]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/extenTestTp/extenTestTp.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / clxutils / extenTestTp / extenTestTp.cpp
1 /*
2 * extenTestTp - verify encoding and decoding of extensions using
3 * CSSM_TP_SubmitCredRequest() to create the certs.
4 */
5
6 #include <security_cdsa_utils/cuFileIo.h>
7 #include <clAppUtils/CertBuilderApp.h>
8 #include <utilLib/common.h>
9 #include <utilLib/cspwrap.h>
10 #include <clAppUtils/clutils.h>
11 #include <security_cdsa_utils/cuPrintCert.h>
12 #include <security_cdsa_utils/cuOidParser.h>
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <string.h>
16 #include <time.h>
17 #include <Security/cssm.h>
18 #include <Security/x509defs.h>
19 #include <Security/oidsattr.h>
20 #include <Security/oidscert.h>
21 #include <Security/oidsalg.h>
22 #include <Security/certextensions.h>
23 #include <Security/cssmapple.h>
24
25 #define KEY_ALG CSSM_ALGID_RSA
26 #define SIG_ALG CSSM_ALGID_SHA1WithRSA
27 #define SIG_OID CSSMOID_SHA1WithRSA
28 #define KEY_SIZE_BITS CSP_RSA_KEY_SIZE_DEFAULT
29 #define SUBJ_KEY_LABEL "subjectKey"
30
31 #define LOOPS_DEF 10
32
33 static void usage(char **argv)
34 {
35 printf("Usage: %s [options]\n", argv[0]);
36 printf("Options:\n");
37 printf(" e=extenSpec (default = all)\n");
38 printf(" k keyUsage\n");
39 printf(" b basicConstraints\n");
40 printf(" x extendedKeyUsage\n");
41 printf(" s subjectKeyId\n");
42 printf(" a authorityKeyId\n");
43 printf(" t SubjectAltName\n");
44 printf(" i IssuerAltName\n");
45 printf(" c certPolicies\n");
46 printf(" n netscapeCertType\n");
47 printf(" p CRLDistributionPoints\n");
48 printf(" A AuthorityInfoAccess\n");
49 printf(" S SubjectInfoAccess\n");
50 printf(" w(rite blobs)\n");
51 printf(" f=fileName (default is extension-specific file name)\n");
52 printf(" d(isplay certs)\n");
53 printf(" l=loops (default = %d)\n", LOOPS_DEF);
54 printf(" p(ause on each loop)\n");
55 printf(" P(ause on each cert)\n");
56 exit(1);
57 }
58
59 /* subject and issuer - we aren't testing this */
60 CSSM_APPLE_TP_NAME_OID dummyRdn[] =
61 {
62 { "Apple Computer", &CSSMOID_OrganizationName },
63 { "Doug Mitchell", &CSSMOID_CommonName }
64 };
65 #define NUM_DUMMY_NAMES (sizeof(dummyRdn) / sizeof(CB_NameOid))
66
67 /*
68 * Static components we reuse for each encode/decode.
69 */
70 static CSSM_KEY subjPrivKey;
71 static CSSM_KEY subjPubKey;
72
73 static CSSM_BOOL randBool()
74 {
75 unsigned r = genRand(1, 0x10000000);
76 return (r & 0x1) ? CSSM_TRUE : CSSM_FALSE;
77 }
78
79 /* Fill a CSSM_DATA with random data. Its referent is allocd with malloc. */
80 static void randData(
81 CSSM_DATA_PTR data,
82 uint8 maxLen)
83 {
84 data->Data = (uint8 *)malloc(maxLen);
85 simpleGenData(data, 1, maxLen);
86 }
87
88 /*
89 * Various compare tests
90 */
91 int compBool(
92 CSSM_BOOL pre,
93 CSSM_BOOL post,
94 const char *desc)
95 {
96 if(pre == post) {
97 return 0;
98 }
99 printf("***Boolean miscompare on %s\n", desc);
100 /* in case a CSSM_TRUE isn't exactly right... */
101 switch(post) {
102 case CSSM_FALSE:
103 case CSSM_TRUE:
104 break;
105 default:
106 printf("*** post value is %d expected %d\n",
107 (int)post, (int)pre);
108 break;
109 }
110 return 1;
111 }
112
113 static int compCssmData(
114 CSSM_DATA &d1,
115 CSSM_DATA &d2,
116 const char *desc)
117 {
118 if(appCompareCssmData(&d1, &d2)) {
119 return 0;
120 }
121 printf("CSSM_DATA miscompare on %s\n", desc);
122 return 1;
123 }
124
125 #pragma mark ----- individual extension tests -----
126
127 #pragma mark --- CE_KeyUsage ---
128 static void kuCreate(void *arg)
129 {
130 CE_KeyUsage *ku = (CE_KeyUsage *)arg;
131
132 /* set two random valid bits */
133 *ku = 0;
134 *ku |= 1 << genRand(7, 15);
135 *ku |= 1 << genRand(7, 15);
136 }
137
138 static unsigned kuCompare(const void *pre, const void *post)
139 {
140 const CE_KeyUsage *kuPre = (CE_KeyUsage *)pre;
141 const CE_KeyUsage *kuPost = (CE_KeyUsage *)post;
142 if(*kuPre != *kuPost) {
143 printf("***Miscompare in CE_KeyUsage\n");
144 return 1;
145 }
146 return 0;
147 }
148
149 #pragma mark --- CE_BasicConstraints ---
150 static void bcCreate(void *arg)
151 {
152 CE_BasicConstraints *bc = (CE_BasicConstraints *)arg;
153 bc->cA = randBool();
154 bc->pathLenConstraintPresent = randBool();
155 if(bc->pathLenConstraintPresent) {
156 bc->pathLenConstraint = genRand(1,10);
157 }
158 }
159
160 static unsigned bcCompare(const void *pre, const void *post)
161 {
162 const CE_BasicConstraints *bcpre = (CE_BasicConstraints *)pre;
163 const CE_BasicConstraints *bcpost = (CE_BasicConstraints *)post;
164 unsigned rtn = 0;
165
166 rtn += compBool(bcpre->cA, bcpost->cA, "BasicConstraints.cA");
167 rtn += compBool(bcpre->pathLenConstraintPresent,
168 bcpost->pathLenConstraintPresent,
169 "BasicConstraints.pathLenConstraintPresent");
170 if(bcpre->pathLenConstraint != bcpost->pathLenConstraint) {
171 printf("BasicConstraints.pathLenConstraint mismatch\n");
172 rtn++;
173 }
174 return rtn;
175 }
176
177 #pragma mark --- CE_SubjectKeyID ---
