--- /dev/null
+/* cgVerifyThr.cpp - simple version CertGroupVerify test */
+
+#include "testParams.h"
+#include <Security/cssm.h>
+#include <utilLib/common.h>
+#include <utilLib/cspwrap.h>
+#include <clAppUtils/clutils.h>
+#include <clAppUtils/tpUtils.h>
+#include <clAppUtils/timeStr.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <Security/oidsalg.h>
+
+/* for memory leak debug only, with only one thread running */
+#define DO_PAUSE 0
+
+/*** start of code directly copied from ../cgVerify/cgVerify.cpp ***/
+#define NUM_CERTS_MIN 4
+#define KEYGEN_ALG_DEF CSSM_ALGID_RSA
+#define SIG_ALG_DEF CSSM_ALGID_SHA1WithRSA
+#define LOOPS_DEF 10
+#define CG_KEY_SIZE_DEFAULT CSP_RSA_KEY_SIZE_DEFAULT
+#define SECONDS_TO_LIVE (60 * 60 * 24) /* certs are valid for this long */
+
+#define CERT_IN_DB 0
+
+/*
+ * How we define the "expected result".
+ */
+typedef enum {
+ ER_InvalidAnchor, // root in certGroup, not found in AnchorCerts
+ ER_RootInCertGroup, // root in certGroup, copy in AnchorCerts
+ ER_AnchorVerify, // end of chain verified by an anchor
+ ER_NoRoot // no root, no anchor verify
+} ExpectResult;
+
+static int testError()
+{
+ char resp;
+
+ printf("Attach via debugger for more info.\n");
+ printf("a to abort, c to continue: ");
+ resp = getchar();
+ return (resp == 'a');
+}
+
+static int doTest(
+ CSSM_TP_HANDLE tpHand,
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_HANDLE dlDb,
+ CSSM_DATA_PTR certs,
+ unsigned numCerts,
+ CSSM_BOOL useDb,
+ ExpectResult expectResult,
+ CSSM_BOOL verbose)
+{
+ unsigned cgEnd; // last cert in certGroupFrag
+ unsigned anchorStart; // first cert in anchorGroup
+ unsigned anchorEnd; // last cert in anchorGroup
+ CSSM_CERTGROUP certGroupFrag; // INPUT to CertGroupVerify
+ CSSM_CERTGROUP anchorCerts; // ditto
+ unsigned die; // random number
+ CSSM_DL_DB_LIST dbList;
+ CSSM_DL_DB_LIST_PTR dbListPtr;
+ CSSM_DL_DB_HANDLE_PTR dlDbPtr;
+ CSSM_RETURN expErr; // expected rtn from GroupVfy()
+ int rtn = 0;
+ const char *expResStr;
+ uint32 expEvidenceSize; // expected evidenceSize
+ unsigned evidenceSize; // actual evidence size
+ CSSM_TP_VERIFY_CONTEXT_RESULT vfyResult;
+ CSSM_CERTGROUP_PTR outGrp = NULL;
+ CSSM_RETURN crtn;
+
+ memset(&vfyResult, 0, sizeof(CSSM_TP_VERIFY_CONTEXT_RESULT));
+
+ if(useDb) {
+ dlDbPtr = &dlDb;
+ dbList.NumHandles = 1;
+ dbList.DLDBHandle = &dlDb;
+ dbListPtr = &dbList;
+ }
+ else {
+ /* not yet */
+ dlDbPtr = NULL;
+ dbListPtr = NULL;
+ }
+
+ /* the four test cases */
+ switch(expectResult) {
+ case ER_InvalidAnchor:
+ /* root in certGroup, not found in AnchorCerts */
+ cgEnd = numCerts - 1; // certGroupFrag is the whole pile
+ anchorStart = 0; // anchors = all except root
+ anchorEnd = numCerts - 2;
+ expErr = CSSMERR_TP_INVALID_ANCHOR_CERT;
+ expEvidenceSize = numCerts;
+ expResStr = "InvalidAnchor (root in certGroup but not in anchors)";
+ break;
+
+ case ER_RootInCertGroup:
+ /* root in certGroup, copy in AnchorCerts */
+ cgEnd = numCerts - 1; // certGroupFrag = the whole pile
+ anchorStart = 0; // anchors = the whole pile
+ anchorEnd = numCerts - 1;
+ expErr = CSSM_OK;
+ expEvidenceSize = numCerts;
+ expResStr = "Good (root in certGroup AND in anchors)";
+ break;
+
+ case ER_AnchorVerify:
+ /* non-root end of chain verified by an anchor */
+ /* break chain at random place other than start and end-2 */
+ die = genRand(1, numCerts-3);
+ cgEnd = die; // certGroupFrag up to break point
