]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/regressions/cms-01-basic.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / libsecurity_smime / regressions / cms-01-basic.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include "cms-01-basic.h"
25 #include "cms_regressions.h"
26
27 #include <AssertMacros.h>
28
29 #include <utilities/SecCFRelease.h>
30
31 #include <Security/SecBase.h>
32 #include <Security/SecImportExport.h>
33 #include <Security/SecKeychain.h>
34 #include <Security/SecIdentity.h>
35 #include <Security/SecPolicy.h>
36
37 #include <Security/SecCmsMessage.h>
38 #include <Security/SecCmsSignedData.h>
39 #include <Security/SecCmsContentInfo.h>
40 #include <Security/SecCmsSignerInfo.h>
41 #include <Security/SecCmsEncoder.h>
42 #include <Security/SecCmsDecoder.h>
43 #include <Security/SecCmsEnvelopedData.h>
44 #include <Security/SecCmsRecipientInfo.h>
45
46 #include <security_asn1/secerr.h>
47 #include <security_asn1/seccomon.h>
48
49 #include <unistd.h>
50
51 #define TMP_KEYCHAIN_PATH "/tmp/cms_01_test.keychain"
52
53 #pragma clang diagnostic push
54 #pragma clang diagnostic ignored "-Wunused-variable"
55 #pragma clang diagnostic ignored "-Wunused-function"
56
57 #define kNumberSetupTests 10
58 static SecKeychainRef setup_keychain(const uint8_t *p12, size_t p12_len, SecIdentityRef *identity, SecCertificateRef *cert) {
59 CFDataRef p12Data = NULL;
60 CFArrayRef imported_items = NULL, oldSearchList = NULL;
61 CFMutableArrayRef newSearchList = NULL;
62 SecKeychainRef keychain = NULL;
63 SecExternalFormat sef = kSecFormatPKCS12;
64 SecItemImportExportKeyParameters keyParams = {
65 .passphrase = CFSTR("password")
66 };
67
68 /* Create keychain and add to search list (for decryption) */
69 unlink(TMP_KEYCHAIN_PATH);
70 ok_status(SecKeychainCopySearchList(&oldSearchList),
71 "Copy keychain search list");
72 require(oldSearchList, out);
73 ok(newSearchList = CFArrayCreateMutableCopy(NULL, CFArrayGetCount(oldSearchList)+1, oldSearchList),
74 "Create new search list");
75 ok_status(SecKeychainCreate(TMP_KEYCHAIN_PATH, 8, "password", false, NULL, &keychain),
76 "Create keychain for identity");
77 require(keychain, out);
78 CFArrayAppendValue(newSearchList, keychain);
79 ok_status(SecKeychainSetSearchList(newSearchList),
80 "Set keychain search list");
81
82 /* Load identity and set as signer */
83 ok(p12Data = CFDataCreate(NULL, p12, p12_len),
84 "Create p12 data");
85 ok_status(SecItemImport(p12Data, NULL, &sef, NULL, 0, &keyParams, keychain, &imported_items),
86 "Import identity");
87 is(CFArrayGetCount(imported_items),1,"Imported 1 items");
88 is(CFGetTypeID(CFArrayGetValueAtIndex(imported_items, 0)), SecIdentityGetTypeID(),
89 "Got back an identity");
90 ok(*identity = (SecIdentityRef) CFRetainSafe(CFArrayGetValueAtIndex(imported_items, 0)),
91 "Retrieve identity");
92 ok_status(SecIdentityCopyCertificate(*identity, cert),
93 "Copy certificate");
94
95 CFReleaseNull(p12Data);
96 CFReleaseNull(imported_items);
97
98 out:
99 CFReleaseNull(oldSearchList);
100 CFReleaseNull(newSearchList);
101 return keychain;
102 }
103
104 #define kNumberCleanupTests 1
105 static void cleanup_keychain(SecKeychainRef keychain, SecIdentityRef identity, SecCertificateRef cert) {
106 /* Delete keychain - from the search list and from disk */
107 ok_status(SecKeychainDelete(keychain), "Delete temporary keychain");
108 CFReleaseNull(keychain);
109 CFReleaseNull(cert);
110 CFReleaseNull(identity);
111 }
112
113 static OSStatus sign_please(SecIdentityRef identity, SECOidTag digestAlgTag, bool withAttrs, uint8_t *expected_output, size_t expected_len) {
