1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 /* BEGIN_HEADER */
17
18 #include "bsl_sal.h"
19 #include "securec.h"
20 #include "hitls_pki_pkcs12.h"
21 #include "hitls_pki_errno.h"
22 #include "bsl_types.h"
23 #include "bsl_log.h"
24 #include "sal_file.h"
25 #include "bsl_init.h"
26 #include "hitls_pkcs12_local.h"
27 #include "hitls_crl_local.h"
28 #include "hitls_cert_type.h"
29 #include "hitls_cert_local.h"
30 #include "bsl_types.h"
31 #include "crypt_errno.h"
32
33 /* END_HEADER */
34
35 #if defined(HITLS_PKI_PKCS12_PARSE) && defined(HITLS_PKI_PKCS12_GEN)
BagFree(void * value)36 static void BagFree(void *value)
37 {
38 HITLS_PKCS12_Bag *bag = (HITLS_PKCS12_Bag *)value;
39 HITLS_X509_CertFree(bag->value.cert);
40 HITLS_X509_AttrsFree(bag->attributes, HITLS_PKCS12_AttributesFree);
41 bag->attributes = NULL;
42 BSL_SAL_FREE(bag);
43 }
44 #endif
45 /**
46 * For test parse safeBag-p8shroudkeyBag of correct data.
47 */
48 /* BEGIN_CASE */
SDV_PKCS12_PARSE_SAFEBAGS_OF_PKCS8SHROUDEDKEYBAG_TC001(int algId,Hex * buff,int keyBits)49 void SDV_PKCS12_PARSE_SAFEBAGS_OF_PKCS8SHROUDEDKEYBAG_TC001(int algId, Hex *buff, int keyBits)
50 {
51 #ifndef HITLS_PKI_PKCS12_PARSE
52 (void)algId;
53 (void)buff;
54 (void)keyBits;
55 SKIP_TEST();
56 #else
57 BSL_Buffer safeContent = {0};
58 char *pwd = "123456";
59 uint32_t len = strlen(pwd);
60 int32_t bits = 0;
61
62 TestMemInit();
63 BSL_ASN1_List *bagLists = BSL_LIST_New(sizeof(HITLS_PKCS12_SafeBag));
64 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
65 ASSERT_NE(bagLists, NULL);
66 ASSERT_NE(p12, NULL);
67
68 // parse contentInfo
69 int32_t ret = HITLS_PKCS12_ParseContentInfo(NULL, NULL, (BSL_Buffer *)buff, NULL, 0, &safeContent);
70 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
71
72 // get the safeBag of safeContents, and put in list.
73 ret = HITLS_PKCS12_ParseAsn1AddList(&safeContent, bagLists, BSL_CID_SAFECONTENTSBAG);
74 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
75
76 // get key of the bagList.
77 ret = HITLS_PKCS12_ParseSafeBagList(bagLists, (const uint8_t *)pwd, len, p12);
78 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
79 ASSERT_NE(p12->key->value.key, NULL);
80 bits = CRYPT_EAL_PkeyGetKeyBits(p12->key->value.key);
81 if (algId == CRYPT_PKEY_ECDSA) {
82 ASSERT_EQ(((((keyBits - 1) / 8) + 1) * 2 + 1) * 8, bits); // cal len of pub
83 } else if (algId == CRYPT_PKEY_RSA) {
84 ASSERT_EQ(bits, keyBits);
85 }
86 EXIT:
87 BSL_SAL_Free(safeContent.data);
88 BSL_LIST_DeleteAll(bagLists, (BSL_LIST_PFUNC_FREE)HITLS_PKCS12_SafeBagFree);
89 BSL_SAL_Free(bagLists);
90 HITLS_PKCS12_Free(p12);
91 #endif
92 }
93 /* END_CASE */
94
95 /**
96 * For test parse safeBag-cert of correct data.
97 */
98 /* BEGIN_CASE */
SDV_PKCS12_PARSE_SAFEBAGS_OF_CERTBAGS_TC001(Hex * buff)99 void SDV_PKCS12_PARSE_SAFEBAGS_OF_CERTBAGS_TC001(Hex *buff)
100 {
101 #ifndef HITLS_PKI_PKCS12_PARSE
102 (void)buff;
103 SKIP_TEST();
104 #else
105 BSL_Buffer safeContent = {0};
106 HITLS_PKCS12 *p12 = NULL;
107 BSL_ASN1_List *bagLists = BSL_LIST_New(sizeof(HITLS_PKCS12_SafeBag));
108 ASSERT_NE(bagLists, NULL);
109
110 p12 = HITLS_PKCS12_New();
111 ASSERT_NE(p12, NULL);
112
113 char *pwd = "123456";
114 uint32_t pwdlen = strlen(pwd);
115
116 // parse contentInfo
117 int32_t ret = HITLS_PKCS12_ParseContentInfo(NULL, NULL, (BSL_Buffer *)buff, (const uint8_t *)pwd, pwdlen,
118 &safeContent);
119 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
120
121 // get the safeBag of safeContents, and put int list.
122 ret = HITLS_PKCS12_ParseAsn1AddList(&safeContent, bagLists, BSL_CID_SAFECONTENTSBAG);
123 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
124
125 // get cert of the bagList.