+ anchorStart = 0; // anchors = all
+ anchorEnd = numCerts - 1;
+ expErr = CSSM_OK;
+ /* size = # certs in certGroupFrag, plus one anchor */
+ expEvidenceSize = die + 2;
+ expResStr = "Good (root ONLY in anchors)";
+ break;
+
+ case ER_NoRoot:
+ /* no root, no anchor verify */
+ /* break chain at random place other than start and end-1 */
+ die = genRand(1, numCerts-2);
+ cgEnd = die; // certGroupFrag up to break point
+ /* and skip one cert */
+ anchorStart = die + 2; // anchors = n+1...numCerts-2
+ // may be empty if n == numCerts-2
+ anchorEnd = numCerts - 1;
+ expErr = CSSMERR_TP_NOT_TRUSTED;
+ expEvidenceSize = die + 1;
+ expResStr = "Not Trusted (no root, no anchor verify)";
+ break;
+ }
+
+ if(verbose) {
+ printf(" ...expectResult = %s\n", expResStr);
+ }
+
+ /* cook up two cert groups */
+ if(verbose) {
+ printf(" ...building certGroupFrag from certs[0..%d]\n",
+ cgEnd);
+ }
+ if(tpMakeRandCertGroup(clHand,
+ dbListPtr,
+ certs, // certGroupFrag always starts at 0
+ cgEnd+1, // # of certs
+ &certGroupFrag,
+ CSSM_TRUE, // firstCertIsSubject
+ verbose,
+ CSSM_FALSE, // allInDbs
+ CSSM_FALSE)) { // skipFirstDb
+ printf("\nError in tpMakeRandCertGroup\n");
+ return 1;
+ }
+
+ if(anchorStart > anchorEnd) {
+ /* legal for ER_NoRoot */
+ if((expectResult != ER_NoRoot) || (anchorStart != numCerts)) {
+ printf("Try again, pal.\n");
+ exit(1);
+ }
+ }
+ if(verbose) {
+ printf(" ...building anchorCerts from certs[%d..%d]\n",
+ anchorStart, anchorEnd);
+ }
+ if(anchorEnd > (numCerts - 1)) {
+ printf("anchorEnd overflow\n");
+ exit(1);
+ }
+ /* anchors do not go in DB */
+ if(tpMakeRandCertGroup(clHand,
+ NULL,
+ certs + anchorStart,
+ anchorEnd - anchorStart + 1, // # of certs
+ &anchorCerts,
+ CSSM_FALSE, // firstCertIsSubject
+ verbose,
+ CSSM_FALSE, // allInDbs
+ CSSM_FALSE)) { // skipFirstDb
+ printf("\nError in tpMakeRandCertGroup\n");
+ return 1;
+ }
+
+ crtn = tpCertGroupVerify(
+ tpHand,
+ clHand,
+ cspHand,
+ dbListPtr,
+ &CSSMOID_APPLE_X509_BASIC, // Policy
+ NULL, // fieldOpts
+ NULL, // actionData
+ NULL, // policyOpts
+ &certGroupFrag,
+ anchorCerts.GroupList.CertList, // passed as CSSM_DATA_PTR, not CERTGROUP....
+ anchorCerts.NumCerts,
+ CSSM_TP_STOP_ON_POLICY,
+ NULL, // cssmTimeStr
+ &vfyResult);
+
+ /* first verify format of result */
+ if( (vfyResult.NumberOfEvidences != 3) ||
+ (vfyResult.Evidence == NULL) ||
+ (vfyResult.Evidence[0].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_HEADER) ||
+ (vfyResult.Evidence[1].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_CERTGROUP) ||
+ (vfyResult.Evidence[2].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) ||
+ (vfyResult.Evidence[0].Evidence == NULL) ||
+ (vfyResult.Evidence[1].Evidence == NULL) ||
+ (vfyResult.Evidence[2].Evidence == NULL)) {
+ printf("***Malformed VerifyContextResult\n");
+ return 1;
+ }
+ if((vfyResult.Evidence != NULL) && (vfyResult.Evidence[1].Evidence != NULL)) {
+ outGrp = (CSSM_CERTGROUP_PTR)vfyResult.Evidence[1].Evidence;
+ evidenceSize = outGrp->NumCerts;
+ }
+ else {
+ /* in case no evidence returned */
+ evidenceSize = 0;
+ }
+
+ /* %%% since non-root anchors are permitted as of <rdar://5685316>,
+ * the test assumptions have become invalid: these tests generate
+ * an anchors list which always includes the full chain, so by
+ * definition, the evidence chain will never be longer than 2,
+ * since the leaf's issuer is always an anchor.
