OSX/sec/Security/Regressions/secitem/si-64-ossl-cms.c

   1 /*
   2  * Copyright (c) 2009,2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include "si-64-ossl-cms/attached_no_data_signed_data.h"
  25 #include "si-64-ossl-cms/attached_signed_data.h"
  26 #include "si-64-ossl-cms/detached_content.h"
  27 #include "si-64-ossl-cms/detached_signed_data.h"
  28 #include "si-64-ossl-cms/signer.h"
  29 #include "si-64-ossl-cms/privkey.h"
  30
  31 #include <CoreFoundation/CoreFoundation.h>
  32 #include <Security/SecCMS.h>
  33 #include <Security/SecRSAKey.h>
  34 #include <Security/SecCertificatePriv.h>
  35 #include <Security/SecIdentityPriv.h>
  36 #include <Security/SecItem.h>
  37 #include <Security/SecPolicy.h>
  38 #include <utilities/SecCFWrappers.h>
  39
  40 #include <unistd.h>
  41 #include <AssertMacros.h>
  42
  43 #include "shared_regressions.h"
  44
  45 /*
  46 openssl req -new -newkey rsa:512 -x509 -nodes -subj "/O=foo/CN=bar" -out signer.pem
  47 echo -n "hoi joh" > detached_content
  48 openssl smime -sign -outform der -signer signer.pem -in detached_content -inkey privkey.pem -out detached_signed_data.der
  49 openssl smime -nodetach -sign -outform der -signer test.pem -in detached_content -inkey privkey.pem -out attached_signed_data.der
  50 openssl smime -nodetach -sign -outform der -signer test.pem -inkey privkey.pem -out attached_no_data_signed_data.der < /dev/null
  51
  52 xxd -i detached_content > detached_content.h
  53 xxd -i attached_no_data_signed_data.der > attached_no_data_signed_data.h
  54 xxd -i attached_signed_data.der > attached_signed_data.h
  55 xxd -i detached_signed_data.der > detached_signed_data.h
  56
  57 openssl x509 -in test.pem -outform der -out signer.der
  58 xxd -i signer.der > signer.h
  59
  60
  61 attached difference:
  62
  63   33 NDEF:       SEQUENCE {
  64     <06 09>
  65   35    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  66     <A0 80>
  67   46 NDEF:         [0] {
  68     <24 80>
  69   48 NDEF:           OCTET STRING {
  70     <04 07>
  71   50    7:             OCTET STRING 'hoi joh'
  72     <00 00>
  73          :             }
  74     <00 00>
  75          :           }
  76     <00 00>
  77          :         }
  78
  79   39   22:       SEQUENCE {
  80     <06 09>
  81   41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  82     <A0 09>
  83   52    9:         [0] {
  84     <04 07>
  85   54    7:           OCTET STRING 'hoi joh'
  86          :           }
  87          :         }
  88
  89 detached:
  90
  91     <30 80>
  92   33 NDEF:       SEQUENCE {
  93     <06 09>
  94   35    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  95     <00 00>
  96          :         }
  97
  98     <30 0B>
  99   39   11:       SEQUENCE {
 100     <06 09>
 101   41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 102          :         }
 103
 104 attached empty:
 105
 106     <30 80>
 107   33 NDEF:       SEQUENCE {
 108     <06 09>
 109   35    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 110     <A0 80>
 111   46 NDEF:         [0] {
 112     <24 80>
 113   48 NDEF:           OCTET STRING {
 114     <00 00>
 115          :             }
 116     <00 00>
 117          :           }
 118     <00 00>
 119          :         }
 120
 121     <30 0F>
 122   39   15:       SEQUENCE {
 123     <06 09>
 124   41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 125     <A0 02>
 126   52    2:         [0] {
 127     <04 00>
 128   54    0:           OCTET STRING
 129          :             Error: Object has zero length.