126 ret = HITLS_PKCS12_ParseSafeBagList(bagLists, NULL, 0, p12);
127 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
128
129 EXIT:
130 BSL_SAL_Free(safeContent.data);
131 BSL_LIST_DeleteAll(bagLists, (BSL_LIST_PFUNC_FREE)HITLS_PKCS12_SafeBagFree);
132 HITLS_PKCS12_Free(p12);
133 BSL_SAL_Free(bagLists);
134 #endif
135 }
136 /* END_CASE */
137
138 /**
139 * For test parse attributes of correct data.
140 */
141 /* BEGIN_CASE */
SDV_PKCS12_PARSE_SAFEBAGS_OF_ATTRIBUTE_TC001(Hex * buff,Hex * friendlyName,Hex * localKeyId)142 void SDV_PKCS12_PARSE_SAFEBAGS_OF_ATTRIBUTE_TC001(Hex *buff, Hex *friendlyName, Hex *localKeyId)
143 {
144 #ifndef HITLS_PKI_PKCS12_PARSE
145 (void)buff;
146 (void)friendlyName;
147 (void)localKeyId;
148 SKIP_TEST();
149 #else
150 HITLS_X509_Attrs *attrbutes = HITLS_X509_AttrsNew();
151 ASSERT_NE(attrbutes, NULL);
152
153 BSL_ASN1_Buffer asn = {
154 BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SET,
155 buff->len,
156 buff->x,
157 };
158 int32_t ret = HITLS_PKCS12_ParseSafeBagAttr(&asn, attrbutes);
159 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
160 HITLS_PKCS12_SafeBagAttr *firstAttr = BSL_LIST_GET_FIRST(attrbutes->list);
161 HITLS_PKCS12_SafeBagAttr *second = BSL_LIST_GET_NEXT(attrbutes->list);
162 if (firstAttr->attrId == BSL_CID_FRIENDLYNAME) {
163 BSL_ASN1_Buffer asn = {BSL_ASN1_TAG_BMPSTRING, (uint32_t)friendlyName->len, friendlyName->x};
164 BSL_ASN1_Buffer encode = {0};
165 ret = BSL_ASN1_DecodePrimitiveItem(&asn, &encode);
166 ASSERT_EQ(ret, BSL_SUCCESS);
167 ASSERT_COMPARE("friendly name", firstAttr->attrValue.data, firstAttr->attrValue.dataLen,
168 encode.buff, encode.len);
169 BSL_SAL_FREE(encode.buff);
170 }
171 if (firstAttr->attrId == BSL_CID_LOCALKEYID) {
172 ASSERT_EQ(memcmp(firstAttr->attrValue.data, localKeyId->x, localKeyId->len), 0);
173 }
174 if (second == NULL) {
175 ASSERT_EQ(friendlyName->len, 0);
176 } else {
177 if (second->attrId == BSL_CID_FRIENDLYNAME) {
178 BSL_ASN1_Buffer asn = {BSL_ASN1_TAG_BMPSTRING, (uint32_t)friendlyName->len, friendlyName->x};
179 BSL_ASN1_Buffer encode = {0};
180 ret = BSL_ASN1_DecodePrimitiveItem(&asn, &encode);
181 ASSERT_EQ(ret, BSL_SUCCESS);
182 ASSERT_COMPARE("friendly name", firstAttr->attrValue.data, firstAttr->attrValue.dataLen,
183 encode.buff, encode.len);
184 BSL_SAL_FREE(encode.buff);
185 }
186 if (second->attrId == BSL_CID_LOCALKEYID) {
187 ASSERT_EQ(memcmp(second->attrValue.data, localKeyId->x, localKeyId->len), 0);
188 }
189 }
190 EXIT:
191 HITLS_X509_AttrsFree(attrbutes, HITLS_PKCS12_AttributesFree);
192 #endif
193 }
194 /* END_CASE */
195
196 /**
197 * For test parse attributes in the incorrect condition.
198 */
199 /* BEGIN_CASE */
SDV_PKCS12_PARSE_SAFEBAGS_OF_ATTRIBUTE_TC002(Hex * buff)200 void SDV_PKCS12_PARSE_SAFEBAGS_OF_ATTRIBUTE_TC002(Hex *buff)
201 {
202 #ifndef HITLS_PKI_PKCS12_PARSE
203 (void)buff;
204 SKIP_TEST();
205 #else
206 HITLS_X509_Attrs *attrbutes = HITLS_X509_AttrsNew();
207 ASSERT_NE(attrbutes, NULL);
208
209 BSL_ASN1_Buffer asn = {
210 BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SET,
211 0,
212 buff->x,
213 };
214 int32_t ret = HITLS_PKCS12_ParseSafeBagAttr(&asn, attrbutes);
215 ASSERT_EQ(ret, HITLS_PKI_SUCCESS); // bagAttributes are OPTIONAL
216 asn.len = buff->len;
217 ret = HITLS_PKCS12_ParseSafeBagAttr(&asn, attrbutes);
218 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
219
220 buff->x[4] = 0x00; // 4 is a random number.
221 ret = HITLS_PKCS12_ParseSafeBagAttr(&asn, attrbutes);
222 ASSERT_NE(ret, HITLS_PKI_SUCCESS);
223 EXIT:
224 HITLS_X509_AttrsFree(attrbutes, HITLS_PKCS12_AttributesFree);
225 #endif
226 }
227 /* END_CASE */
228
229 /**
230 * For test parse authSafedata of tampering Cert-info with encrypted data.