+ * %%% need to revisit and rewrite these tests. -kcm
+ */
+ if ((evidenceSize > 1) && (evidenceSize < expEvidenceSize) &&
+ (crtn == CSSM_OK || crtn == CSSMERR_TP_CERTIFICATE_CANT_OPERATE)) {
+ /* ignore, for now */
+ expErr = crtn;
+ expEvidenceSize = evidenceSize;
+ }
+
+ if((crtn != expErr) ||
+ (evidenceSize != expEvidenceSize)) {
+ printf("\n***cgVerify: Error on tpCertGroupVerify expectResult %s\n",
+ expResStr);
+ printf(" err %s expErr %s\n",
+ cssmErrToStr(crtn), cssmErrToStr(expErr));
+ printf(" evidenceSize %d expEvidenceSize %u\n",
+ evidenceSize, (unsigned)expEvidenceSize);
+ printf(" numCerts %d cgEnd %d anchorStart %d anchorEnd %d\n",
+ numCerts, cgEnd, anchorStart, anchorEnd);
+ rtn = testError();
+ }
+ else {
+ rtn = 0;
+ }
+
+ /* free resources */
+ tpFreeCertGroup(&certGroupFrag,
+ CSSM_FALSE, // caller malloc'd the actual certs
+ CSSM_FALSE); // struct is on stack
+ tpFreeCertGroup(&anchorCerts,
+ CSSM_FALSE, // caller malloc'd the actual certs
+ CSSM_FALSE); // struct is on stack
+ freeVfyResult(&vfyResult);
+ if(useDb) {
+ clDeleteAllCerts(dlDb);
+ }
+ return rtn;
+}
+
+/*** end of code directly copied from ../cgVerify/cgVerify.cpp ***/
+
+/*
+ * For debug only - ensure that the given array of public keys are all unique
+ * Only saw this when using FEE RNG (i.e., no SecurityServer running).
+ */
+int comparePubKeys(
+ unsigned numKeys,
+ const CSSM_KEY *pubKeys)
+{
+ unsigned i,j;
+
+ for(i=0; i<numKeys-1; i++) {
+ for(j=i+1; j<numKeys; j++) {
+ if(appCompareCssmData(&pubKeys[i].KeyData, &pubKeys[j].KeyData)) {
+ printf("***HEY! DUPLICATE PUBLIC KEYS in cgVerify!\n");
+ return testError();
+ }
+ }
+ }
+ return 0;
+}
+
+
+/*
+ * key pairs - created in cgConstructInit, stored in testParams->perThread
+ */
+typedef struct {
+ CSSM_KEY_PTR pubKeys;
+ CSSM_KEY_PTR privKeys;
+ unsigned numKeys;
+ char *notBeforeStr; // to use thread-safe tpGenCerts()
+ char *notAfterStr; // to use thread-safe tpGenCerts()
+} TT_KeyPairs;
+
+
+int cgVerifyInit(TestParams *testParams)
+{
+ unsigned numKeys = NUM_CERTS_MIN + testParams->threadNum;
+ TT_KeyPairs *keyPairs;
+
+ if(testParams->verbose) {
+ printf("cgVerify thread %d: generating keys...\n",
+ testParams->threadNum);
+ }
+ keyPairs = (TT_KeyPairs *)CSSM_MALLOC(sizeof(TT_KeyPairs));
+ keyPairs->numKeys = numKeys;
+ keyPairs->pubKeys = (CSSM_KEY_PTR)CSSM_CALLOC(numKeys, sizeof(CSSM_KEY));
+ keyPairs->privKeys = (CSSM_KEY_PTR)CSSM_CALLOC(numKeys, sizeof(CSSM_KEY));
+ CSSM_DL_DB_HANDLE dlDbHand = {0, 0};
+ if(tpGenKeys(testParams->cspHand,
+ dlDbHand,
+ numKeys,
+ KEYGEN_ALG_DEF,
+ CG_KEY_SIZE_DEFAULT,
+ "cgVerify", // keyLabelBase
+ keyPairs->pubKeys,
+ keyPairs->privKeys)) {