114
115 OSStatus status = SECFailure;
116
117 SecCmsMessageRef cmsg = NULL;
118 SecCmsSignedDataRef sigd = NULL;
119 SecCmsContentInfoRef cinfo = NULL;
120 SecCmsSignerInfoRef signerInfo = NULL;
121 SecCmsEncoderRef encoder = NULL;
122 SecArenaPoolRef arena = NULL;
123 CSSM_DATA cms_data = {
124 .Data = NULL,
125 .Length = 0
126 };
127 uint8_t string_to_sign[] = "This message is signed. Ain't it pretty?";
128
129 /* setup the message */
130 require_action_string(cmsg = SecCmsMessageCreate(NULL), out,
131 status = errSecAllocate, "Failed to create message");
132 require_action_string(sigd = SecCmsSignedDataCreate(cmsg), out,
133 status = errSecAllocate, "Failed to create signed data");
134 require_action_string(cinfo = SecCmsMessageGetContentInfo(cmsg), out,
135 status = errSecParam, "Failed to get cms content info");
136 require_noerr_string(status = SecCmsContentInfoSetContentSignedData(cmsg, cinfo, sigd), out,
137 "Failed to set signed data into content info");
138 require_action_string(cinfo = SecCmsSignedDataGetContentInfo(sigd), out,
139 status = errSecParam, "Failed to get content info from signed data");
140 require_noerr_string(status = SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out,
141 "Failed to set signed data content info");
142 require_action_string(signerInfo = SecCmsSignerInfoCreate(cmsg, identity, digestAlgTag), out,
143 status = errSecAllocate, "Failed to create signer info");
144 require_noerr_string(status = SecCmsSignerInfoIncludeCerts(signerInfo, SecCmsCMCertOnly,
145 certUsageEmailSigner), out,
146 "Failed to put certs in signer info");
147
148 if(withAttrs) {
149 require_noerr_string(status = SecCmsSignerInfoAddSigningTime(signerInfo, 480000000.0), out,
150 "Couldn't add an attribute");
151 }
152 require_noerr_string(status = SecCmsSignedDataAddSignerInfo(sigd, signerInfo), out,
153 "Couldn't add signer info to signed data");
154
155 /* encode now */
156 require_noerr_string(status = SecArenaPoolCreate(1024, &arena), out,
157 "Failed to create arena");
158 require_noerr_string(status = SecCmsEncoderCreate(cmsg, NULL, NULL, &cms_data, arena, NULL, NULL,
159 NULL, NULL, NULL, NULL, &encoder), out,
160 "Failed to create encoder");
161 require_noerr_string(status = SecCmsEncoderUpdate(encoder, string_to_sign, sizeof(string_to_sign)), out,
162 "Failed to add data ");
163 status = SecCmsEncoderFinish(encoder);
164 encoder = NULL; // SecCmsEncoderFinish always frees the encoder but doesn't NULL it.
165 require_noerr_quiet(status, out);
166
167 /* verify the output matches expected results */
168 if (expected_output) {
169 require_action_string(expected_len == cms_data.Length, out,
170 status = -1, "Output size differs from expected");
171 require_noerr_action_string(memcmp(expected_output, cms_data.Data, expected_len), out,
172 status = -1, "Output differs from expected");
173 }
174
175 out:
176 if (encoder) {
177 SecCmsEncoderDestroy(encoder);
178 }
179 if (arena) {
180 SecArenaPoolFree(arena, false);
181 }
182 if (cmsg) {
183 SecCmsMessageDestroy(cmsg);
184 }
185 return status;
186
187 }
188
189 static OSStatus verify_please(SecKeychainRef keychain, uint8_t *data_to_verify, size_t length) {
190 OSStatus status = SECFailure;
191 SecCmsDecoderRef decoder = NULL;
192 SecCmsMessageRef cmsg = NULL;
193 SecCmsContentInfoRef cinfo = NULL;
194 SecCmsSignedDataRef sigd = NULL;
195 SecPolicyRef policy = NULL;
196 SecTrustRef trust = NULL;
197
198 if (!data_to_verify) {
199 return errSecSuccess; // reasons...
