,
382 (isRSA) ? sizeof(rsa_sha256_attr) : 0),
383 errSecSuccess, "Signed with SHA-256 and attributes");
384 is(sign_please(identity, SEC_OID_SHA384, true, NULL, 0),
385 errSecSuccess, "Signed with SHA-384 and attributes");
386 is(sign_please(identity, SEC_OID_SHA512, true, NULL, 0),
387 errSecSuccess, "Signed with SHA-512 and attributes");
388 }
389
390 /* Verifying with attributes goes through a different code path than verifying without,
391 * so we need to test both. */
392 #define kNumberVerifyTests 12
393 static void verify_tests(SecKeychainRef kc, bool isRsa) {
394 /* no attributes */
395 is(verify_please(kc, (isRsa) ? rsa_md5 : ec_md5,
396 (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
397 (isRsa) ? errSecSuccess : SECFailure,
398 "Verify MD5, no attributes");
399 is(verify_please(kc, (isRsa) ? rsa_sha1 : ec_sha1,
400 (isRsa) ? sizeof(rsa_sha1) : sizeof(ec_sha1)),
401 errSecSuccess, "Verify SHA1, no attributes");
402 is(verify_please(kc, (isRsa) ? rsa_sha256 : ec_sha256,
403 (isRsa) ? sizeof(rsa_sha256) : sizeof(ec_sha256)),
404 errSecSuccess, "Verify SHA256, no attributes");
405
406 /* with attributes */
407 is(verify_please(kc, (isRsa) ? rsa_md5_attr : NULL,
408 (isRsa) ? sizeof(rsa_md5_attr) : 0),
409 errSecSuccess, "Verify MD5, with attributes");
410 is(verify_please(kc, (isRsa) ? rsa_sha1_attr : ec_sha1_attr,
411 (isRsa) ? sizeof(rsa_sha1_attr) : sizeof(ec_sha1_attr)),
412 errSecSuccess, "Verify SHA1, with attributes");
413 is(verify_please(kc, (isRsa) ? rsa_sha256_attr : ec_sha256_attr,
414 (isRsa) ? sizeof(rsa_sha256_attr) : sizeof(ec_sha256_attr)),
415 errSecSuccess, "Verify SHA256, with attributes");
416
417 /***** Once more, with validation errors *****/
418
419 /* no attributes */
420 is(invalidate_and_verify(kc, (isRsa) ? rsa_md5 : ec_md5,
421 (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
422 SECFailure, "Verify invalid MD5, no attributes");
423 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha1 : ec_sha1,
424 (isRsa) ? sizeof(rsa_sha1) : sizeof(ec_sha1)),
425 SECFailure, "Verify invalid SHA1, no attributes");
426 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha256 : ec_sha256,
427 (isRsa) ? sizeof(rsa_sha256) : sizeof(ec_sha256)),
428 SECFailure, "Verify invalid SHA256, no attributes");
429
430 /* with attributes */
431 is(invalidate_and_verify(kc, (isRsa) ? rsa_md5_attr : NULL,
432 (isRsa) ? sizeof(rsa_md5_attr) : 0),
433 SECFailure, "Verify invalid MD5, with attributes");
434 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha1_attr : ec_sha1_attr,
435 (isRsa) ? sizeof(rsa_sha1_attr) : sizeof(ec_sha1_attr)),
436 SECFailure, "Verify invalid SHA1, with attributes");
437 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha256_attr : ec_sha256_attr,
438 (isRsa) ? sizeof(rsa_sha256_attr) : sizeof(ec_sha256_attr)),
439 SECFailure, "Verify invalid SHA256, with attributes");
440 }
441
442 #define kNumberEncryptTests 5
443 static void encrypt_tests(SecCertificateRef certificate) {
444 is(encrypt_please(certificate, SEC_OID_DES_EDE3_CBC, 192),
445 errSecSuccess, "Encrypt with 3DES");
446 is(encrypt_please(certificate, SEC_OID_RC2_CBC, 128),
447 errSecSuccess, "Encrypt with 128-bit RC2");
448 is(encrypt_please(certificate, SEC_OID_AES_128_CBC, 128),
449 errSecSuccess, "Encrypt with 128-bit AES");
450 is(encrypt_please(certificate, SEC_OID_AES_192_CBC, 192),
451 errSecSuccess, "Encrypt with 192-bit AES");
452 is(encrypt_please(certificate, SEC_OID_AES_256_CBC, 256),
453 errSecSuccess, "Encrypt with 256-bit AES");
454 }
455
456 #define kNumberDecryptTests 5
457 static void decrypt_tests(bool isRsa) {
458 is(decrypt_please((isRsa) ? rsa_3DES : ec_3DES,
459 (isRsa) ? sizeof(rsa_3DES) : sizeof(ec_3DES)),
460 errSecSuccess, "Decrypt 3DES");
461 is(decrypt_please((isRsa) ? rsa_RC2 : ec_RC2,
462 (isRsa) ? sizeof(rsa_RC2) : sizeof(ec_RC2)),
463 errSecSuccess, "Decrypt 128-bit RC2");
464 is(decrypt_please((isRsa) ? rsa_AES_128 : ec_AES_128,
465 (isRsa) ? sizeof(rsa_AES_128) : sizeof(ec_AES_128)),
466 errSecSuccess, "Decrypt 128-bit AES");
467 is(decrypt_please((isRsa) ? rsa_AES_192 : ec_AES_192,
468 (isRsa) ? sizeof(rsa_AES_192) : sizeof(ec_AES_192)),
469 errSecSuccess, "Decrypt 192-bit AES");
470 is(decrypt_please((isRsa) ? rsa_AES_256 : ec_AES_256,
471 (isRsa) ? sizeof(rsa_AES_256) : sizeof(ec_AES_256)),
472 errSecSuccess, "Decrypt 256-bit AES");
473 }
474
475 int cms_01_basic(int argc, char *const *argv)
476 {
477 plan_tests(2*(kNumberSetupTests + kNumberSignTests + kNumberVerifyTests +
478 kNumberEncryptTests + kNumberDecryptTests + kNumberCleanupTests));
479
480 SecKeychainRef kc = NULL;
481 SecIdentityRef identity = NULL;
482 SecCertificateRef certificate = NULL;
483
484 /* RSA tests */
485 kc = setup_keychain(_rsa_identity, sizeof(_rsa_identity), &identity, &certificate);
486 sign_tests(identity, true);
487 verify_tests(kc, true);
488 encrypt_tests(certificate);
489 decrypt_tests(true);
490 cleanup_keychain(kc, identity, certificate);
491
492 /* EC tests */
493 kc = setup_keychain(_ec_identity, sizeof(_ec_identity), &identity, &certificate);
494 sign_tests(identity, false);
495 verify_tests(kc, false);
496 encrypt_tests(certificate);
497 decrypt_tests(false);
498 cleanup_keychain(kc, identity, certificate);
499
500 return 0;
501 }
mirror of Security