178 static void skidCreate(void *arg)
179 {
180 CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg;
181 randData(skid, 16);
182 }
183
184 static unsigned skidCompare(const void *pre, const void *post)
185 {
186 CSSM_DATA_PTR spre = (CSSM_DATA_PTR)pre;
187 CSSM_DATA_PTR spost = (CSSM_DATA_PTR)post;
188 return compCssmData(*spre, *spost, "SubjectKeyID");
189 }
190
191 static void skidFree(void *arg)
192 {
193 CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg;
194 free(skid->Data);
195 }
196
197 #pragma mark --- CE_NetscapeCertType ---
198 static void nctCreate(void *arg)
199 {
200 CE_NetscapeCertType *nct = (CE_NetscapeCertType *)arg;
201
202 /* set two random valid bits */
203 *nct = 0;
204 *nct |= 1 << genRand(8, 15);
205 *nct |= 1 << genRand(8, 15);
206 }
207
208 static unsigned nctCompare(const void *pre, const void *post)
209 {
210 const CE_NetscapeCertType *nPre = (CE_NetscapeCertType *)pre;
211 const CE_NetscapeCertType *nPost = (CE_NetscapeCertType *)post;
212 if(*nPre != *nPost) {
213 printf("***Miscompare in CE_NetscapeCertType\n");
214 return 1;
215 }
216 return 0;
217 }
218
219 #pragma mark --- CE_ExtendedKeyUsage ---
220
221 /* a static array of meaningless OIDs, use 1.. NUM_SKU_OIDS */
222 CSSM_OID ekuOids[] = {
223 CSSMOID_CrlNumber,
224 CSSMOID_CrlReason,
225 CSSMOID_HoldInstructionCode,
226 CSSMOID_InvalidityDate
227 };
228 #define NUM_SKU_OIDS 4
229
230 static void ekuCreate(void *arg)
231 {
232 CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)arg;
233 eku->numPurposes = genRand(1, NUM_SKU_OIDS);
234 eku->purposes = ekuOids;
235 }
236
237 static unsigned ekuCompare(const void *pre, const void *post)
238 {
239 CE_ExtendedKeyUsage *ekupre = (CE_ExtendedKeyUsage *)pre;
240 CE_ExtendedKeyUsage *ekupost = (CE_ExtendedKeyUsage *)post;
241
242 if(ekupre->numPurposes != ekupost->numPurposes) {
243 printf("CE_ExtendedKeyUsage.numPurposes miscompare\n");
244 return 1;
245 }
246 unsigned rtn = 0;
247 for(unsigned dex=0; dex<ekupre->numPurposes; dex++) {
248 rtn += compCssmData(ekupre->purposes[dex],
249 ekupost->purposes[dex], "CE_ExtendedKeyUsage.purposes");
250 }
251 return rtn;
252 }
253
254
255 #pragma mark --- general purpose X509 name generator ---
256
257 /* Attr/Value pairs, pick one of NUM_ATTR_STRINGS */
258 static char *attrStrings[] = {
259 (char *)"thisName",
260 (char *)"anotherName",
261 (char *)"someOtherName"
262 };
263 #define NUM_ATTR_STRINGS 3
264
265 /* A/V type, pick one of NUM_ATTR_TYPES */
266 static CSSM_OID attrTypes[] = {
267 CSSMOID_Surname,
268 CSSMOID_CountryName,
269 CSSMOID_OrganizationName,
270 CSSMOID_Description
271 };
272 #define NUM_ATTR_TYPES 4
273
274 /* A/V tag, pick one of NUM_ATTR_TAGS */
275 static char attrTags[] = {
276 BER_TAG_PRINTABLE_STRING,
277 BER_TAG_IA5_STRING,
278 BER_TAG_T61_STRING
279 };
280 #define NUM_ATTR_TAGS 3
281
282 static void rdnCreate(
283 CSSM_X509_RDN_PTR rdn)
284 {
285 unsigned numPairs = genRand(1,4);
286 rdn->numberOfPairs = numPairs;
287 unsigned len = numPairs * sizeof(CSSM_X509_TYPE_VALUE_PAIR);
288 rdn->AttributeTypeAndValue =
289 (CSSM_X509_TYPE_VALUE_PAIR_PTR)malloc(len);
290 memset(rdn->AttributeTypeAndValue, 0, len);
291
292 for(unsigned atvDex=0; atvDex<numPairs; atvDex++) {
293 CSSM_X509_TYPE_VALUE_PAIR &pair =
294 rdn->AttributeTypeAndValue[atvDex];
295 unsigned die = genRand(1, NUM_ATTR_TYPES);
296 pair.type = attrTypes[die - 1];
297 die = genRand(1, NUM_ATTR_STRINGS);
298 char *str = attrStrings[die - 1];
299 pair.value.Data = (uint8 *)str;
300 pair.value.Length = strlen(str);
301 die = genRand(1, NUM_ATTR_TAGS);
302 pair.valueType = attrTags[die - 1];
303 }
304 }
305
306 static unsigned rdnCompare(
307 CSSM_X509_RDN_PTR rdn1,
308 CSSM_X509_RDN_PTR rdn2)
309 {
310 if(rdn1->numberOfPairs != rdn2->numberOfPairs) {
311 printf("***Mismatch in numberOfPairs\n");
312 return 1;
313 }
314 unsigned rtn = 0;
315 for(unsigned atvDex=0; atvDex<rdn1->numberOfPairs; atvDex++) {
316 CSSM_X509_TYPE_VALUE_PAIR &p1 =
317 rdn1->AttributeTypeAndValue[atvDex];
318 CSSM_X509_TYPE_VALUE_PAIR &p2 =
319 rdn2->AttributeTypeAndValue[atvDex];
320 if(p1.valueType != p2.valueType) {
321 printf("***valueType miscompare\n");
322 rtn++;
323 }
324 if(compCssmData(p1.type, p2.type, "ATV.type")) {
325 rtn++;
326 }
327 if(compCssmData(p1.value, p2.value, "ATV.value")) {
328 rtn++;
329 }
330 }
331 return rtn;
332 }
333
334 static void rdnFree(
335 CSSM_X509_RDN_PTR rdn)
336 {
337 free(rdn->AttributeTypeAndValue);
338 }
339
340 static void x509NameCreate(
341 CSSM_X509_NAME_PTR x509Name)
342 {
343 memset(x509Name, 0, sizeof(*x509Name));
344 unsigned numRdns = genRand(1,4);
345 x509Name->numberOfRDNs = numRdns;
346 unsigned len = numRdns * sizeof(CSSM_X509_RDN);
347 x509Name->RelativeDistinguishedName = (CSSM_X509_RDN_PTR)malloc(len);
348 memset(x509Name->RelativeDistinguishedName, 0, len);
349
350 for(unsigned rdnDex=0; rdnDex<numRdns; rdnDex++) {
351 CSSM_X509_RDN &rdn = x509Name->RelativeDistinguishedName[rdnDex];
352 rdnCreate(&rdn);
353 }
354 }
355
356 static unsigned x509NameCompare(