200 }
201
202 require_noerr_string(status = SecCmsDecoderCreate(NULL, NULL, NULL, NULL, NULL,
203 NULL, NULL, &decoder), out,
204 "Failed to create decoder");
205 require_noerr_string(status = SecCmsDecoderUpdate(decoder, data_to_verify, length), out,
206 "Failed to add data ");
207 status = SecCmsDecoderFinish(decoder, &cmsg);
208 decoder = NULL; // SecCmsDecoderFinish always frees the decoder
209 require_noerr_quiet(status, out);
210
211 require_action_string(cinfo = SecCmsMessageContentLevel(cmsg, 0), out,
212 status = errSecDecode, "Failed to get content info");
213 require_action_string(SEC_OID_PKCS7_SIGNED_DATA == SecCmsContentInfoGetContentTypeTag(cinfo), out,
214 status = errSecDecode, "Content type was pkcs7 signed data");
215 require_action_string(sigd = (SecCmsSignedDataRef)SecCmsContentInfoGetContent(cinfo), out,
216 status = errSecDecode, "Failed to get signed data");
217 require_action_string(policy = SecPolicyCreateBasicX509(), out,
218 status = errSecAllocate, "Failed to create basic policy");
219 status = SecCmsSignedDataVerifySignerInfo(sigd, 0, keychain, policy, &trust);
220
221 out:
222 if (decoder) {
223 SecCmsDecoderDestroy(decoder);
224 }
225 if (cmsg) {
226 SecCmsMessageDestroy(cmsg);
227 }
228 CFReleaseNull(policy);
229 CFReleaseNull(trust);
230 return status;
231 }
232
233 static uint8_t *invalidate_signature(uint8_t *cms_data, size_t length) {
234 if (!cms_data || !length || (length < 10)) {
235 return NULL;
236 }
237 uint8_t *invalid_cms = NULL;
238
239 invalid_cms = malloc(length);
240 if (invalid_cms) {
241 memcpy(invalid_cms, cms_data, length);
242 /* This modifies the signature part of the test cms binaries */
243 invalid_cms[length - 10] = 0x00;
244 }
245
246 return invalid_cms;
247 }
248
249 static OSStatus invalidate_and_verify(SecKeychainRef kc, uint8_t *cms_data, size_t length) {
250 OSStatus status = SECFailure;
251 uint8_t *invalid_cms_data = NULL;
252
253 if (!cms_data) {
254 return SECFailure; // reasons...
255 }
256
257 require_action_string(invalid_cms_data = invalidate_signature(cms_data, length), out,
258 status = errSecAllocate, "Unable to allocate buffer for invalid cms data");
259 status = verify_please(kc, invalid_cms_data, length);
260
261 out:
262 if (invalid_cms_data) {
263 free(invalid_cms_data);
264 }
265 return status;
266 }
267
268 /* forward declaration */
269 static OSStatus decrypt_please(uint8_t *data_to_decrypt, size_t length);
270
271 static OSStatus encrypt_please(SecCertificateRef recipient, SECOidTag encAlg, int keysize) {
272 OSStatus status = SECFailure;
273 SecCmsMessageRef cmsg = NULL;
274 SecCmsEnvelopedDataRef envd = NULL;
275 SecCmsContentInfoRef cinfo = NULL;
276 SecCmsRecipientInfoRef rinfo = NULL;
277 SecArenaPoolRef arena = NULL;
278 SecCmsEncoderRef encoder = NULL;
279 CSSM_DATA cms_data = {
280 .Data = NULL,
281 .Length = 0
282 };
283 const uint8_t data_to_encrypt[] = "This data is encrypted. Is cool, no?";
284
285 /* set up the message */
286 require_action_string(cmsg = SecCmsMessageCreate(NULL), out,
287 status = errSecAllocate, "Failed to create message");
288 require_action_string(envd = SecCmsEnvelopedDataCreate(cmsg, encAlg, keysize), out,
289 status = errSecAllocate, "Failed to create enveloped data");
290 require_action_string(cinfo = SecCmsMessageGetContentInfo(cmsg), out,
