]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Regressions/secitem/si-64-ossl-cms.c
Security-57337.40.85.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-64-ossl-cms.c
1 /*
2 * Copyright (c) 2009,2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include "si-64-ossl-cms/attached_no_data_signed_data.h"
25 #include "si-64-ossl-cms/attached_signed_data.h"
26 #include "si-64-ossl-cms/detached_content.h"
27 #include "si-64-ossl-cms/detached_signed_data.h"
28 #include "si-64-ossl-cms/signer.h"
29 #include "si-64-ossl-cms/privkey.h"
30
31 #include <CoreFoundation/CoreFoundation.h>
32 #include <Security/SecCMS.h>
33 #include <Security/SecRSAKey.h>
34 #include <Security/SecCertificatePriv.h>
35 #include <Security/SecIdentityPriv.h>
36 #include <utilities/SecCFWrappers.h>
37
38 #include <unistd.h>
39 #include <AssertMacros.h>
40
41 #include "Security_regressions.h"
42
43 /*
44 openssl req -new -newkey rsa:512 -x509 -nodes -subj "/O=foo/CN=bar" -out signer.pem
45 echo -n "hoi joh" > detached_content
46 openssl smime -sign -outform der -signer signer.pem -in detached_content -inkey privkey.pem -out detached_signed_data.der
47 openssl smime -nodetach -sign -outform der -signer test.pem -in detached_content -inkey privkey.pem -out attached_signed_data.der
48 openssl smime -nodetach -sign -outform der -signer test.pem -inkey privkey.pem -out attached_no_data_signed_data.der < /dev/null
49
50 xxd -i detached_content > detached_content.h
51 xxd -i attached_no_data_signed_data.der > attached_no_data_signed_data.h
52 xxd -i attached_signed_data.der > attached_signed_data.h
53 xxd -i detached_signed_data.der > detached_signed_data.h
54
55 openssl x509 -in test.pem -outform der -out signer.der
56 xxd -i signer.der > signer.h
57
58
59 attached difference:
60
61 33 NDEF: SEQUENCE {
62 <06 09>
63 35 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
64 <A0 80>
65 46 NDEF: [0] {
66 <24 80>
67 48 NDEF: OCTET STRING {
68 <04 07>
69 50 7: OCTET STRING 'hoi joh'
70 <00 00>
71 : }
72 <00 00>
73 : }
74 <00 00>
75 : }
76
77 39 22: SEQUENCE {
78 <06 09>
79 41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
80 <A0 09>
81 52 9: [0] {
82 <04 07>
83 54 7: OCTET STRING 'hoi joh'
84 : }
85 : }
86
87 detached:
88
89 <30 80>
90 33 NDEF: SEQUENCE {
91 <06 09>
92 35 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
93 <00 00>
94 : }
95
96 <30 0B>
97 39 11: SEQUENCE {
98 <06 09>
99 41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
100 : }
101
102 attached empty:
103
104 <30 80>
105 33 NDEF: SEQUENCE {
106 <06 09>
107 35 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
108 <A0 80>
109 46 NDEF: [0] {
110 <24 80>
111 48 NDEF: OCTET STRING {
112 <00 00>
113 : }
114 <00 00>
115 : }
116 <00 00>
117 : }
118
119 <30 0F>
120 39 15: SEQUENCE {
121 <06 09>
122 41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
123 <A0 02>
124 52 2: [0] {
125 <04 00>
126 54 0: OCTET STRING
127 : Error: Object has zero length.
128 : }
129 : }
130
131
132 */
133
134 #include <fcntl.h>
135 __unused static inline void write_data(const char * path, CFDataRef data)
136 {
137 int data_file = open(path, O_CREAT|O_WRONLY|O_TRUNC, 0644);
138 write(data_file, CFDataGetBytePtr(data), CFDataGetLength(data));
139 close(data_file);
140 }
141
142 static void tests(void)
143 {
144 CFDataRef attached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_signed_data_der, attached_signed_data_der_len, kCFAllocatorNull);
145 CFDataRef detached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_signed_data_der, detached_signed_data_der_len, kCFAllocatorNull);
146 CFDataRef attached_no_data_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_no_data_signed_data_der, attached_no_data_signed_data_der_len, kCFAllocatorNull);
147 CFDataRef detached_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_content, detached_content_len, kCFAllocatorNull);
148 CFDataRef no_data = CFDataCreate(kCFAllocatorDefault, NULL, 0);
149 SecPolicyRef policy = SecPolicyCreateBasicX509();
150 SecTrustRef trust = NULL;
151
152 ok_status(SecCMSVerifyCopyDataAndAttributes(attached_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached data");
153 CFRelease(trust);
154 ok_status(SecCMSVerifyCopyDataAndAttributes(detached_signed_data, detached_data, policy, &trust, NULL, NULL), "verify detached data");
155 CFRelease(trust);
156 ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached no data");
157 CFRelease(trust);
158 ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, no_data, policy, &trust, NULL, NULL), "verify attached no data");
159 CFRelease(trust);
160
161
162 SecCertificateRef cert = NULL;
163 SecKeyRef privKey = NULL;
164 SecIdentityRef identity = NULL;
165
166 isnt(cert = SecCertificateCreateWithBytes(NULL, signer_der, signer_der_len), NULL, "create certificate");
167 isnt(privKey = SecKeyCreateRSAPrivateKey(NULL, privkey_der, privkey_der_len, kSecKeyEncodingPkcs1), NULL, "create private key");
168 isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
169 CFReleaseSafe(privKey);
170
171 CFMutableDataRef cms_data = CFDataCreateMutable(kCFAllocatorDefault, 0);
172 ok_status(SecCMSCreateSignedData(identity, detached_data, NULL, NULL, cms_data), "create attached data");
173 //write_data("/var/tmp/attached", cms_data);
174 CFDataSetLength(cms_data, 0);
175 CFDictionaryRef detached_cms_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecCMSSignDetached, (const void **)&kCFBooleanTrue, 1, NULL, NULL);
176 ok_status(SecCMSCreateSignedData(identity, detached_data, detached_cms_dict, NULL, cms_data), "create attached data");
177 CFRelease(detached_cms_dict);
178 //write_data("/var/tmp/detached", cms_data);
179 CFDataSetLength(cms_data, 0);
180 ok_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), "create attached data");
181 //write_data("/var/tmp/empty_attached", cms_data);
182
183 CFReleaseSafe(cms_data);
184 CFReleaseSafe(cert);
185 CFReleaseNull(identity);
186 CFRelease(attached_signed_data);
187 CFRelease(detached_signed_data);
188 CFRelease(attached_no_data_signed_data);
189 CFRelease(detached_data);
190 CFRelease(no_data);
191 CFRelease(policy);
192 }
193
194 int si_64_ossl_cms(int argc, char *const *argv)
195 {
196 plan_tests(10);
197
198
199 tests();
200
201 return 0;
202 }