OSX/sec/Security/Regressions/secitem/si-64-ossl-cms.c

   1 /*
   2  * Copyright (c) 2009,2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include "si-64-ossl-cms/attached_no_data_signed_data.h"
  25 #include "si-64-ossl-cms/attached_signed_data.h"
  26 #include "si-64-ossl-cms/detached_content.h"
  27 #include "si-64-ossl-cms/detached_signed_data.h"
  28 #include "si-64-ossl-cms/signer.h"
  29 #include "si-64-ossl-cms/privkey.h"
  30
  31 #include <CoreFoundation/CoreFoundation.h>
  32 #include <Security/SecCMS.h>
  33 #include <Security/SecRSAKey.h>
  34 #include <Security/SecCertificatePriv.h>
  35 #include <Security/SecIdentityPriv.h>
  36 #include <Security/SecItem.h>
  37 #include <utilities/SecCFWrappers.h>
  38
  39 #include <unistd.h>
  40 #include <AssertMacros.h>
  41
  42 #include "shared_regressions.h"
  43
  44 /*
  45 openssl req -new -newkey rsa:512 -x509 -nodes -subj "/O=foo/CN=bar" -out signer.pem
  46 echo -n "hoi joh" > detached_content
  47 openssl smime -sign -outform der -signer signer.pem -in detached_content -inkey privkey.pem -out detached_signed_data.der
  48 openssl smime -nodetach -sign -outform der -signer test.pem -in detached_content -inkey privkey.pem -out attached_signed_data.der
  49 openssl smime -nodetach -sign -outform der -signer test.pem -inkey privkey.pem -out attached_no_data_signed_data.der < /dev/null
  50
  51 xxd -i detached_content > detached_content.h
  52 xxd -i attached_no_data_signed_data.der > attached_no_data_signed_data.h
  53 xxd -i attached_signed_data.der > attached_signed_data.h
  54 xxd -i detached_signed_data.der > detached_signed_data.h
  55
  56 openssl x509 -in test.pem -outform der -out signer.der
  57 xxd -i signer.der > signer.h
  58
  59
  60 attached difference:
  61
  62   33 NDEF:       SEQUENCE {
  63     <06 09>
  64   35    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  65     <A0 80>
  66   46 NDEF:         [0] {
  67     <24 80>
  68   48 NDEF:           OCTET STRING {
  69     <04 07>
  70   50    7:             OCTET STRING 'hoi joh'
  71     <00 00>
  72          :             }
  73     <00 00>
  74          :           }
  75     <00 00>
  76          :         }
  77
  78   39   22:       SEQUENCE {
  79     <06 09>
  80   41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  81     <A0 09>
  82   52    9:         [0] {
  83     <04 07>
  84   54    7:           OCTET STRING 'hoi joh'
  85          :           }
  86          :         }
  87
  88 detached:
  89
  90     <30 80>
  91   33 NDEF:       SEQUENCE {
  92     <06 09>
  93   35    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  94     <00 00>
  95          :         }
  96
  97     <30 0B>
  98   39   11:       SEQUENCE {
  99     <06 09>
 100   41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 101          :         }
 102
 103 attached empty:
 104
 105     <30 80>
 106   33 NDEF:       SEQUENCE {
 107     <06 09>
 108   35    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 109     <A0 80>
 110   46 NDEF:         [0] {
 111     <24 80>
 112   48 NDEF:           OCTET STRING {
 113     <00 00>
 114          :             }
 115     <00 00>
 116          :           }
 117     <00 00>
 118          :         }
 119
 120     <30 0F>
 121   39   15:       SEQUENCE {
 122     <06 09>
 123   41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 124     <A0 02>
 125   52    2:         [0] {
 126     <04 00>
 127   54    0:           OCTET STRING
 128          :             Error: Object has zero length.