291 status = errSecParam, "Failed to get content info from cms message");
292 require_noerr_string(status = SecCmsContentInfoSetContentEnvelopedData(cmsg, cinfo, envd), out,
293 "Failed to set enveloped data in cms message");
294 require_action_string(cinfo = SecCmsEnvelopedDataGetContentInfo(envd), out,
295 status = errSecParam, "Failed to get content info from enveloped data");
296 require_noerr_string(status = SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out,
297 "Failed to set data type in envelope");
298 require_action_string(rinfo = SecCmsRecipientInfoCreate(cmsg, recipient), out,
299 status = errSecAllocate, "Failed to create recipient info");
300 require_noerr_string(status = SecCmsEnvelopedDataAddRecipient(envd, rinfo), out,
301 "Failed to add recipient info to envelope");
302
303 /* encode the message */
304 require_noerr_string(status = SecArenaPoolCreate(1024, &arena), out,
305 "Failed to create arena");
306 require_noerr_string(status = SecCmsEncoderCreate(cmsg, NULL, NULL, &cms_data, arena, NULL, NULL,
307 NULL, NULL, NULL, NULL, &encoder), out,
308 "Failed to create encoder");
309 require_noerr_string(status = SecCmsEncoderUpdate(encoder, data_to_encrypt, sizeof(data_to_encrypt)), out,
310 "Failed to update encoder with data");
311 status = SecCmsEncoderFinish(encoder);
312 encoder = NULL; // SecCmsEncoderFinish always frees the encoder but doesn't NULL it.
313 require_noerr_quiet(status, out);
314
315 require_noerr_string(status = decrypt_please(cms_data.Data, cms_data.Length), out,
316 "Failed to decrypt the data we just encrypted");
317
318 out:
319 if (encoder) {
320 SecCmsEncoderDestroy(encoder);
321 }
322 if (arena) {
323 SecArenaPoolFree(arena, false);
324 }
325 if (cmsg) {
326 SecCmsMessageDestroy(cmsg);
327 }
328 return status;
329 }
330
331 static OSStatus decrypt_please(uint8_t *data_to_decrypt, size_t length) {
332 OSStatus status = SECFailure;
333 SecCmsDecoderRef decoder = NULL;
334 SecCmsMessageRef cmsg = NULL;
335 CSSM_DATA_PTR content = NULL;
336 const uint8_t encrypted_string[] = "This data is encrypted. Is cool, no?";
337
338 require_noerr_string(status = SecCmsDecoderCreate(NULL, NULL, NULL, NULL, NULL,
339 NULL, NULL, &decoder), out,
340 "Failed to create decoder");
341 require_noerr_string(status = SecCmsDecoderUpdate(decoder, data_to_decrypt, length), out,
342 "Failed to add data ");
343 status = SecCmsDecoderFinish(decoder, &cmsg);
344 decoder = NULL; // SecCmsDecoderFinish always frees the decoder
345 require_noerr_quiet(status, out);
346 require_action_string(content = SecCmsMessageGetContent(cmsg), out,
347 status = errSecDecode, "Unable to get message contents");
348
349 /* verify the output matches expected results */
350 require_action_string(sizeof(encrypted_string) == content->Length, out,
351 status = -1, "Output size differs from expected");
352 require_noerr_action_string(memcmp(encrypted_string, content->Data, content->Length), out,
353 status = -1, "Output differs from expected");
354
355 out:
356 if (cmsg) {
357 SecCmsMessageDestroy(cmsg);
358 }
359 return status;
360 }
361
362 /* Signing with attributes goes through a different code path than signing without,
363 * so we need to test both. */
364 #define kNumberSignTests 10
365 static void sign_tests(SecIdentityRef identity, bool isRSA) {