357 const CSSM_X509_NAME_PTR n1,
358 const CSSM_X509_NAME_PTR n2)
359 {
360 if(n1->numberOfRDNs != n2->numberOfRDNs) {
361 printf("***Mismatch in numberOfRDNs\n");
362 return 1;
363 }
364 unsigned rtn = 0;
365 for(unsigned rdnDex=0; rdnDex<n1->numberOfRDNs; rdnDex++) {
366 CSSM_X509_RDN &rdn1 = n1->RelativeDistinguishedName[rdnDex];
367 CSSM_X509_RDN &rdn2 = n2->RelativeDistinguishedName[rdnDex];
368 rtn += rdnCompare(&rdn1, &rdn2);
369 }
370 return rtn;
371 }
372
373 static void x509NameFree(
374 CSSM_X509_NAME_PTR n)
375 {
376 for(unsigned rdnDex=0; rdnDex<n->numberOfRDNs; rdnDex++) {
377 CSSM_X509_RDN &rdn = n->RelativeDistinguishedName[rdnDex];
378 rdnFree(&rdn);
379 }
380 free(n->RelativeDistinguishedName);
381 }
382
383 #pragma mark --- general purpose GeneralNames generator ---
384
385 #define SOME_URL_1 (char *)"http://foo.bar.com"
386 #define SOME_URL_2 (char *)"http://bar.foo.com"
387 #define SOME_DNS_1 (char *)"Some DNS"
388 #define SOME_DNS_2 (char *)"Another DNS"
389 unsigned char someIpAdr_1[] = {208, 161, 124, 209 };
390 unsigned char someIpAdr_2[] = {10, 0, 61, 5};
391
392 static void genNameCreate(CE_GeneralName *name)
393 {
394 unsigned type = genRand(1, 5);
395 const char *src;
396 unsigned char *usrc;
397 switch(type) {
398 case 1:
399 name->nameType = GNT_URI;
400 name->berEncoded = CSSM_FALSE;
401 src = randBool() ? SOME_URL_1 : SOME_URL_2;
402 appCopyData(src, strlen(src), &name->name);
403 break;
404
405 case 2:
406 name->nameType = GNT_RegisteredID;
407 name->berEncoded = CSSM_FALSE;
408 appCopyData(CSSMOID_SubjectDirectoryAttributes.Data,
409 CSSMOID_SubjectDirectoryAttributes.Length,
410 &name->name);
411 break;
412
413 case 3:
414 name->nameType = GNT_DNSName;
415 name->berEncoded = CSSM_FALSE;
416 src = randBool() ? SOME_DNS_1 : SOME_DNS_2;
417 appCopyData(src, strlen(src), &name->name);
418 break;
419
420 case 4:
421 name->nameType = GNT_IPAddress;
422 name->berEncoded = CSSM_FALSE;
423 usrc = randBool() ? someIpAdr_1 : someIpAdr_2;
424 appCopyData(usrc, 4, &name->name);
425 break;
426
427 case 5:
428 {
429 /* X509_NAME, the hard one */
430 name->nameType = GNT_DirectoryName;
431 name->berEncoded = CSSM_FALSE;
432 appSetupCssmData(&name->name, sizeof(CSSM_X509_NAME));
433 x509NameCreate((CSSM_X509_NAME_PTR)name->name.Data);
434 }
435 }
436 }
437
438 static void genNamesCreate(void *arg)
439 {
440 CE_GeneralNames *names = (CE_GeneralNames *)arg;
441 names->numNames = genRand(1, 3);
442 // one at a time
443 //names->numNames = 1;
444 names->generalName = (CE_GeneralName *)malloc(names->numNames *
445 sizeof(CE_GeneralName));
446 memset(names->generalName, 0, names->numNames * sizeof(CE_GeneralName));
447
448 for(unsigned i=0; i<names->numNames; i++) {
449 CE_GeneralName *name = &names->generalName[i];
450 genNameCreate(name);
451 }
452 }
453
454 static unsigned genNameCompare(
455 CE_GeneralName *npre,
456 CE_GeneralName *npost)
457 {
458 unsigned rtn = 0;
459 if(npre->nameType != npost->nameType) {
460 printf("***CE_GeneralName.nameType miscompare\n");
461 rtn++;
462 }
463 if(compBool(npre->berEncoded, npost->berEncoded,
464 "CE_GeneralName.berEncoded")) {
465 rtn++;
466 }
467
468 /* nameType-specific compare */
469 switch(npre->nameType) {
470 case GNT_RFC822Name:
471 rtn += compCssmData(npre->name, npost->name,
472 "CE_GeneralName.RFC822Name");
473 break;
474 case GNT_DNSName:
475 rtn += compCssmData(npre->name, npost->name,
476 "CE_GeneralName.DNSName");
477 break;
478 case GNT_URI:
479 rtn += compCssmData(npre->name, npost->name,
480 "CE_GeneralName.URI");
481 break;
482 case GNT_IPAddress:
483 rtn += compCssmData(npre->name, npost->name,
484 "CE_GeneralName.RFIPAddressC822Name");
485 break;
486 case GNT_RegisteredID:
487 rtn += compCssmData(npre->name, npost->name,
488 "CE_GeneralName.RegisteredID");
489 break;
490 case GNT_DirectoryName:
491 rtn += x509NameCompare((CSSM_X509_NAME_PTR)npre->name.Data,
492 (CSSM_X509_NAME_PTR)npost->name.Data);
493 break;
494 default:
495 printf("****BRRZAP! genNamesCompare needs work\n");
496 rtn++;
497 }
498 return rtn;
499 }
500
501 static unsigned genNamesCompare(const void *pre, const void *post)
502 {
503 const CE_GeneralNames *gnPre = (CE_GeneralNames *)pre;
504 const CE_GeneralNames *gnPost = (CE_GeneralNames *)post;
505 unsigned rtn = 0;
506
507 if((gnPre == NULL) || (gnPost == NULL)) {
508 printf("***Bad GenNames pointer\n");
509 return 1;
510 }
511 if(gnPre->numNames != gnPost->numNames) {
512 printf("***CE_GeneralNames.numNames miscompare\n");
513 return 1;
514 }
515 for(unsigned dex=0; dex<gnPre->numNames; dex++) {
516 CE_GeneralName *npre = &gnPre->generalName[dex];
517 CE_GeneralName *npost = &gnPost->generalName[dex];
518 rtn += genNameCompare(npre, npost);
519 }
520 return rtn;
521 }
522
523
524 static void genNameFree(CE_GeneralName *n)
525 {
526 switch(n->nameType) {
527 case GNT_DirectoryName:
528 x509NameFree((CSSM_X509_NAME_PTR)n->name.Data);
529 CSSM_FREE(n->name.Data);
530 break;
531 default:
532 CSSM_FREE(n->name.Data);
533 break;
534 }
535 }
536
