]> git.saurik.com Git - apple/security.git/blob - tests/TrustTests/EvaluationTests/ECTests.m
Security-59754.80.3.tar.gz
[apple/security.git] / tests / TrustTests / EvaluationTests / ECTests.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 */
24
25 #include <AssertMacros.h>
26 #import <XCTest/XCTest.h>
27 #include <Security/SecTrust.h>
28 #include <Security/SecCertificatePriv.h>
29 #include <Security/SecPolicy.h>
30 #include "OSX/utilities/SecCFWrappers.h"
31
32 #import "TrustEvaluationTestCase.h"
33 #import "ECTests_data.h"
34 #include "../TestMacroConversions.h"
35
36 /* Set this to 1 to test support for the legacy ecdsa-with-specified
37 signature oid. */
38 #define TEST_ECDSA_WITH_SPECIFIED 0
39
40 @interface ECTests : TrustEvaluationTestCase
41 @end
42
43 #define trust_ok(CERT, ROOT, DATE, ...) \
44 ({ \
45 XCTAssertTrue(test_trust_ok(CERT, sizeof(CERT), ROOT, sizeof(ROOT), DATE), __VA_ARGS__); \
46 })
47
48 static bool test_trust_ok(const uint8_t *cert_data, size_t cert_len,
49 const uint8_t *root_data, size_t root_len, const char *date_str) {
50 SecTrustRef trust = NULL;
51 SecPolicyRef policy = NULL;
52 CFArrayRef anchors = NULL;
53 SecCertificateRef cert = NULL, root = NULL;
54 CFDateRef date = NULL;
55 bool result = false;
56 CFErrorRef error = NULL;
57 require_string(cert = SecCertificateCreateWithBytes(NULL, cert_data, cert_len),
58 errOut, "create cert");
59 require_string(root = SecCertificateCreateWithBytes(NULL, root_data, root_len),
60 errOut, "create root");
61
62 policy = SecPolicyCreateSSL(false, NULL);
63 require_noerr_string(SecTrustCreateWithCertificates(cert, policy, &trust),
64 errOut, "create trust with single cert");
65 anchors = CFArrayCreate(NULL, (const void **)&root, 1,
66 &kCFTypeArrayCallBacks);
67 require_noerr_string(SecTrustSetAnchorCertificates(trust, anchors),
68 errOut, "set anchors");
69
70 /* 2006/03/03 00:12:00 */
71 date = CFDateCreate(NULL, 163037520.0);
72 require_noerr_string(SecTrustSetVerifyDate(trust, date), errOut, "set date");
73 result = SecTrustEvaluateWithError(trust, &error);
74
75 errOut:
76 CFReleaseSafe(date);
77 CFReleaseSafe(anchors);
78 CFReleaseSafe(policy);
79 CFReleaseSafe(root);
80 CFReleaseSafe(cert);
81 CFReleaseSafe(trust);
82 CFReleaseSafe(error);
83 return result;
84 }
85
86 @implementation ECTests
87
88 - (void)testMicrosoft_ECCerts {
89 /* Verification of ECC certs created by Microsoft */
90 trust_ok(RootP256_cer, RootP256_cer,
91 "20060303001200", "RootP256_cer root");
92 #if TEST_ECDSA_WITH_SPECIFIED
93 trust_ok(End_P256_Specified_SHA1_cer, RootP256_cer,
94 "20060303001200", "End_P256_Specified_SHA1_cer");
95 trust_ok(End_P256_Specified_SHA256_cer, RootP256_cer,
96 "20060303001200", "End_P256_Specified_SHA256_cer");
97 trust_ok(End_P384_Specified_SHA256_cer, RootP256_cer,
98 "20060303001200", "End_P384_Specified_SHA256_cer");
99 trust_ok(End_P384_Specified_SHA384_cer, RootP256_cer,
100 "20060303001200", "End_P384_Specified_SHA384_cer");
101 trust_ok(End_P521_Specified_SHA1_cer, RootP256_cer,
102 "20060303001200", "End_P521_Specified_SHA1_cer");
103 #endif /* TEST_ECDSA_WITH_SPECIFIED */
104 trust_ok(End_P256_combined_SHA256_cer, RootP256_cer,
105 "20060303001200", "End_P256_combined_SHA256_cer");
106 trust_ok(End_P384_combined_SHA256_cer, RootP256_cer,
107 "20060303001200", "End_P384_combined_SHA256_cer");
108 trust_ok(End_P384_combined_SHA1_cer, RootP256_cer,
109 "20060303001200", "End_P384_combined_SHA1_cer");
110 trust_ok(End_P521_combined_SHA1_cer, RootP256_cer,
111 "20060303001200", "End_P521_combined_SHA1_cer");
112 trust_ok(End_P256_combined_SHA512_cer, RootP256_cer,
113 "20060303001200", "End_P256_combined_SHA512_cer");
114 trust_ok(End_P521_combined_SHA512_cer, RootP256_cer,
115 "20060303001200", "End_P521_combined_SHA512_cer");
116 }
117
118 - (void)testNSS_ECCerts {
119 /* Verification of ECC certs created by NSS */
120 trust_ok(ECCCA_cer, ECCCA_cer,
121 "20060303001200", "ECCCA_cer root");
122 trust_ok(ECCp192_cer, ECCCA_cer,
123 "20060303001200", "ECCp192_cer");
124 trust_ok(ECCp256_cer, ECCCA_cer,
125 "20060303001200", "ECCp256_cer");
126 trust_ok(ECCp384_cer, ECCCA_cer,
127 "20060303001200", "ECCp384_cer");
128 trust_ok(ECCp521_cer, ECCCA_cer,
129 "20060303001200", "ECCp521_cer");
130 }
131
132 - (void)testOpenSSL_ECCerts {
133 /* Verification of ECC certs created by OpenSSL */
134 trust_ok(secp256r1ca_cer, secp256r1ca_cer,
135 "20060303001200", "secp256r1ca_cer root");
136 trust_ok(secp256r1server_secp256r1ca_cer, secp256r1ca_cer,
137 "20060303001200", "secp256r1server_secp256r1ca_cer");
138 trust_ok(secp384r1ca_cer, secp384r1ca_cer,
139 "20060303001200", "secp384r1ca_cer root");
140 trust_ok(secp384r1server_secp384r1ca_cer, secp384r1ca_cer,
141 "20060303001200", "secp384r1server_secp384r1ca_cer");
142 trust_ok(secp521r1ca_cer, secp521r1ca_cer,
143 "20060303001200", "secp521r1ca_cer root");
144 trust_ok(secp521r1server_secp521r1ca_cer, secp521r1ca_cer,
145 "20060303001200", "secp521r1server_secp521r1ca_cer");
146 }
147
148 @end