366
367 /* no attributes */
368 is(sign_please(identity, SEC_OID_MD5, false, NULL, 0),
369 SEC_ERROR_INVALID_ALGORITHM, "Signed with MD5. Not cool.");
370 is(sign_please(identity, SEC_OID_SHA1, false, (isRSA) ? rsa_sha1 : NULL,
371 (isRSA) ? sizeof(rsa_sha1) : 0),
372 errSecSuccess, "Signed with SHA-1");
373 is(sign_please(identity, SEC_OID_SHA256, false, (isRSA) ? rsa_sha256 : NULL,
374 (isRSA) ? sizeof(rsa_sha256) : 0),
375 errSecSuccess, "Signed with SHA-256");
376 is(sign_please(identity, SEC_OID_SHA384, false, NULL, 0), errSecSuccess, "Signed with SHA-384");
377 is(sign_please(identity, SEC_OID_SHA512, false, NULL, 0), errSecSuccess, "Signed with SHA-512");
378
379 /* with attributes */
380 is(sign_please(identity, SEC_OID_MD5, true, NULL, 0),
381 SEC_ERROR_INVALID_ALGORITHM, "Signed with MD5 and attributes. Not cool.");
382 is(sign_please(identity, SEC_OID_SHA1, true, (isRSA) ? rsa_sha1_attr : NULL,
383 (isRSA) ? sizeof(rsa_sha1_attr) : 0),
384 errSecSuccess, "Signed with SHA-1 and attributes");
385 is(sign_please(identity, SEC_OID_SHA256, true, (isRSA) ? rsa_sha256_attr : NULL,
386 (isRSA) ? sizeof(rsa_sha256_attr) : 0),
387 errSecSuccess, "Signed with SHA-256 and attributes");
388 is(sign_please(identity, SEC_OID_SHA384, true, NULL, 0),
389 errSecSuccess, "Signed with SHA-384 and attributes");
390 is(sign_please(identity, SEC_OID_SHA512, true, NULL, 0),
391 errSecSuccess, "Signed with SHA-512 and attributes");
392 }
393
394 /* Verifying with attributes goes through a different code path than verifying without,
395 * so we need to test both. */
396 #define kNumberVerifyTests 13
397 static void verify_tests(SecKeychainRef kc, bool isRsa) {
398 /* no attributes */
399 is(verify_please(kc, (isRsa) ? rsa_md5 : ec_md5,
400 (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
401 (isRsa) ? errSecSuccess : SECFailure,
402 "Verify MD5, no attributes");
403 is(verify_please(kc, (isRsa) ? rsa_sha1 : ec_sha1,
404 (isRsa) ? sizeof(rsa_sha1) : sizeof(ec_sha1)),
405 errSecSuccess, "Verify SHA1, no attributes");
406 is(verify_please(kc, (isRsa) ? rsa_sha256 : ec_sha256,
407 (isRsa) ? sizeof(rsa_sha256) : sizeof(ec_sha256)),
408 errSecSuccess, "Verify SHA256, no attributes");
409
410 /* with attributes */
411 is(verify_please(kc, (isRsa) ? rsa_md5_attr : NULL,
412 (isRsa) ? sizeof(rsa_md5_attr) : 0),
413 errSecSuccess, "Verify MD5, with attributes");
414 is(verify_please(kc, (isRsa) ? rsa_sha1_attr : ec_sha1_attr,
415 (isRsa) ? sizeof(rsa_sha1_attr) : sizeof(ec_sha1_attr)),
416 errSecSuccess, "Verify SHA1, with attributes");
417 is(verify_please(kc, (isRsa) ? rsa_sha256_attr : ec_sha256_attr,
418 (isRsa) ? sizeof(rsa_sha256_attr) : sizeof(ec_sha256_attr)),
419 errSecSuccess, "Verify SHA256, with attributes");
420
421 /***** Once more, with validation errors *****/
422
423 /* no attributes */
424 is(verify_please(kc, (isRsa) ? rsa_sinfo_unknown_digest : ec_sinfo_unknown_digest,
425 (isRsa) ? sizeof(rsa_sinfo_unknown_digest) : sizeof(ec_sinfo_unknown_digest)),
426 errSecInvalidDigestAlgorithm, "Verify unknown digest OID in signer info");
427 is(invalidate_and_verify(kc, (isRsa) ? rsa_md5 : ec_md5,
428 (isRsa) ? sizeof(rsa_md5) : sizeof(ec_md5)),
429 SECFailure, "Verify invalid MD5, no attributes");
430 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha1 : ec_sha1,
