cms-hashagility-test.c [plain text]
#include "cms-hashagility-test.h"
#include <test/testmore.h>
#include <Security/SecBase.h>
#include <utilities/SecCFRelease.h>
#include <Security/CMSEncoder.h>
#include <Security/SecImportExport.h>
#include <Security/CMSPrivate.h>
#include <Security/SecCertificatePriv.h>
#include <Security/SecTrust.h>
#include <Security/SecPolicy.h>
#include <Security/SecKeychain.h>
#include <Security/SecIdentity.h>
#define TMP_KEYCHAIN_PATH "/tmp/cms_signer.keychain"
static void encode_test(void)
{
CMSEncoderRef encoder = NULL;
CFDataRef attributeData = NULL, message = NULL, p12Data = NULL;
CFArrayRef imported_items = NULL;
SecIdentityRef identity = NULL;
SecKeychainRef keychain = NULL;
SecExternalFormat sef = kSecFormatPKCS12;
SecItemImportExportKeyParameters keyParams = {
.passphrase = CFSTR("password")
};
ok_status(CMSEncoderCreate(&encoder), "Create CMS encoder");
ok_status(CMSEncoderSetSignerAlgorithm(encoder, kCMSEncoderDigestAlgorithmSHA256),
"Set digest algorithm to SHA256");
unlink(TMP_KEYCHAIN_PATH);
ok_status(SecKeychainCreate(TMP_KEYCHAIN_PATH, 8, "password", false, NULL, &keychain),
"Create keychain for identity");
ok(p12Data = CFDataCreate(NULL, signing_identity_p12, sizeof(signing_identity_p12)),
"Create p12 data");
ok_status(SecItemImport(p12Data, NULL, &sef, NULL, 0, &keyParams, keychain, &imported_items),
"Import identity");
is(CFArrayGetCount(imported_items),1,"Imported 1 items");
is(CFGetTypeID(CFArrayGetValueAtIndex(imported_items, 0)), SecIdentityGetTypeID(),
"Got back an identity");
ok(identity = (SecIdentityRef) CFRetainSafe(CFArrayGetValueAtIndex(imported_items, 0)),
"Retrieve identity");
ok_status(CMSEncoderAddSigners(encoder, identity), "Set Signer identity");
ok_status(CMSEncoderAddSignedAttributes(encoder, kCMSAttrSigningTime),
"Set signing time flag");
ok_status(CMSEncoderSetSigningTime(encoder, 468295000.0), "Set Signing time");
ok_status(CMSEncoderAddSignedAttributes(encoder, kCMSAttrAppleCodesigningHashAgility),
"Set hash agility flag");
ok(attributeData = CFDataCreate(NULL, attribute, sizeof(attribute)),
"Create atttribute object");
ok_status(CMSEncoderSetAppleCodesigningHashAgility(encoder, attributeData),
"Set hash agility data");
ok_status(CMSEncoderSetHasDetachedContent(encoder, true), "Set detached content");
ok_status(CMSEncoderUpdateContent(encoder, content, sizeof(content)), "Set content");
ok_status(CMSEncoderCopyEncodedContent(encoder, &message), "Finish encoding and output message");
CMSDecoderRef decoder = NULL;
CFDataRef contentData = NULL;
isnt(message, NULL, "Encoded message exists");
ok_status(CMSDecoderCreate(&decoder), "Create CMS decoder");
ok_status(CMSDecoderUpdateMessage(decoder, CFDataGetBytePtr(message), CFDataGetLength(message)),
"Update decoder with CMS message");
ok(contentData = CFDataCreate(NULL, content, sizeof(content)), "Create detached content");
ok_status(CMSDecoderSetDetachedContent(decoder, contentData), "Set detached content");
ok_status(CMSDecoderFinalizeMessage(decoder), "Finalize decoder");
ok_status(SecKeychainDelete(keychain), "Delete temporary keychain");
CFReleaseNull(encoder);
CFReleaseNull(keychain);
CFReleaseNull(p12Data);
CFReleaseNull(imported_items);
CFReleaseNull(identity);
CFReleaseNull(attributeData);
CFReleaseNull(message);
CFReleaseNull(decoder);
CFReleaseNull(contentData);
}
static void decode_positive_test(void)
{
CMSDecoderRef decoder = NULL;
CFDataRef contentData = NULL, attrValue = NULL;
SecPolicyRef policy = NULL;
SecTrustRef trust = NULL;
CMSSignerStatus signerStatus;