537
538 static void genNamesFree(void *arg)
539 {
540 const CE_GeneralNames *gn = (CE_GeneralNames *)arg;
541 for(unsigned dex=0; dex<gn->numNames; dex++) {
542 CE_GeneralName *n = (CE_GeneralName *)&gn->generalName[dex];
543 genNameFree(n);
544 }
545 free(gn->generalName);
546 }
547
548 #pragma mark --- CE_CRLDistPointsSyntax ---
549 static void cdpCreate(void *arg)
550 {
551 CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg;
552 //cdp->numDistPoints = genRand(1,3);
553 // one at a time
554 cdp->numDistPoints = 1;
555 unsigned len = sizeof(CE_CRLDistributionPoint) * cdp->numDistPoints;
556 cdp->distPoints = (CE_CRLDistributionPoint *)malloc(len);
557 memset(cdp->distPoints, 0, len);
558
559 for(unsigned dex=0; dex<cdp->numDistPoints; dex++) {
560 CE_CRLDistributionPoint *pt = &cdp->distPoints[dex];
561
562 /* all fields optional */
563 if(randBool()) {
564 CE_DistributionPointName *dpn = pt->distPointName =
565 (CE_DistributionPointName *)malloc(
566 sizeof(CE_DistributionPointName));
567 memset(dpn, 0, sizeof(CE_DistributionPointName));
568
569 /* CE_DistributionPointName has two flavors */
570 if(randBool()) {
571 dpn->nameType = CE_CDNT_FullName;
572 dpn->dpn.fullName = (CE_GeneralNames *)malloc(
573 sizeof(CE_GeneralNames));
574 memset(dpn->dpn.fullName, 0, sizeof(CE_GeneralNames));
575 genNamesCreate(dpn->dpn.fullName);
576 }
577 else {
578 dpn->nameType = CE_CDNT_NameRelativeToCrlIssuer;
579 dpn->dpn.rdn = (CSSM_X509_RDN_PTR)malloc(
580 sizeof(CSSM_X509_RDN));
581 memset(dpn->dpn.rdn, 0, sizeof(CSSM_X509_RDN));
582 rdnCreate(dpn->dpn.rdn);
583 }
584 } /* creating CE_DistributionPointName */
585
586 pt->reasonsPresent = randBool();
587 if(pt->reasonsPresent) {
588 CE_CrlDistReasonFlags *cdr = &pt->reasons;
589 /* set two random valid bits */
590 *cdr = 0;
591 *cdr |= 1 << genRand(0,7);
592 *cdr |= 1 << genRand(0,7);
593 }
594
595 /* make sure at least one present */
596 if((!pt->distPointName && !pt->reasonsPresent) || randBool()) {
597 pt->crlIssuer = (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames));
598 memset(pt->crlIssuer, 0, sizeof(CE_GeneralNames));
599 genNamesCreate(pt->crlIssuer);
600 }
601 }
602 }
603
604 static unsigned cdpCompare(const void *pre, const void *post)
605 {
606 CE_CRLDistPointsSyntax *cpre = (CE_CRLDistPointsSyntax *)pre;
607 CE_CRLDistPointsSyntax *cpost = (CE_CRLDistPointsSyntax *)post;
608
609 if(cpre->numDistPoints != cpost->numDistPoints) {
610 printf("***CE_CRLDistPointsSyntax.numDistPoints miscompare\n");
611 return 1;
612 }
613 unsigned rtn = 0;
614 for(unsigned dex=0; dex<cpre->numDistPoints; dex++) {
615 CE_CRLDistributionPoint *ptpre = &cpre->distPoints[dex];
616 CE_CRLDistributionPoint *ptpost = &cpost->distPoints[dex];
617
618 if(ptpre->distPointName) {
619 if(ptpost->distPointName == NULL) {
620 printf("***NULL distPointName post decode\n");
621 rtn++;
622 goto checkReason;
623 }
624 CE_DistributionPointName *dpnpre = ptpre->distPointName;
625 CE_DistributionPointName *dpnpost = ptpost->distPointName;
626 if(dpnpre->nameType != dpnpost->nameType) {
627 printf("***CE_DistributionPointName.nameType miscompare\n");
628 rtn++;
629 goto checkReason;
630 }
631 if(dpnpre->nameType == CE_CDNT_FullName) {
632 rtn += genNamesCompare(dpnpre->dpn.fullName, dpnpost->dpn.fullName);
633 }
634 else {
635 rtn += rdnCompare(dpnpre->dpn.rdn, dpnpost->dpn.rdn);
636 }
637
638 }
639 else if(ptpost->distPointName != NULL) {
640 printf("***NON NULL distPointName post decode\n");
641 rtn++;
642 }
643
644 checkReason:
645 if(ptpre->reasons != ptpost->reasons) {
646 printf("***CE_CRLDistributionPoint.reasons miscompare\n");
647 rtn++;
648 }
649
650 if(ptpre->crlIssuer) {
651 if(ptpost->crlIssuer == NULL) {
652 printf("***NULL crlIssuer post decode\n");
653 rtn++;
654 continue;
655 }
656 CE_GeneralNames *gnpre = ptpre->crlIssuer;
657 CE_GeneralNames *gnpost = ptpost->crlIssuer;
658 rtn += genNamesCompare(gnpre, gnpost);
659 }
660 else if(ptpost->crlIssuer != NULL) {
661 printf("***NON NULL crlIssuer post decode\n");
662 rtn++;
663 }
664 }
665 return rtn;
666 }
667
668 static void cdpFree(void *arg)
669 {
670 CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg;
671 for(unsigned dex=0; dex<cdp->numDistPoints; dex++) {
672 CE_CRLDistributionPoint *pt = &cdp->distPoints[dex];
673 if(pt->distPointName) {
674 CE_DistributionPointName *dpn = pt->distPointName;
675 if(dpn->nameType == CE_CDNT_FullName) {
676 genNamesFree(dpn->dpn.fullName);
677 free(dpn->dpn.fullName);
678 }
679 else {
680 rdnFree(dpn->dpn.rdn);
681 free(dpn->dpn.rdn);
682 }
683 free(dpn);
684 }
685
686 if(pt->crlIssuer) {
687 genNamesFree(pt->crlIssuer);
688 free(pt->crlIssuer);
689 }
690 }
691 free(cdp->distPoints);
692 }
693
694 #pragma mark --- CE_AuthorityKeyID ---
695 static void authKeyIdCreate(void *arg)
696 {
697 CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg;
698
699 /* all three fields optional */
700
701 akid->keyIdentifierPresent = randBool();
702 if(akid->keyIdentifierPresent) {
703 randData(&akid->keyIdentifier, 16);