231 */
232 /* BEGIN_CASE */
SDV_PKCS12_PARSE_AUTHSAFE_TC001(Hex * wrongCert)233 void SDV_PKCS12_PARSE_AUTHSAFE_TC001(Hex *wrongCert)
234 {
235 #ifndef HITLS_PKI_PKCS12_PARSE
236 (void)wrongCert;
237 SKIP_TEST();
238 #else
239 char *pwd = "123456";
240 uint32_t pwdlen = strlen(pwd);
241 // parse authSafe
242 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
243 int32_t ret = HITLS_PKCS12_ParseAuthSafeData((BSL_Buffer *)wrongCert, (const uint8_t *)pwd, pwdlen, p12);
244 ASSERT_NE(ret, HITLS_PKI_SUCCESS);
245
246 char *pwd1 = "123456-789";
247 uint32_t pwdlen1 = strlen(pwd1);
248 ret = HITLS_PKCS12_ParseAuthSafeData((BSL_Buffer *)wrongCert, (const uint8_t *)pwd1, pwdlen1, p12);
249 ASSERT_EQ(ret, CRYPT_EAL_CIPHER_DATA_ERROR);
250
251 char *pwd2 = "";
252 uint32_t pwdlen2 = strlen(pwd2);
253 ret = HITLS_PKCS12_ParseAuthSafeData((BSL_Buffer *)wrongCert, (const uint8_t *)pwd2, pwdlen2, p12);
254 ASSERT_EQ(ret, CRYPT_EAL_CIPHER_DATA_ERROR);
255
256 EXIT:
257 HITLS_PKCS12_Free(p12);
258 #endif
259 }
260 /* END_CASE */
261
262 /**
263 * For test parse authSafedata of correct data.
264 */
265 /* BEGIN_CASE */
SDV_PKCS12_PARSE_AUTHSAFE_TC002(Hex * buff)266 void SDV_PKCS12_PARSE_AUTHSAFE_TC002(Hex *buff)
267 {
268 #ifndef HITLS_PKI_PKCS12_PARSE
269 (void)buff;
270 SKIP_TEST();
271 #else
272 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
273
274 char *pwd = "123456";
275 uint32_t pwdlen = strlen(pwd);
276 // parse authSafe
277 int32_t ret = HITLS_PKCS12_ParseAuthSafeData((BSL_Buffer *)buff, (const uint8_t *)pwd, pwdlen, p12);
278 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
279 ASSERT_NE(p12->key->value.key, NULL);
280 ASSERT_NE(p12->entityCert->value.cert, NULL);
281 EXIT:
282 HITLS_PKCS12_Free(p12);
283 #endif
284 }
285 /* END_CASE */
286
287 /**
288 * For test parse 12 of macData parse.
289 */
290 /* BEGIN_CASE */
SDV_PKCS12_PARSE_MACDATA_TC001(Hex * buff,int alg,Hex * digest,Hex * salt,int iterations)291 void SDV_PKCS12_PARSE_MACDATA_TC001(Hex *buff, int alg, Hex *digest, Hex *salt, int iterations)
292 {
293 #ifndef HITLS_PKI_PKCS12_PARSE
294 (void)buff;
295 (void)alg;
296 (void)digest;
297 (void)salt;
298 (void)iterations;
299 SKIP_TEST();
300 #else
301 HITLS_PKCS12_MacData *macData = HITLS_PKCS12_MacDataNew();
302 int32_t ret = HITLS_PKCS12_ParseMacData((BSL_Buffer *)buff, macData);
303 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
304 ASSERT_EQ(macData->alg, alg);
305 ASSERT_EQ(macData->iteration, iterations);
306 ASSERT_EQ(memcmp(macData->macSalt->data, salt->x, salt->len), 0);
307 ASSERT_EQ(memcmp(macData->mac->data, digest->x, digest->len), 0);
308 EXIT:
309 HITLS_PKCS12_MacDataFree(macData);
310 #endif
311 }
312 /* END_CASE */
313
314 /**
315 * For test parse 12 of wrong macData parse.
316 */
317 /* BEGIN_CASE */
SDV_PKCS12_PARSE_MACDATA_TC002(Hex * buff)318 void SDV_PKCS12_PARSE_MACDATA_TC002(Hex *buff)
319 {
320 #ifndef HITLS_PKI_PKCS12_PARSE
321 (void)buff;
322 SKIP_TEST();
323 #else
324 HITLS_PKCS12_MacData *macData = HITLS_PKCS12_MacDataNew();
325 int32_t ret = HITLS_PKCS12_ParseMacData(NULL, macData);
326 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
327
328 ret = HITLS_PKCS12_ParseMacData((BSL_Buffer *)buff, macData);
329 ASSERT_EQ(ret, HITLS_CMS_ERR_PARSE_TYPE);
330 EXIT:
331 HITLS_PKCS12_MacDataFree(macData);
332 #endif
333 }
334 /* END_CASE */
335
336 /**
337 * For test parse 12 of macData cal.