 130          :           }
 131          :         }
 132
 133
 134 */
 135
 136 #include <fcntl.h>
 137 __unused static inline void write_data(const char * path, CFDataRef data)
 138 {
 139     int data_file = open(path, O_CREAT|O_WRONLY|O_TRUNC, 0644);
 140     write(data_file, CFDataGetBytePtr(data), CFDataGetLength(data));
 141     close(data_file);
 142 }
 143
 144 static void tests(void)
 145 {
 146         CFDataRef attached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_signed_data_der, attached_signed_data_der_len, kCFAllocatorNull);
 147         CFDataRef detached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_signed_data_der, detached_signed_data_der_len, kCFAllocatorNull);
 148         CFDataRef attached_no_data_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_no_data_signed_data_der, attached_no_data_signed_data_der_len, kCFAllocatorNull);
 149         CFDataRef detached_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_content, detached_content_len, kCFAllocatorNull);
 150         CFDataRef no_data = CFDataCreate(kCFAllocatorDefault, NULL, 0);
 151         SecPolicyRef policy = SecPolicyCreateBasicX509();
 152         SecTrustRef trust = NULL;
 153
 154         ok_status(SecCMSVerifyCopyDataAndAttributes(attached_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached data");
 155         CFReleaseNull(trust);
 156         ok_status(SecCMSVerifyCopyDataAndAttributes(detached_signed_data, detached_data, policy, &trust, NULL, NULL), "verify detached data");
 157         CFReleaseNull(trust);
 158 #if TARGET_OS_IPHONE
 159     /* iOS supports empty data */
 160     ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached no data");
 161 #else
 162     /* macOS does not */
 163     is_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), errSecAuthFailed, "verify attached no data");
 164 #endif
 165         CFReleaseNull(trust);
 166         ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, no_data, policy, &trust, NULL, NULL), "verify attached no data");
 167         CFReleaseNull(trust);
 168
 169
 170     SecCertificateRef cert = NULL;
 171     SecKeyRef privKey = NULL;
 172     SecIdentityRef identity = NULL;
 173
 174     isnt(cert = SecCertificateCreateWithBytes(NULL, signer_der, signer_der_len), NULL, "create certificate");
 175     CFDataRef keyData = CFDataCreate(NULL, privkey_der, privkey_der_len);
 176     CFMutableDictionaryRef keyAttrs = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
 177     CFDictionaryAddValue(keyAttrs, kSecAttrKeyType, kSecAttrKeyTypeRSA);
 178     CFDictionaryAddValue(keyAttrs, kSecAttrKeyClass, kSecAttrKeyClassPrivate);
 179     isnt(privKey = SecKeyCreateWithData(keyData, keyAttrs, NULL), NULL, "Create private key");
 180     isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
 181     CFReleaseSafe(privKey);
 182     CFReleaseNull(keyData);
 183     CFReleaseNull(keyAttrs);
 184
 185         CFMutableDataRef cms_data = CFDataCreateMutable(kCFAllocatorDefault, 0);
 186         ok_status(SecCMSCreateSignedData(identity, detached_data, NULL, NULL, cms_data), "create attached data");
 187         //write_data("/var/tmp/attached", cms_data);
 188         CFDataSetLength(cms_data, 0);
 189         CFDictionaryRef detached_cms_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecCMSSignDetached, (const void **)&kCFBooleanTrue, 1, NULL, NULL);
 190         ok_status(SecCMSCreateSignedData(identity, detached_data, detached_cms_dict, NULL, cms_data), "create attached data");
 191         CFReleaseNull(detached_cms_dict);
 192         //write_data("/var/tmp/detached", cms_data);
 193         CFDataSetLength(cms_data, 0);
 194 #if TARGET_OS_IPHONE
 195     /* iOS supports empty data */
 196     ok_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), "create attached data");
 197 #else
 198     /* macOS does not */
 199     is_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), errSecParam, "create attached data");
 200 #endif
 201
 202         //write_data("/var/tmp/empty_attached", cms_data);
 203
 204         CFReleaseSafe(cms_data);
 205         CFReleaseSafe(cert);
 206         CFReleaseNull(identity);
 207         CFReleaseSafe(attached_signed_data);
 208         CFReleaseSafe(detached_signed_data);
 209         CFReleaseSafe(attached_no_data_signed_data);
 210         CFReleaseSafe(detached_data);
 211         CFReleaseSafe(no_data);
 212         CFReleaseSafe(policy);
 213 }
 214
 215 int si_64_ossl_cms(int argc, char *const *argv)
 216 {
 217         plan_tests(10);
 218
 219
 220         tests();
 221
 222         return 0;
 223 }