CFAbsoluteTime signingTime = 0.0;
ok_status(CMSDecoderCreate(&decoder), "Create CMS decoder");
ok_status(CMSDecoderUpdateMessage(decoder, valid_message, sizeof(valid_message)),
"Update decoder with CMS message");
ok(contentData = CFDataCreate(NULL, content, sizeof(content)), "Create detached content");
ok_status(CMSDecoderSetDetachedContent(decoder, contentData), "Set detached content");
ok_status(CMSDecoderFinalizeMessage(decoder), "Finalize decoder");
ok(policy = SecPolicyCreateBasicX509(), "Create policy");
ok_status(CMSDecoderCopySignerStatus(decoder, 0, policy, false, &signerStatus, &trust, NULL),
"Copy Signer status");
is(signerStatus, kCMSSignerValid, "Valid signature");
ok_status(CMSDecoderCopySignerAppleCodesigningHashAgility(decoder, 0, &attrValue),
"Copy hash agility attribute value");
is(CFDataGetLength(attrValue), sizeof(attribute), "Decoded attribute size");
is(memcmp(attribute, CFDataGetBytePtr(attrValue), sizeof(attribute)), 0,
"Decoded value same as input value");
ok_status(CMSDecoderCopySignerSigningTime(decoder, 0, &signingTime),
"Copy signing time attribute value");
is(signingTime, 468295000.0, "Decoded date same as input date");
CFReleaseNull(decoder);
CFReleaseNull(contentData);
CFReleaseNull(policy);
CFReleaseNull(trust);
CFReleaseNull(attrValue);
}
static void decode_negative_test(void)
{
CMSDecoderRef decoder = NULL;
CFDataRef contentData = NULL;
SecPolicyRef policy = NULL;
SecTrustRef trust = NULL;
CMSSignerStatus signerStatus;
ok_status(CMSDecoderCreate(&decoder), "Create CMS decoder");
ok_status(CMSDecoderUpdateMessage(decoder, invalid_message, sizeof(invalid_message)),
"Update decoder with CMS message");
ok(contentData = CFDataCreate(NULL, content, sizeof(content)), "Create detached content");
ok_status(CMSDecoderSetDetachedContent(decoder, contentData), "Set detached content");
ok_status(CMSDecoderFinalizeMessage(decoder), "Finalize decoder");
ok(policy = SecPolicyCreateBasicX509(), "Create policy");
ok_status(CMSDecoderCopySignerStatus(decoder, 0, policy, false, &signerStatus, &trust, NULL),
"Copy Signer status");
is(signerStatus, kCMSSignerInvalidSignature, "Invalid signature");
CFReleaseNull(decoder);
CFReleaseNull(contentData);
CFReleaseNull(policy);
CFReleaseNull(trust);
}
static void decode_no_attr_test(void)
{
CMSDecoderRef decoder = NULL;
CFDataRef contentData = NULL, attrValue = NULL;
SecPolicyRef policy = NULL;
SecTrustRef trust = NULL;
CMSSignerStatus signerStatus;
ok_status(CMSDecoderCreate(&decoder), "Create CMS decoder");
ok_status(CMSDecoderUpdateMessage(decoder, valid_no_attr, sizeof(valid_no_attr)),
"Update decoder with CMS message");
ok(contentData = CFDataCreate(NULL, content, sizeof(content)), "Create detached content");
ok_status(CMSDecoderSetDetachedContent(decoder, contentData), "Set detached content");
ok_status(CMSDecoderFinalizeMessage(decoder), "Finalize decoder");
ok(policy = SecPolicyCreateBasicX509(), "Create policy");
ok_status(CMSDecoderCopySignerStatus(decoder, 0, policy, false, &signerStatus, &trust, NULL),
"Copy Signer status");
is(signerStatus, kCMSSignerValid, "Valid signature");
ok_status(CMSDecoderCopySignerAppleCodesigningHashAgility(decoder, 0, &attrValue),
"Copy empty hash agility attribute value");
is(attrValue, NULL, "NULL attribute value");
CFReleaseNull(decoder);
CFReleaseNull(contentData);
CFReleaseNull(policy);
CFReleaseNull(trust);
CFReleaseNull(attrValue);
}
int cms_hash_agility_test(int argc, char *const *argv)
{
plan_tests(24+13+8+10);
encode_test();
decode_positive_test();
decode_negative_test();
decode_no_attr_test();
return 0;
}