704 }
705
706 akid->generalNamesPresent = randBool();
707 if(akid->generalNamesPresent) {
708 akid->generalNames =
709 (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames));
710 memset(akid->generalNames, 0, sizeof(CE_GeneralNames));
711 genNamesCreate(akid->generalNames);
712 }
713
714 if(!akid->keyIdentifierPresent & !akid->generalNamesPresent) {
715 /* force at least one to be present */
716 akid->serialNumberPresent = CSSM_TRUE;
717 }
718 else {
719 akid->serialNumberPresent = randBool();
720 }
721 if(akid->serialNumberPresent) {
722 randData(&akid->serialNumber, 16);
723 }
724
725 }
726
727 static unsigned authKeyIdCompare(const void *pre, const void *post)
728 {
729 CE_AuthorityKeyID *akpre = (CE_AuthorityKeyID *)pre;
730 CE_AuthorityKeyID *akpost = (CE_AuthorityKeyID *)post;
731 unsigned rtn = 0;
732
733 if(compBool(akpre->keyIdentifierPresent, akpost->keyIdentifierPresent,
734 "CE_AuthorityKeyID.keyIdentifierPresent")) {
735 rtn++;
736 }
737 else if(akpre->keyIdentifierPresent) {
738 rtn += compCssmData(akpre->keyIdentifier,
739 akpost->keyIdentifier, "CE_AuthorityKeyID.keyIdentifier");
740 }
741
742 if(compBool(akpre->generalNamesPresent, akpost->generalNamesPresent,
743 "CE_AuthorityKeyID.generalNamesPresent")) {
744 rtn++;
745 }
746 else if(akpre->generalNamesPresent) {
747 rtn += genNamesCompare(akpre->generalNames,
748 akpost->generalNames);
749 }
750
751 if(compBool(akpre->serialNumberPresent, akpost->serialNumberPresent,
752 "CE_AuthorityKeyID.serialNumberPresent")) {
753 rtn++;
754 }
755 else if(akpre->serialNumberPresent) {
756 rtn += compCssmData(akpre->serialNumber,
757 akpost->serialNumber, "CE_AuthorityKeyID.serialNumber");
758 }
759 return rtn;
760 }
761
762 static void authKeyIdFree(void *arg)
763 {
764 CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg;
765
766 if(akid->keyIdentifier.Data) {
767 free(akid->keyIdentifier.Data);
768 }
769 if(akid->generalNames) {
770 genNamesFree(akid->generalNames); // genNamesCreate mallocd
771 free(akid->generalNames); // we mallocd
772 }
773 if(akid->serialNumber.Data) {
774 free(akid->serialNumber.Data);
775 }
776 }
777
778 #pragma mark --- CE_CertPolicies ---
779
780 /* random OIDs, pick 1..NUM_CP_OIDS */
781 static CSSM_OID cpOids[] =
782 {
783 CSSMOID_EmailAddress,
784 CSSMOID_UnstructuredName,
785 CSSMOID_ContentType,
786 CSSMOID_MessageDigest
787 };
788 #define NUM_CP_OIDS 4
789
790 /* CPS strings, pick one of NUM_CPS_STR */
791 static char *someCPSs[] =
792 {
793 (char *)"http://www.apple.com",
794 (char *)"https://cdnow.com",
795 (char *)"ftp:backwards.com"
796 };
797 #define NUM_CPS_STR 3
798
799 /* make these looks like real sequences */
800 static uint8 someUnotice[] = {0x30, 0x03, BER_TAG_BOOLEAN, 1, 0xff};
801 static uint8 someOtherData[] = {0x30, 0x02, BER_TAG_NULL, 0};
802
803 static void cpCreate(void *arg)
804 {
805 CE_CertPolicies *cp = (CE_CertPolicies *)arg;
806 cp->numPolicies = genRand(1,3);
807 //cp->numPolicies = 1;
808 unsigned len = sizeof(CE_PolicyInformation) * cp->numPolicies;
809 cp->policies = (CE_PolicyInformation *)malloc(len);
810 memset(cp->policies, 0, len);
811
812 for(unsigned polDex=0; polDex<cp->numPolicies; polDex++) {
813 CE_PolicyInformation *pi = &cp->policies[polDex];
814 unsigned die = genRand(1, NUM_CP_OIDS);
815 pi->certPolicyId = cpOids[die - 1];
816 unsigned numQual = genRand(1,3);
817 pi->numPolicyQualifiers = numQual;
818 len = sizeof(CE_PolicyQualifierInfo) * numQual;
819 pi->policyQualifiers = (CE_PolicyQualifierInfo *)
820 malloc(len);
821 memset(pi->policyQualifiers, 0, len);
822 for(unsigned cpiDex=0; cpiDex<numQual; cpiDex++) {
823 CE_PolicyQualifierInfo *qi =
824 &pi->policyQualifiers[cpiDex];
825 if(randBool()) {
826 qi->policyQualifierId = CSSMOID_QT_CPS;
827 die = genRand(1, NUM_CPS_STR);
828 qi->qualifier.Data = (uint8 *)someCPSs[die - 1];
829 qi->qualifier.Length = strlen((char *)qi->qualifier.Data);
830 }
831 else {
832 qi->policyQualifierId = CSSMOID_QT_UNOTICE;
833 if(randBool()) {
834 qi->qualifier.Data = someUnotice;
835 qi->qualifier.Length = 5;
836 }
837 else {
838 qi->qualifier.Data = someOtherData;
839 qi->qualifier.Length = 4;
840 }
841 }
842 }
843 }
844 }
845
846 static unsigned cpCompare(const void *pre, const void *post)
847 {
848 CE_CertPolicies *cppre = (CE_CertPolicies *)pre;
849 CE_CertPolicies *cppost = (CE_CertPolicies *)post;
850
851 if(cppre->numPolicies != cppost->numPolicies) {
852 printf("CE_CertPolicies.numPolicies mismatch\n");
853 return 1;
854 }
855 unsigned rtn = 0;
856 for(unsigned polDex=0; polDex<cppre->numPolicies; polDex++) {
857 CE_PolicyInformation *pipre = &cppre->policies[polDex];
858 CE_PolicyInformation *pipost = &cppost->policies[polDex];
859 rtn += compCssmData(pipre->certPolicyId, pipost->certPolicyId,
860 "CE_PolicyInformation.certPolicyId");
861 if(pipre->numPolicyQualifiers != pipost->numPolicyQualifiers) {
862 printf("CE_PolicyInformation.CE_PolicyInformation mismatch\n");
863 rtn++;
864 continue;
865 }
866
867 for(unsigned qiDex=0; qiDex<pipre->numPolicyQualifiers; qiDex++) {