338 */
339 /* BEGIN_CASE */
SDV_PKCS12_CAL_MACDATA_TC001(Hex * initData,Hex * salt,int alg,int iter,Hex * mac)340 void SDV_PKCS12_CAL_MACDATA_TC001(Hex *initData, Hex *salt, int alg, int iter, Hex *mac)
341 {
342 BSL_Buffer output = {0};
343 TestMemInit();
344 HITLS_PKCS12_MacData *macData = HITLS_PKCS12_MacDataNew();
345 ASSERT_NE(macData, NULL);
346 macData->alg = alg;
347 macData->macSalt->data = salt->x;
348 macData->macSalt->dataLen = salt->len;
349 macData->iteration = iter;
350 char *pwdData = "123456";
351 uint32_t pwdlen = strlen(pwdData);
352 BSL_Buffer pwd = {(uint8_t *)pwdData, pwdlen};
353 int32_t ret = HITLS_PKCS12_CalMac(&output, &pwd, (BSL_Buffer *)initData, macData);
354 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
355 ASSERT_EQ(memcmp(output.data, mac->x, mac->len), 0);
356 EXIT:
357 BSL_SAL_FREE(macData->mac);
358 BSL_SAL_FREE(macData->macSalt);
359 BSL_SAL_FREE(macData);
360 BSL_SAL_Free(output.data);
361 }
362 /* END_CASE */
363
364 /**
365 * For test cal key according to salt, alg, etc.
366 */
367 /* BEGIN_CASE */
SDV_PKCS12_CAL_KDF_TC001(Hex * pwd,Hex * salt,int alg,int iter,Hex * key)368 void SDV_PKCS12_CAL_KDF_TC001(Hex *pwd, Hex *salt, int alg, int iter, Hex *key)
369 {
370 TestMemInit();
371 HITLS_PKCS12_MacData *macData = HITLS_PKCS12_MacDataNew();
372 ASSERT_NE(macData, NULL);
373 macData->alg = alg;
374 macData->macSalt->data = salt->x;
375 macData->macSalt->dataLen = salt->len;
376 macData->iteration = iter;
377 uint8_t outData[64] = {0};
378 BSL_Buffer output = {outData, 64};
379 int32_t ret = HITLS_PKCS12_KDF(&output, pwd->x, pwd->len, HITLS_PKCS12_KDF_MACKEY_ID, macData);
380 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
381 ASSERT_EQ(memcmp(output.data, key->x, key->len), 0);
382 EXIT:
383 BSL_SAL_FREE(macData->mac);
384 BSL_SAL_FREE(macData->macSalt);
385 BSL_SAL_FREE(macData);
386 return;
387 }
388 /* END_CASE */
389
390 /**
391 * For test parse 12 of right conditions.
392 */
393 /* BEGIN_CASE */
SDV_PKCS12_PARSE_P12_TC001(Hex * encode,Hex * cert)394 void SDV_PKCS12_PARSE_P12_TC001(Hex *encode, Hex *cert)
395 {
396 (void)cert;
397 #ifndef HITLS_PKI_PKCS12_PARSE
398 (void)encode;
399 SKIP_TEST();
400 #else
401 char *pwd = "123456";
402 BSL_Buffer encPwd;
403 encPwd.data = (uint8_t *)pwd;
404 encPwd.dataLen = strlen(pwd);
405
406 BSL_Buffer encodeCert = {0};
407 HITLS_PKCS12 *p12 = NULL;
408 HITLS_PKCS12_PwdParam param = {
409 .encPwd = &encPwd,
410 .macPwd = &encPwd,
411 };
412 TestMemInit();
413 ASSERT_EQ(HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true), HITLS_PKI_SUCCESS);
414 ASSERT_NE(p12->key->value.key, NULL);
415 ASSERT_NE(p12->entityCert->value.cert, NULL);
416 #ifdef HITLS_PKI_PKCS12_GEN
417 ASSERT_EQ(HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, p12->entityCert->value.cert, &encodeCert), HITLS_PKI_SUCCESS);
418 ASSERT_EQ(memcmp(encodeCert.data, cert->x, cert->len), 0);
419 #endif
420 EXIT:
421 BSL_SAL_Free(encodeCert.data);
422 HITLS_PKCS12_Free(p12);
423 #endif
424 }
425 /* END_CASE */
426
427 /**
428 * For test parse 12 of right conditions (no Mac).
429 */
430 /* BEGIN_CASE */
SDV_PKCS12_PARSE_P12_TC002(Hex * encode,Hex * cert)431 void SDV_PKCS12_PARSE_P12_TC002(Hex *encode, Hex *cert)
432 {
433 (void)cert;
434 #ifndef HITLS_PKI_PKCS12_PARSE
435 (void)encode;
436 SKIP_TEST();
437 #else
438 char *pwd = "123456";
439 BSL_Buffer encPwd;
440 encPwd.data = (uint8_t *)pwd;
441 encPwd.dataLen = strlen(pwd);
442
443 BSL_Buffer encodeCert = {0};
444 HITLS_PKCS12 *p12 = NULL;
445 HITLS_PKCS12_PwdParam param = {
446 .encPwd = &encPwd,
447 };
448 TestMemInit();
449 ASSERT_NE(HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true), HITLS_PKI_SUCCESS);
450 ASSERT_EQ(HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, false), HITLS_PKI_SUCCESS);
451 ASSERT_NE(p12->key->value.key, NULL);
452 ASSERT_NE(p12->entityCert->value.cert, NULL);
453 #ifdef HITLS_PKI_PKCS12_GEN
454 ASSERT_EQ(HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, p12->entityCert->value.cert, &encodeCert), HITLS_PKI_SUCCESS);
455 ASSERT_EQ(memcmp(encodeCert.data, cert->x, cert->len), 0);
456 #endif
457 EXIT:
458 BSL_SAL_Free(encodeCert.data);
459 HITLS_PKCS12_Free(p12);
460 #endif
461 }
462 /* END_CASE */
463
464 /**
465 * For test parse 12 of right conditions (different keys).