+ goto abort;
+ }
+ if(comparePubKeys(numKeys, keyPairs->pubKeys)) {
+ return 1;
+ }
+ keyPairs->notBeforeStr = genTimeAtNowPlus(0);
+ keyPairs->notAfterStr = genTimeAtNowPlus(SECONDS_TO_LIVE);
+
+ testParams->perThread = keyPairs;
+ return 0;
+
+abort:
+ printf("Error generating keys; aborting\n");
+ CSSM_FREE(keyPairs->pubKeys);
+ CSSM_FREE(keyPairs->privKeys);
+ CSSM_FREE(keyPairs);
+ return 1;
+}
+
+int cgVerify(TestParams *testParams)
+{
+ unsigned loopNum;
+ int status = -1; // exit status
+ unsigned dex;
+
+ TT_KeyPairs *keyPairs = (TT_KeyPairs *)testParams->perThread;
+
+ /* all three of these are arrays with numCert elements */
+ CSSM_KEY_PTR pubKeys = keyPairs->pubKeys;
+ CSSM_KEY_PTR privKeys = keyPairs->privKeys;
+ CSSM_DATA_PTR certs = NULL;
+
+ unsigned numCerts = keyPairs->numKeys;
+ uint32 sigAlg = SIG_ALG_DEF;
+ ExpectResult expectResult;
+ #if CERT_IN_DB
+ CSSM_BOOL useDb = CSSM_TRUE;
+ #else
+ CSSM_BOOL useDb = CSSM_FALSE;
+ #endif
+ CSSM_DL_DB_HANDLE dlDbHand = {0, 0};
+
+ /* malloc empty certs */
+ certs = (CSSM_DATA_PTR)CSSM_CALLOC(numCerts, sizeof(CSSM_DATA));
+ if(certs == NULL) {
+ printf("not enough memory for %u certs.\n", numCerts);
+ goto abort;
+ }
+ memset(certs, 0, numCerts * sizeof(CSSM_DATA));
+
+ for(loopNum=0; loopNum<testParams->numLoops; loopNum++) {
+ /* generate certs */
+ if(testParams->verbose) {
+ printf("generating certs...\n");
+ }
+ else if(!testParams->quiet) {
+ printChar(testParams->progressChar);
+ }
+ if(tpGenCerts(testParams->cspHand,
+ testParams->clHand,
+ numCerts,
+ sigAlg,
+ "cgConstruct", // nameBase
+ pubKeys,
+ privKeys,
+ certs,
+ keyPairs->notBeforeStr,
+ keyPairs->notAfterStr)) {
+ goto abort;
+ }
+
+ /* cycle thru test scenarios */
+ switch(loopNum % 4) {
+ case 0:
+ expectResult = ER_InvalidAnchor;
+ break;
+ case 1:
+ expectResult = ER_RootInCertGroup;
+ break;
+ case 2:
+ expectResult = ER_AnchorVerify;
+ break;
+ case 3:
+ expectResult = ER_NoRoot;
+ break;
+ }
+ status = doTest(testParams->tpHand,
+ testParams->clHand,
+ testParams->cspHand,
+ dlDbHand,
+ certs,
+ numCerts,
+ useDb,
+ expectResult,
+ testParams->verbose);
+ if(status) {
+ break;
+ }
+ /* free certs */
+ for(dex=0; dex<numCerts; dex++) {
+ CSSM_FREE(certs[dex].Data);
+ }
+ memset(certs, 0, numCerts * sizeof(CSSM_DATA));
+ #if DO_PAUSE
+ fpurge(stdin);
+ printf("Hit CR to proceed: ");
+ getchar();
+ #endif
+ }
+abort:
+ /* free resources */
+ for(dex=0; dex<numCerts; dex++) {
+ if(certs[dex].Data) {
+ CSSM_FREE(certs[dex].Data);
+ }
+ }
+ CSSM_FREE(keyPairs->pubKeys);
+ CSSM_FREE(keyPairs->privKeys);
+ CSSM_FREE(keyPairs);
+ return status;
+}
+
projects / apple / security.git / blobdiff