868 CE_PolicyQualifierInfo *qipre = &pipre->policyQualifiers[qiDex];
869 CE_PolicyQualifierInfo *qipost = &pipost->policyQualifiers[qiDex];
870 rtn += compCssmData(qipre->policyQualifierId,
871 qipost->policyQualifierId,
872 "CE_PolicyQualifierInfo.policyQualifierId");
873 rtn += compCssmData(qipre->qualifier,
874 qipost->qualifier,
875 "CE_PolicyQualifierInfo.qualifier");
876 }
877 }
878 return rtn;
879 }
880
881 static void cpFree(void *arg)
882 {
883 CE_CertPolicies *cp = (CE_CertPolicies *)arg;
884 for(unsigned polDex=0; polDex<cp->numPolicies; polDex++) {
885 CE_PolicyInformation *pi = &cp->policies[polDex];
886 free(pi->policyQualifiers);
887 }
888 free(cp->policies);
889 }
890
891 #pragma mark --- CE_AuthorityInfoAccess ---
892
893 /* random OIDs, pick 1..NUM_AI_OIDS */
894 static CSSM_OID aiOids[] =
895 {
896 CSSMOID_AD_OCSP,
897 CSSMOID_AD_CA_ISSUERS,
898 CSSMOID_AD_TIME_STAMPING,
899 CSSMOID_AD_CA_REPOSITORY
900 };
901 #define NUM_AI_OIDS 4
902
903 static void aiaCreate(void *arg)
904 {
905 CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg;
906 aia->numAccessDescriptions = genRand(1,3);
907 unsigned len = aia->numAccessDescriptions * sizeof(CE_AccessDescription);
908 aia->accessDescriptions = (CE_AccessDescription *)malloc(len);
909 memset(aia->accessDescriptions, 0, len);
910
911 for(unsigned dex=0; dex<aia->numAccessDescriptions; dex++) {
912 CE_AccessDescription *ad = &aia->accessDescriptions[dex];
913 int die = genRand(1, NUM_AI_OIDS);
914 ad->accessMethod = aiOids[die - 1];
915 genNameCreate(&ad->accessLocation);
916 }
917 }
918
919 static unsigned aiaCompare(const void *pre, const void *post)
920 {
921 CE_AuthorityInfoAccess *apre = (CE_AuthorityInfoAccess *)pre;
922 CE_AuthorityInfoAccess *apost = (CE_AuthorityInfoAccess *)post;
923 unsigned rtn = 0;
924
925 if(apre->numAccessDescriptions != apost->numAccessDescriptions) {
926 printf("***CE_AuthorityInfoAccess.numAccessDescriptions miscompare\n");
927 return 1;
928 }
929 for(unsigned dex=0; dex<apre->numAccessDescriptions; dex++) {
930 CE_AccessDescription *adPre = &apre->accessDescriptions[dex];
931 CE_AccessDescription *adPost = &apost->accessDescriptions[dex];
932 if(compCssmData(adPre->accessMethod, adPost->accessMethod,
933 "CE_AccessDescription.accessMethod")) {
934 rtn++;
935 }
936 rtn += genNameCompare(&adPre->accessLocation, &adPost->accessLocation);
937 }
938 return rtn;
939 }
940
941 static void aiaFree(void *arg)
942 {
943 CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg;
944 for(unsigned dex=0; dex<aia->numAccessDescriptions; dex++) {
945 CE_AccessDescription *ad = &aia->accessDescriptions[dex];
946 genNameFree(&ad->accessLocation);
947 }
948 free(aia->accessDescriptions);
949 }
950
951 #pragma mark --- test definitions ---
952
953 /*
954 * Define one extension test.
955 */
956
957 /*
958 * Cook up this extension with random, reasonable values.
959 * Incoming pointer refers to extension-specific C struct, mallocd
960 * and zeroed by main test routine.
961 */
962 typedef void (*extenCreateFcn)(void *arg);
963
964 /*
965 * Compare two instances of this extension. Return number of
966 * compare errors.
967 */
968 typedef unsigned (*extenCompareFcn)(
969 const void *preEncode,
970 const void *postEncode);
971
972 /*
973 * Free struct components mallocd in extenCreateFcn. Do not free
974 * the outer struct.
975 */
976 typedef void (*extenFreeFcn)(void *arg);
977
978 typedef struct {
979 /* three extension-specific functions */
980 extenCreateFcn createFcn;
981 extenCompareFcn compareFcn;
982 extenFreeFcn freeFcn;
983
984 /* size of C struct passed to all three functions */
985 unsigned extenSize;
986
987 /* the CE_DataType for this extension, used on encode */
988 CE_DataType extenType;
989
990 /* the OID for this extension, tested on decode */
991 CSSM_OID extenOid;
992
993 /* description for error logging and blob writing */
994 const char *extenDescr;
995
996 /* command-line letter for this one */
997 char extenLetter;
998
999 } ExtenTest;
1000
1001 /* empty freeFcn means no extension-specific resources to free */
1002 #define NO_FREE NULL
1003
1004 static ExtenTest extenTests[] = {
1005 { kuCreate, kuCompare, NO_FREE,
1006 sizeof(CE_KeyUsage),
1007 DT_KeyUsage, CSSMOID_KeyUsage,
1008 "KeyUsage", 'k' },
1009 { bcCreate, bcCompare, NO_FREE,
1010 sizeof(CE_BasicConstraints),
1011 DT_BasicConstraints, CSSMOID_BasicConstraints,
1012 "BasicConstraints", 'b' },
1013 { ekuCreate, ekuCompare, NO_FREE,
1014 sizeof(CE_ExtendedKeyUsage),
1015 DT_ExtendedKeyUsage, CSSMOID_ExtendedKeyUsage,
1016 "ExtendedKeyUsage", 'x' },
1017 { skidCreate, skidCompare, skidFree,
1018 sizeof(CSSM_DATA),
1019 DT_SubjectKeyID, CSSMOID_SubjectKeyIdentifier,
1020 "SubjectKeyID", 's' },
1021 { authKeyIdCreate, authKeyIdCompare, authKeyIdFree,
1022 sizeof(CE_AuthorityKeyID),
1023 DT_AuthorityKeyID, CSSMOID_AuthorityKeyIdentifier,
1024 "AuthorityKeyID", 'a' },
1025 { genNamesCreate, genNamesCompare, genNamesFree,
1026 sizeof(CE_GeneralNames),
1027 DT_SubjectAltName, CSSMOID_SubjectAltName,