466 */
467 /* BEGIN_CASE */
SDV_PKCS12_PARSE_P12_TC003(char * path,char * pwd)468 void SDV_PKCS12_PARSE_P12_TC003(char *path, char *pwd)
469 {
470 #if !defined(HITLS_PKI_PKCS12_PARSE) || !defined(HITLS_BSL_SAL_FILE)
471 (void)path;
472 (void)pwd;
473 SKIP_TEST();
474 #else
475 BSL_Buffer encPwd;
476 encPwd.data = (uint8_t *)pwd;
477 encPwd.dataLen = strlen(pwd);
478
479 HITLS_PKCS12 *p12 = NULL;
480 HITLS_PKCS12_PwdParam param = {
481 .encPwd = &encPwd,
482 .macPwd = &encPwd,
483 };
484 TestMemInit();
485 int32_t ret = HITLS_PKCS12_ParseFile(BSL_FORMAT_ASN1, path, ¶m, &p12, true);
486 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
487 ASSERT_NE(p12->key->value.key, NULL);
488 ASSERT_NE(p12->entityCert->value.cert, NULL);
489 EXIT:
490 HITLS_PKCS12_Free(p12);
491 #endif
492 }
493 /* END_CASE */
494
495 /**
496 * For test parse 12 of wrong conditions.
497 */
498 /* BEGIN_CASE */
SDV_PKCS12_PARSE_P12_WRONG_CONDITIONS_TC001(Hex * encode)499 void SDV_PKCS12_PARSE_P12_WRONG_CONDITIONS_TC001(Hex *encode)
500 {
501 #ifndef HITLS_PKI_PKCS12_PARSE
502 (void)encode;
503 SKIP_TEST();
504 #else
505 char *pwd1 = "1234567";
506 char *pwd2 = "1234567";
507 BSL_Buffer encPwd;
508 encPwd.data = (uint8_t *)pwd1;
509 encPwd.dataLen = strlen(pwd1);
510 BSL_Buffer macPwd;
511 macPwd.data = (uint8_t *)pwd2;
512 macPwd.dataLen = strlen(pwd2);
513
514 HITLS_PKCS12 *p12 = NULL;
515 HITLS_PKCS12_PwdParam param = {
516 .encPwd = &encPwd,
517 .macPwd = &macPwd,
518 };
519
520 TestMemInit();
521 int32_t ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, NULL, ¶m, &p12, true);
522 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
523
524 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, NULL, &p12, true);
525 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
526
527 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, NULL, true);
528 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
529
530 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
531 ASSERT_EQ(ret, HITLS_PKCS12_ERR_VERIFY_FAIL);
532
533 char *pwd3 = "";
534 macPwd.data = (uint8_t *)pwd3;
535 macPwd.dataLen = strlen(pwd3);
536 param.macPwd = &macPwd;
537 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
538 ASSERT_EQ(ret, HITLS_PKCS12_ERR_VERIFY_FAIL);
539
540 param.macPwd = NULL;
541 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
542 ASSERT_EQ(ret, HITLS_PKCS12_ERR_VERIFY_FAIL);
543
544 param.encPwd = NULL;
545 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
546 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
547
548 char *pwd4 = "123456";
549 param.encPwd = &encPwd;
550 macPwd.data = (uint8_t *)pwd4;
551 macPwd.dataLen = strlen(pwd4);
552 param.macPwd = &macPwd;
553 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
554 ASSERT_EQ(ret, CRYPT_EAL_CIPHER_DATA_ERROR);
555
556 encPwd.data = (uint8_t *)pwd4;
557 encPwd.dataLen = strlen(pwd4);
558 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
559 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
560
561 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
562 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_PARAM);
563
564 HITLS_PKCS12_Free(p12);
565 p12 = NULL;
566 encode->x[6] = 0x04; // Modify the version = 4.
567 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
568 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_PFX);
569 EXIT:
570 HITLS_PKCS12_Free(p12);
571 #endif
572 }
573 /* END_CASE */
574
575 /**
576 * For test parse 12 of wrong p12-file.