431 (isRsa) ? sizeof(rsa_sha1) : sizeof(ec_sha1)),
432 SECFailure, "Verify invalid SHA1, no attributes");
433 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha256 : ec_sha256,
434 (isRsa) ? sizeof(rsa_sha256) : sizeof(ec_sha256)),
435 SECFailure, "Verify invalid SHA256, no attributes");
436
437 /* with attributes */
438 is(invalidate_and_verify(kc, (isRsa) ? rsa_md5_attr : NULL,
439 (isRsa) ? sizeof(rsa_md5_attr) : 0),
440 SECFailure, "Verify invalid MD5, with attributes");
441 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha1_attr : ec_sha1_attr,
442 (isRsa) ? sizeof(rsa_sha1_attr) : sizeof(ec_sha1_attr)),
443 SECFailure, "Verify invalid SHA1, with attributes");
444 is(invalidate_and_verify(kc, (isRsa) ? rsa_sha256_attr : ec_sha256_attr,
445 (isRsa) ? sizeof(rsa_sha256_attr) : sizeof(ec_sha256_attr)),
446 SECFailure, "Verify invalid SHA256, with attributes");
447 }
448
449 #define kNumberEncryptTests 5
450 static void encrypt_tests(SecCertificateRef certificate) {
451 is(encrypt_please(certificate, SEC_OID_DES_EDE3_CBC, 192),
452 errSecSuccess, "Encrypt with 3DES");
453 is(encrypt_please(certificate, SEC_OID_RC2_CBC, 128),
454 errSecSuccess, "Encrypt with 128-bit RC2");
455 is(encrypt_please(certificate, SEC_OID_AES_128_CBC, 128),
456 errSecSuccess, "Encrypt with 128-bit AES");
457 is(encrypt_please(certificate, SEC_OID_AES_192_CBC, 192),
458 errSecSuccess, "Encrypt with 192-bit AES");
459 is(encrypt_please(certificate, SEC_OID_AES_256_CBC, 256),
460 errSecSuccess, "Encrypt with 256-bit AES");
461 }
462
463 #define kNumberDecryptTests 5
464 static void decrypt_tests(bool isRsa) {
465 is(decrypt_please((isRsa) ? rsa_3DES : ec_3DES,
466 (isRsa) ? sizeof(rsa_3DES) : sizeof(ec_3DES)),
467 errSecSuccess, "Decrypt 3DES");
468 is(decrypt_please((isRsa) ? rsa_RC2 : ec_RC2,
469 (isRsa) ? sizeof(rsa_RC2) : sizeof(ec_RC2)),
470 errSecSuccess, "Decrypt 128-bit RC2");
471 is(decrypt_please((isRsa) ? rsa_AES_128 : ec_AES_128,
472 (isRsa) ? sizeof(rsa_AES_128) : sizeof(ec_AES_128)),
473 errSecSuccess, "Decrypt 128-bit AES");
474 is(decrypt_please((isRsa) ? rsa_AES_192 : ec_AES_192,
475 (isRsa) ? sizeof(rsa_AES_192) : sizeof(ec_AES_192)),
476 errSecSuccess, "Decrypt 192-bit AES");
477 is(decrypt_please((isRsa) ? rsa_AES_256 : ec_AES_256,
478 (isRsa) ? sizeof(rsa_AES_256) : sizeof(ec_AES_256)),
479 errSecSuccess, "Decrypt 256-bit AES");
480 }
481
482 int cms_01_basic(int argc, char *const *argv)
483 {
484 plan_tests(2*(kNumberSetupTests + kNumberSignTests + kNumberVerifyTests +
485 kNumberEncryptTests + kNumberDecryptTests + kNumberCleanupTests));
486
487 SecKeychainRef kc = NULL;
488 SecIdentityRef identity = NULL;
489 SecCertificateRef certificate = NULL;
490
491 /* RSA tests */
492 kc = setup_keychain(_rsa_identity, sizeof(_rsa_identity), &identity, &certificate);
493 sign_tests(identity, true);
494 verify_tests(kc, true);
495 encrypt_tests(certificate);
496 decrypt_tests(true);
497 cleanup_keychain(kc, identity, certificate);
498
499 /* EC tests */
500 kc = setup_keychain(_ec_identity, sizeof(_ec_identity), &identity, &certificate);
501 sign_tests(identity, false);
502 verify_tests(kc, false);
503 encrypt_tests(certificate);
504 decrypt_tests(false);
505 cleanup_keychain(kc, identity, certificate);
506
507 return 0;
508 }
mirror of Security