1028 "SubjectAltName", 't' },
1029 { genNamesCreate, genNamesCompare, genNamesFree,
1030 sizeof(CE_GeneralNames),
1031 DT_IssuerAltName, CSSMOID_IssuerAltName,
1032 "IssuerAltName", 'i' },
1033 { nctCreate, nctCompare, NO_FREE,
1034 sizeof(CE_NetscapeCertType),
1035 DT_NetscapeCertType, CSSMOID_NetscapeCertType,
1036 "NetscapeCertType", 'n' },
1037 { cdpCreate, cdpCompare, cdpFree,
1038 sizeof(CE_CRLDistPointsSyntax),
1039 DT_CrlDistributionPoints, CSSMOID_CrlDistributionPoints,
1040 "CRLDistPoints", 'p' },
1041 { cpCreate, cpCompare, cpFree,
1042 sizeof(CE_CertPolicies),
1043 DT_CertPolicies, CSSMOID_CertificatePolicies,
1044 "CertPolicies", 'c' },
1045 { aiaCreate, aiaCompare, aiaFree,
1046 sizeof(CE_AuthorityInfoAccess),
1047 DT_AuthorityInfoAccess, CSSMOID_AuthorityInfoAccess,
1048 "AuthorityInfoAccess", 'A' },
1049 #if 0
1050 /* TP doesn't have this, neither does certextensions.h! */
1051 { aiaCreate, aiaCompare, aiaFree,
1052 sizeof(CE_AuthorityInfoAccess), CSSMOID_SubjectInfoAccess,
1053 "SubjectInfoAccess", 'S' },
1054 #endif
1055 };
1056
1057 #define NUM_EXTEN_TESTS (sizeof(extenTests) / sizeof(ExtenTest))
1058
1059 static void printExtenPre(
1060 CE_DataAndType *extenData,
1061 CSSM_OID *extenOid,
1062 OidParser &parser)
1063 {
1064 CSSM_FIELD field;
1065 CSSM_X509_EXTENSION extn;
1066
1067 /*
1068 * Convert pre-digested into CSSM_X509_EXTENSION that
1069 * printCertField() can understand
1070 */
1071 extn.extnId = *extenOid;
1072 extn.critical = extenData->critical;
1073 extn.format = CSSM_X509_DATAFORMAT_PARSED;
1074 extn.value.parsedValue = &extenData->extension;
1075 field.FieldOid = *extenOid;
1076 field.FieldValue.Data = (uint8 *)&extn;
1077 field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION);
1078 printf("=== PRE-ENCODE:\n");
1079 printCertField(field, parser, CSSM_TRUE);
1080 }
1081
1082
1083 static void printExten(
1084 CSSM_X509_EXTENSION &extn,
1085 OidParser &parser)
1086 {
1087 CSSM_FIELD field;
1088 field.FieldOid = extn.extnId;
1089 field.FieldValue.Data = (uint8 *)&extn;
1090 field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION);
1091 printf("=== POST-DECODE:\n");
1092 printCertField(field, parser, CSSM_TRUE);
1093 }
1094
1095 static int doTest(
1096 CSSM_CL_HANDLE clHand,
1097 CSSM_TP_HANDLE tpHand,
1098 CSSM_CSP_HANDLE cspHand,
1099 ExtenTest &extenTest,
1100 bool writeBlobs,
1101 const char *constFileName, // all blobs to this file if non-NULL
1102 bool displayExtens,
1103 OidParser &parser)
1104 {
1105 CSSM_APPLE_TP_CERT_REQUEST certReq;
1106 CSSM_TP_REQUEST_SET reqSet;
1107 sint32 estTime;
1108 CSSM_BOOL confirmRequired;
1109 CSSM_TP_RESULT_SET_PTR resultSet;
1110 CSSM_ENCODED_CERT *encCert;
1111 CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext;
1112 CSSM_FIELD policyId;
1113 CE_DataAndType extPre;
1114 CSSM_RETURN crtn;
1115 CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest
1116 CSSM_DATA signedCert = {0, NULL};
1117
1118 memset(&certReq, 0, sizeof(certReq));
1119 memset(&extPre, 0, sizeof(extPre));
1120
1121 /*
1122 * Cook up a random and reasonable instance of the C struct
1123 * associated with this extension.
1124 */
1125 extenTest.createFcn(&extPre.extension);
1126
1127 /*
1128 * Cook up the associated CSSM_X509_EXTENSION.
1129 */
1130 extPre.type = extenTest.extenType;
1131 extPre.critical = randBool();
1132
1133 /*
1134 * Now the cert request proper.
1135 */
1136 certReq.cspHand = cspHand;
1137 certReq.clHand = clHand;
1138 certReq.serialNumber = 0x8765;
1139 certReq.numSubjectNames = NUM_DUMMY_NAMES;
1140 certReq.subjectNames = dummyRdn;
1141 certReq.numIssuerNames = NUM_DUMMY_NAMES;
1142 certReq.issuerNames = dummyRdn;
1143 certReq.certPublicKey = &subjPubKey;
1144 certReq.issuerPrivateKey = &subjPrivKey;
1145 certReq.signatureAlg = CSSM_ALGID_SHA1WithRSA;
1146 certReq.signatureOid = SIG_OID;
1147 certReq.notBefore = 0; // now
1148 certReq.notAfter = 10000; // seconds from now
1149 certReq.numExtensions = 1;
1150 certReq.extensions = &extPre;
1151
1152 reqSet.NumberOfRequests = 1;
1153 reqSet.Requests = &certReq;
1154
1155 /* a big CSSM_TP_CALLERAUTH_CONTEXT just to specify an OID */
1156 memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT));
1157 memset(&policyId, 0, sizeof(CSSM_FIELD));
1158 policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN;
1159 CallerAuthContext.Policy.NumberOfPolicyIds = 1;
1160 CallerAuthContext.Policy.PolicyIds = &policyId;
1161
1162 /* GO */
1163 crtn = CSSM_TP_SubmitCredRequest(tpHand,
1164 NULL, // PreferredAuthority
1165 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE,
1166 &reqSet,
1167 &CallerAuthContext,
1168 &estTime,
1169 &refId);
1170 if(crtn) {
1171 printError("CSSM_TP_SubmitCredRequest", crtn);
1172 /* show what we tried to encode and decode */
1173 printExtenPre(&extPre, &extenTest.extenOid, parser);
1174 return 1;
1175 }
1176 crtn = CSSM_TP_RetrieveCredResult(tpHand,
1177 &refId,
1178 NULL, // CallerAuthCredentials
1179 &estTime,
1180 &confirmRequired,
1181 &resultSet); // leaks.....