577 */
578 /* BEGIN_CASE */
SDV_PKCS12_PARSE_P12_WRONG_P12FILE_TC001(Hex * encode)579 void SDV_PKCS12_PARSE_P12_WRONG_P12FILE_TC001(Hex *encode)
580 {
581 #ifndef HITLS_PKI_PKCS12_PARSE
582 (void)encode;
583 SKIP_TEST();
584 #else
585 char *pwd1 = "123456";
586 char *pwd2 = "123456";
587 BSL_Buffer encPwd;
588 encPwd.data = (uint8_t *)pwd1;
589 encPwd.dataLen = strlen(pwd1);
590 BSL_Buffer macPwd;
591 macPwd.data = (uint8_t *)pwd2;
592 macPwd.dataLen = strlen(pwd2);
593
594 HITLS_PKCS12_PwdParam param = {
595 .encPwd = &encPwd,
596 .macPwd = &macPwd,
597 };
598
599 HITLS_PKCS12 *p12_1 = NULL;
600 HITLS_PKCS12 *p12_2 = NULL;
601
602 TestMemInit();
603 int32_t ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12_1, true);
604 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
605
606 encode->x[encode->len - 2] = 0x04; // modify the iteration = 1024;
607 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12_2, true);
608 ASSERT_EQ(ret, HITLS_PKCS12_ERR_VERIFY_FAIL);
609
610 encode->x[encode->len - 2] = 0x08; // recover the iteration = 2048;
611 (void)memset_s(encode->x + 96, 16, 0, 16); // modify the contentInfo
612 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12_2, true);
613 ASSERT_EQ(ret, HITLS_PKCS12_ERR_VERIFY_FAIL);
614
615 EXIT:
616 HITLS_PKCS12_Free(p12_1);
617 HITLS_PKCS12_Free(p12_2);
618 #endif
619 }
620 /* END_CASE */
621
622 /**
623 * For test parse 12 of wrong p12-file, which miss a part of data randomly.
624 */
625 /* BEGIN_CASE */
SDV_PKCS12_PARSE_P12_WRONG_P12FILE_TC002(Hex * encode)626 void SDV_PKCS12_PARSE_P12_WRONG_P12FILE_TC002(Hex *encode)
627 {
628 #ifndef HITLS_PKI_PKCS12_PARSE
629 (void)encode;
630 SKIP_TEST();
631 #else
632 char *pwd1 = "123456";
633 char *pwd2 = "123456";
634 BSL_Buffer encPwd;
635 encPwd.data = (uint8_t *)pwd1;
636 encPwd.dataLen = strlen(pwd1);
637 BSL_Buffer macPwd;
638 macPwd.data = (uint8_t *)pwd2;
639 macPwd.dataLen = strlen(pwd2);
640
641 HITLS_PKCS12_PwdParam param = {
642 .encPwd = &encPwd,
643 .macPwd = &macPwd,
644 };
645
646 HITLS_PKCS12 *p12 = NULL;
647 TestMemInit();
648 int32_t ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, true);
649 ASSERT_NE(ret, HITLS_PKI_SUCCESS);
650
651 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)encode, ¶m, &p12, false);
652 ASSERT_NE(ret, HITLS_PKI_SUCCESS);
653 EXIT:
654 HITLS_PKCS12_Free(p12);
655 #endif
656 }
657 /* END_CASE */
658
659 /**
660 * For test encode safeBag-p8shroudkeyBag of correct data.
661 */
662 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_SAFEBAGS_OF_PKCS8SHROUDEDKEYBAG_TC001(Hex * buff)663 void SDV_PKCS12_ENCODE_SAFEBAGS_OF_PKCS8SHROUDEDKEYBAG_TC001(Hex *buff)
664 {
665 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
666 (void)buff;
667 SKIP_TEST();
668 #else
669 TestMemInit();
670 ASSERT_EQ(TestRandInit(), 0);
671
672 char *pwd = "123456";
673 uint32_t len = strlen(pwd);
674 BSL_Buffer encode = {0};
675 BSL_ASN1_List *bagLists = BSL_LIST_New(sizeof(HITLS_PKCS12_SafeBag));
676 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
677 BSL_ASN1_List *list = BSL_LIST_New(sizeof(HITLS_PKCS12_Bag));
678 ASSERT_NE(bagLists, NULL);
679 ASSERT_NE(p12, NULL);
680 ASSERT_NE(list, NULL);
681
682 // get the safeBag of safeContents, and put in list.
683 int32_t ret = HITLS_PKCS12_ParseAsn1AddList((BSL_Buffer *)buff, bagLists, BSL_CID_SAFECONTENTSBAG);
684 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
685
686 // get key of the bagList.
687 ret = HITLS_PKCS12_ParseSafeBagList(bagLists, (const uint8_t *)pwd, len, p12);
688 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
689 ASSERT_NE(p12->key->value.key, NULL);
690
691 HITLS_PKCS12_Bag *bag = BSL_SAL_Malloc(sizeof(HITLS_PKCS12_Bag));
692 bag->attributes = p12->key->attributes;
693 bag->value = p12->key->value;
694 ret = BSL_LIST_AddElement(list, bag, BSL_LIST_POS_END);
695 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
696 CRYPT_Pbkdf2Param param = {0};
697
698 param.pbesId = BSL_CID_PBES2;
699 param.pbkdfId = BSL_CID_PBKDF2;
700 param.hmacId = CRYPT_MAC_HMAC_SHA256;
701 param.symId = CRYPT_CIPHER_AES256_CBC;
702 param.pwd = (uint8_t *)pwd;
703 param.saltLen = 16;
704 param.pwdLen = len;
705 param.itCnt = 2048;
706 CRYPT_EncodeParam paramEx = {CRYPT_DERIVE_PBKDF2, ¶m};
707
708 ret = HITLS_PKCS12_EncodeAsn1List(list, BSL_CID_PKCS8SHROUDEDKEYBAG, ¶mEx, &encode);
709 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
710 ASSERT_EQ(encode.dataLen, buff->len);
711 ret = memcmp(encode.data + encode.dataLen - 37, buff->x + buff->len - 37, 37);
712 ASSERT_EQ(ret, 0);
713
714 EXIT:
715 BSL_SAL_Free(encode.data);
716 BSL_LIST_DeleteAll(bagLists, (BSL_LIST_PFUNC_FREE)HITLS_PKCS12_SafeBagFree);
717 BSL_SAL_Free(bagLists);
718 BSL_LIST_FREE(list, NULL);
719 HITLS_PKCS12_Free(p12);
720 #endif
721 }
722 /* END_CASE */
723
724 /**
725 * For test encode encrypted-safecontent.