 129          :           }
 130          :         }
 131
 132
 133 */
 134
 135 #include <fcntl.h>
 136 __unused static inline void write_data(const char * path, CFDataRef data)
 137 {
 138     int data_file = open(path, O_CREAT|O_WRONLY|O_TRUNC, 0644);
 139     write(data_file, CFDataGetBytePtr(data), CFDataGetLength(data));
 140     close(data_file);
 141 }
 142
 143 static void tests(void)
 144 {
 145         CFDataRef attached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_signed_data_der, attached_signed_data_der_len, kCFAllocatorNull);
 146         CFDataRef detached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_signed_data_der, detached_signed_data_der_len, kCFAllocatorNull);
 147         CFDataRef attached_no_data_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_no_data_signed_data_der, attached_no_data_signed_data_der_len, kCFAllocatorNull);
 148         CFDataRef detached_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_content, detached_content_len, kCFAllocatorNull);
 149         CFDataRef no_data = CFDataCreate(kCFAllocatorDefault, NULL, 0);
 150         SecPolicyRef policy = SecPolicyCreateBasicX509();
 151         SecTrustRef trust = NULL;
 152
 153         ok_status(SecCMSVerifyCopyDataAndAttributes(attached_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached data");
 154         CFReleaseNull(trust);
 155         ok_status(SecCMSVerifyCopyDataAndAttributes(detached_signed_data, detached_data, policy, &trust, NULL, NULL), "verify detached data");
 156         CFReleaseNull(trust);
 157 #if TARGET_OS_IPHONE
 158     /* iOS supports empty data */
 159     ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached no data");
 160 #else
 161     /* macOS does not */
 162     is_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), errSecAuthFailed, "verify attached no data");
 163 #endif
 164         CFReleaseNull(trust);
 165         ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, no_data, policy, &trust, NULL, NULL), "verify attached no data");
 166         CFReleaseNull(trust);
 167
 168
 169     SecCertificateRef cert = NULL;
 170     SecKeyRef privKey = NULL;
 171     SecIdentityRef identity = NULL;
 172
 173     isnt(cert = SecCertificateCreateWithBytes(NULL, signer_der, signer_der_len), NULL, "create certificate");
 174     CFDataRef keyData = CFDataCreate(NULL, privkey_der, privkey_der_len);
 175     CFMutableDictionaryRef keyAttrs = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
 176     CFDictionaryAddValue(keyAttrs, kSecAttrKeyType, kSecAttrKeyTypeRSA);
 177     CFDictionaryAddValue(keyAttrs, kSecAttrKeyClass, kSecAttrKeyClassPrivate);
 178     isnt(privKey = SecKeyCreateWithData(keyData, keyAttrs, NULL), NULL, "Create private key");
 179     isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
 180     CFReleaseSafe(privKey);
 181     CFReleaseNull(keyData);
 182     CFReleaseNull(keyAttrs);
 183
 184         CFMutableDataRef cms_data = CFDataCreateMutable(kCFAllocatorDefault, 0);
 185         ok_status(SecCMSCreateSignedData(identity, detached_data, NULL, NULL, cms_data), "create attached data");
 186         //write_data("/var/tmp/attached", cms_data);
 187         CFDataSetLength(cms_data, 0);
 188         CFDictionaryRef detached_cms_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecCMSSignDetached, (const void **)&kCFBooleanTrue, 1, NULL, NULL);
 189         ok_status(SecCMSCreateSignedData(identity, detached_data, detached_cms_dict, NULL, cms_data), "create attached data");
 190         CFReleaseNull(detached_cms_dict);
 191         //write_data("/var/tmp/detached", cms_data);
 192         CFDataSetLength(cms_data, 0);
 193 #if TARGET_OS_IPHONE
 194     /* iOS supports empty data */
 195     ok_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), "create attached data");
 196 #else
 197     /* macOS does not */
 198     is_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), errSecParam, "create attached data");
 199 #endif
 200
 201         //write_data("/var/tmp/empty_attached", cms_data);
 202
 203         CFReleaseSafe(cms_data);
 204         CFReleaseSafe(cert);
 205         CFReleaseNull(identity);
 206         CFReleaseSafe(attached_signed_data);
 207         CFReleaseSafe(detached_signed_data);
 208         CFReleaseSafe(attached_no_data_signed_data);
 209         CFReleaseSafe(detached_data);
 210         CFReleaseSafe(no_data);
 211         CFReleaseSafe(policy);
 212 }
 213
 214 int si_64_ossl_cms(int argc, char *const *argv)
 215 {
 216         plan_tests(10);
 217
 218
 219         tests();
 220
 221         return 0;
 222 }