1182 if(crtn) {
1183 printError("CSSM_TP_RetrieveCredResult", crtn);
1184 /* show what we tried to encode and decode */
1185 printExtenPre(&extPre, &extenTest.extenOid, parser);
1186 return 1;
1187 }
1188 if(resultSet == NULL) {
1189 printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n");
1190 /* show what we tried to encode and decode */
1191 printExtenPre(&extPre, &extenTest.extenOid, parser);
1192 return 1;
1193 }
1194 encCert = (CSSM_ENCODED_CERT *)resultSet->Results;
1195 signedCert = encCert->CertBlob;
1196
1197 if(writeBlobs) {
1198 char fileName[200];
1199 if(constFileName) {
1200 strcpy(fileName, constFileName);
1201 }
1202 else {
1203 sprintf(fileName, "%scert.der", extenTest.extenDescr);
1204 }
1205 writeFile(fileName, signedCert.Data, signedCert.Length);
1206 printf("...wrote %lu bytes to %s\n", signedCert.Length, fileName);
1207 }
1208
1209 /* snag the same extension from the encoded cert */
1210 CSSM_DATA_PTR postField;
1211 CSSM_HANDLE resultHand;
1212 uint32 numFields;
1213
1214 crtn = CSSM_CL_CertGetFirstFieldValue(clHand,
1215 &signedCert,
1216 &extenTest.extenOid,
1217 &resultHand,
1218 &numFields,
1219 &postField);
1220 if(crtn) {
1221 printf("****Extension field not found on decode for %s\n",
1222 extenTest.extenDescr);
1223 printError("CSSM_CL_CertGetFirstFieldValue", crtn);
1224
1225 /* show what we tried to encode and decode */
1226 printExtenPre(&extPre, &extenTest.extenOid, parser);
1227 return 1;
1228 }
1229
1230 if(numFields != 1) {
1231 printf("****GetFirstFieldValue: expect 1 value, got %u\n",
1232 (unsigned)numFields);
1233 return 1;
1234 }
1235 CSSM_CL_CertAbortQuery(clHand, resultHand);
1236
1237 /* verify the fields we generated */
1238 CSSM_X509_EXTENSION *extnPost = (CSSM_X509_EXTENSION *)postField->Data;
1239 if((extnPost == NULL) ||
1240 (postField->Length != sizeof(CSSM_X509_EXTENSION))) {
1241 printf("***Malformed CSSM_X509_EXTENSION (1) after decode\n");
1242 return 1;
1243 }
1244 int rtn = 0;
1245 rtn += compBool(extPre.critical, extnPost->critical,
1246 "CSSM_X509_EXTENSION.critical");
1247 rtn += compCssmData(extenTest.extenOid, extnPost->extnId,
1248 "CSSM_X509_EXTENSION.extnId");
1249
1250 if(extnPost->format != CSSM_X509_DATAFORMAT_PARSED) {
1251 printf("***Expected CSSM_X509_DATAFORMAT_PARSED (%x(x), got %x(x)\n",
1252 CSSM_X509_DATAFORMAT_PARSED, extnPost->format);
1253 }
1254 if(extnPost->value.parsedValue == NULL) {
1255 printf("***no parsedValue pointer!\n");
1256 return 1;
1257 }
1258
1259 /* down to extension-specific compare */
1260 rtn += extenTest.compareFcn(&extPre.extension, extnPost->value.parsedValue);
1261
1262 if(rtn) {
1263 /* print preencode only on error */
1264 printExtenPre(&extPre, &extenTest.extenOid, parser);
1265 }
1266 if(displayExtens || rtn) {
1267 printExten(*extnPost, parser);
1268 }
1269
1270 /* free the allocated data */
1271 if(extenTest.freeFcn) {
1272 extenTest.freeFcn(&extPre.extension);
1273 }
1274 CSSM_CL_FreeFieldValue(clHand, &extenTest.extenOid, postField);
1275 CSSM_FREE(signedCert.Data);
1276 CSSM_FREE(encCert);
1277 CSSM_FREE(resultSet);
1278 return rtn;
1279 }
1280
1281 static void doPause(bool pause)
1282 {
1283 if(!pause) {
1284 return;
1285 }
1286 fpurge(stdin);
1287 printf("CR to continue ");
1288 getchar();
1289 }
1290
1291 int main(int argc, char **argv)
1292 {
1293 CSSM_CL_HANDLE clHand;
1294 CSSM_TP_HANDLE tpHand;
1295 CSSM_CSP_HANDLE cspHand;
1296 CSSM_RETURN crtn;
1297 int arg;
1298 int rtn;
1299 OidParser parser;
1300 char *argp;
1301 unsigned i;
1302
1303 /* user-specificied params */
1304 unsigned minExtenNum = 0;
1305 unsigned maxExtenNum = NUM_EXTEN_TESTS-1;
1306 bool writeBlobs = false;
1307 bool displayExtens = false;
1308 bool quiet = false;
1309 unsigned loops = LOOPS_DEF;
1310 bool pauseLoop = false;
1311 bool pauseCert = false;
1312 const char *constFileName = NULL;
1313
1314 for(arg=1; arg<argc; arg++) {
1315 argp = argv[arg];
1316 switch(argp[0]) {
1317 case 'w':
1318 writeBlobs = true;
1319 break;
1320 case 'd':
1321 displayExtens = true;
1322 break;
1323 case 'q':
1324 quiet = true;
1325 break;
1326 case 'p':
1327 pauseLoop = true;
1328 break;
1329 case 'P':
1330 pauseCert = true;
1331 break;
1332 case 'l':
1333 loops = atoi(&argp[2]);
1334 break;
1335 case 'f':
1336 constFileName = &argp[2];
1337 break;
1338 case 'e':
1339 if(argp[1] != '=') {
1340 usage(argv);
1341 }
1342 /* scan thru test array looking for epecified extension */
1343 for(i=0; i<NUM_EXTEN_TESTS; i++) {
1344 if(extenTests[i].extenLetter == argp[2]) {
1345 minExtenNum = maxExtenNum = i;
1346 break;
1347 }
1348 }
1349 if(i == NUM_EXTEN_TESTS) {
1350 usage(argv);
1351 }
1352 break;
1353 default:
1354 usage(argv);
1355 }
1356 }
1357
1358
1359 /* common setup */
1360 clHand = clStartup();
1361 if(clHand == 0) {
1362 return 0;
1363 }
1364 tpHand = tpStartup();
1365 if(tpHand == 0) {
1366 return 0;
1367 }
1368 cspHand = cspStartup();
1369 if(cspHand == 0) {
1370 return 0;
1371 }
1372
1373 printf("Starting extenTestTp; args: ");
1374 for(i=1; i<(unsigned)argc; i++) {
1375 printf("%s ", argv[i]);
1376 }
1377 printf("\n");
1378
1379 /* one common key pair - we're definitely not testing this */
1380 crtn = cspGenKeyPair(cspHand,
1381 KEY_ALG,
1382 SUBJ_KEY_LABEL,
1383 strlen(SUBJ_KEY_LABEL),
1384 KEY_SIZE_BITS,
1385 &subjPubKey,
1386 CSSM_FALSE, // pubIsRef - should work both ways, but not yet
1387 CSSM_KEYUSE_VERIFY,
1388 CSSM_KEYBLOB_RAW_FORMAT_NONE,
1389 &subjPrivKey,
1390 CSSM_TRUE, // privIsRef - doesn't matter
1391 CSSM_KEYUSE_SIGN,
1392 CSSM_KEYBLOB_RAW_FORMAT_NONE,
1393 CSSM_FALSE);
1394 if(crtn) {
1395 exit(1);
1396 }
1397
1398 for(unsigned loop=0; loop<loops; loop++) {
1399 if(!quiet) {
1400 printf("...loop %u\n", loop);
1401 }
1402 for(unsigned extenDex=minExtenNum; extenDex<=maxExtenNum; extenDex++) {
1403 rtn = doTest(clHand, tpHand, cspHand, extenTests[extenDex],
1404 writeBlobs, constFileName, displayExtens, parser);
1405 if(rtn) {
1406 break;
1407 }
1408 doPause(pauseCert);
1409 }
1410 if(rtn) {
1411 break;
1412 }
1413 doPause(pauseLoop);
1414 }
1415
1416 if(rtn) {
1417 printf("***%s FAILED\n", argv[0]);
1418 }
1419 else if(!quiet) {
1420 printf("...%s passed\n", argv[0]);
1421 }
1422
1423
1424 /* cleanup */
1425 CSSM_ModuleDetach(cspHand);
1426 CSSM_ModuleDetach(clHand);
1427 CSSM_ModuleDetach(tpHand);
1428 return 0;
1429 }
1430
mirror of Security