726 */
727 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_SAFEBAGS_OF_CERTBAGS_TC001(Hex * buff)728 void SDV_PKCS12_ENCODE_SAFEBAGS_OF_CERTBAGS_TC001(Hex *buff)
729 {
730 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
731 (void)buff;
732 SKIP_TEST();
733 #else
734 ASSERT_EQ(TestRandInit(), 0);
735 BSL_Buffer encode = {0};
736 BSL_Buffer safeContent = {0};
737 BSL_Buffer output = {0};
738 BSL_ASN1_List *bagLists = BSL_LIST_New(sizeof(HITLS_PKCS12_SafeBag));
739 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
740 ASSERT_NE(bagLists, NULL);
741 ASSERT_NE(p12, NULL);
742
743 char *pwd = "123456";
744 uint32_t pwdlen = strlen(pwd);
745 // parse contentInfo
746 int32_t ret = HITLS_PKCS12_ParseContentInfo(NULL, NULL, (BSL_Buffer *)buff, (const uint8_t *)pwd, pwdlen,
747 &safeContent);
748 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
749
750 // get the safeBag of safeContents, and put int list.
751 ret = HITLS_PKCS12_ParseAsn1AddList(&safeContent, bagLists, BSL_CID_SAFECONTENTSBAG);
752 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
753
754 // get cert of the bagList.
755 ret = HITLS_PKCS12_ParseSafeBagList(bagLists, NULL, 0, p12);
756 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
757
758 CRYPT_Pbkdf2Param param = {0};
759 param.pbesId = BSL_CID_PBES2;
760 param.pbkdfId = BSL_CID_PBKDF2;
761 param.hmacId = CRYPT_MAC_HMAC_SHA256;
762 param.symId = CRYPT_CIPHER_AES256_CBC;
763 param.pwd = (uint8_t *)pwd;
764 param.saltLen = 16;
765 param.pwdLen = pwdlen;
766 param.itCnt = 2048;
767 CRYPT_EncodeParam paramEx = {CRYPT_DERIVE_PBKDF2, ¶m};
768
769 ret = HITLS_PKCS12_EncodeAsn1List(p12->certList, BSL_CID_CERTBAG, ¶mEx, &encode);
770 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
771
772 ret = HITLS_PKCS12_EncodeContentInfo(NULL, NULL, &encode, BSL_CID_PKCS7_ENCRYPTEDDATA, ¶mEx, &output);
773 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
774 ASSERT_EQ(output.dataLen, buff->len);
775 ret = memcmp(output.data, buff->x, 69);
776 ASSERT_EQ(ret, 0);
777
778 EXIT:
779 BSL_SAL_Free(safeContent.data);
780 BSL_SAL_Free(encode.data);
781 BSL_SAL_Free(output.data);
782 BSL_LIST_DeleteAll(bagLists, (BSL_LIST_PFUNC_FREE)HITLS_PKCS12_SafeBagFree);
783 HITLS_PKCS12_Free(p12);
784 BSL_SAL_Free(bagLists);
785 #endif
786 }
787 /* END_CASE */
788
789 /**
790 * For test encode authSafedata of correct data.
791 */
792 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_AUTHSAFE_TC001(Hex * buff)793 void SDV_PKCS12_ENCODE_AUTHSAFE_TC001(Hex *buff)
794 {
795 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
796 (void)buff;
797 SKIP_TEST();
798 #else
799 ASSERT_EQ(TestRandInit(), 0);
800 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
801 BSL_Buffer *encode1 = BSL_SAL_Calloc(1, sizeof(BSL_Buffer));
802 BSL_Buffer *encode2 = BSL_SAL_Calloc(1, sizeof(BSL_Buffer));
803 BSL_Buffer *encode3 = BSL_SAL_Calloc(1, sizeof(BSL_Buffer));
804 BSL_Buffer *encode4 = BSL_SAL_Calloc(1, sizeof(BSL_Buffer));
805 BSL_ASN1_List *list = BSL_LIST_New(sizeof(BSL_Buffer));
806 BSL_ASN1_List *keyList = BSL_LIST_New(sizeof(HITLS_PKCS12_Bag));
807 BSL_Buffer encode5 = {0};
808 HITLS_PKCS12_Bag *bagKey = NULL;
809 ASSERT_NE(p12, NULL);
810 ASSERT_NE(encode1, NULL);
811 ASSERT_NE(encode2, NULL);
812 ASSERT_NE(encode3, NULL);
813 ASSERT_NE(encode4, NULL);
814 ASSERT_NE(list, NULL);
815 ASSERT_NE(keyList, NULL);
816
817 char *pwd = "123456";
818 uint32_t pwdlen = strlen(pwd);
819 // parse authSafe
820 int32_t ret = HITLS_PKCS12_ParseAuthSafeData((BSL_Buffer *)buff, (const uint8_t *)pwd, pwdlen, p12);
821 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
822 ASSERT_NE(p12->key->value.key, NULL);
823 ASSERT_NE(p12->entityCert->value.cert, NULL);
824
825 CRYPT_Pbkdf2Param param = {0};
826 param.pbesId = BSL_CID_PBES2;
827 param.pbkdfId = BSL_CID_PBKDF2;
828 param.hmacId = CRYPT_MAC_HMAC_SHA256;
829 param.symId = CRYPT_CIPHER_AES256_CBC;
830 param.pwd = (uint8_t *)pwd;
831 param.saltLen = 16;
832 param.pwdLen = pwdlen;
833 param.itCnt = 2048;
834 CRYPT_EncodeParam paramEx = {CRYPT_DERIVE_PBKDF2, ¶m};
835
836 HITLS_PKCS12_Bag *bag = BSL_SAL_Malloc(sizeof(HITLS_PKCS12_Bag));
837 bag->attributes = p12->entityCert->attributes;
838 bag->value.cert = p12->entityCert->value.cert;
839 ret = BSL_LIST_AddElement(p12->certList, bag, BSL_LIST_POS_BEGIN);
840 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
841 p12->entityCert->attributes = NULL;
842 p12->entityCert->value.cert = NULL;
843
844 ret = HITLS_PKCS12_EncodeAsn1List(p12->certList, BSL_CID_CERTBAG, ¶mEx, encode1);
845 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
846
847 ret = HITLS_PKCS12_EncodeContentInfo(NULL, NULL, encode1, BSL_CID_PKCS7_ENCRYPTEDDATA, ¶mEx, encode2);
848 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
849
850 bagKey = BSL_SAL_Malloc(sizeof(HITLS_PKCS12_Bag));
851 bagKey->attributes = p12->key->attributes;
852 bagKey->value = p12->key->value;
853 ret = BSL_LIST_AddElement(keyList, bagKey, BSL_LIST_POS_END);
854 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
855
856 ret = HITLS_PKCS12_EncodeAsn1List(keyList, BSL_CID_PKCS8SHROUDEDKEYBAG, ¶mEx, encode3);
857 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
858
859 ret = HITLS_PKCS12_EncodeContentInfo(NULL, NULL, encode3, BSL_CID_PKCS7_SIMPLEDATA, ¶mEx, encode4);
860 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
861
862 ret = BSL_LIST_AddElement(list, encode2, BSL_LIST_POS_END);
863 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
864
865 ret = BSL_LIST_AddElement(list, encode4, BSL_LIST_POS_END);
866 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
867
868 ret = HITLS_PKCS12_EncodeAsn1List(list, BSL_CID_PKCS7_CONTENTINFO, ¶mEx, &encode5);
869 ASSERT_EQ(encode5.dataLen, buff->len);
870
871 EXIT:
872 BSL_SAL_Free(encode1->data);
873 BSL_SAL_Free(encode2->data);
874 BSL_SAL_Free(encode3->data);
875 BSL_SAL_Free(encode4->data);
876 BSL_SAL_Free(encode1);
877 BSL_SAL_Free(encode3);
878 BSL_SAL_Free(encode5.data);
879 BSL_LIST_FREE(list, NULL);
880 BSL_LIST_FREE(keyList, NULL);
881 HITLS_PKCS12_Free(p12);
882 #endif
883 }
884 /* END_CASE */
885
886 /**
887 * For test encode authSafedata of correct data.
888 */
889 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_MACDATA_TC001(Hex * buff,Hex * initData,Hex * expectData)890 void SDV_PKCS12_ENCODE_MACDATA_TC001(Hex *buff, Hex *initData, Hex *expectData)
891 {
892 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
893 (void)buff;
894 (void)initData;
895 (void)expectData;
896 SKIP_TEST();
897 #else
898 ASSERT_EQ(TestRandInit(), 0);
899 char *pwd = "123456";
900 BSL_Buffer encPwd;
901 encPwd.data = (uint8_t *)pwd;
902 encPwd.dataLen = strlen(pwd);
903
904 BSL_Buffer output = {0};
905 BSL_Buffer output1 = {0};
906 HITLS_PKCS12 *p12 = NULL;
907 HITLS_PKCS12_MacData *macData = HITLS_PKCS12_MacDataNew();
908 ASSERT_NE(macData, NULL);
909
910 HITLS_PKCS12_PwdParam param = {
911 .encPwd = &encPwd,
912 .macPwd = &encPwd,
913 };
914 ASSERT_EQ(HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)buff, ¶m, &p12, true), HITLS_PKI_SUCCESS);
915
916 HITLS_PKCS12_KdfParam hmacParam = {0};
917 hmacParam.macId = CRYPT_MD_SHA224;
918 hmacParam.pwd = (uint8_t *)pwd;
919 hmacParam.saltLen = p12->macData->macSalt->dataLen;
920 hmacParam.pwdLen = strlen(pwd);
921 hmacParam.itCnt = 2048;
922
923 HITLS_PKCS12_MacParam macParam = {.para = &hmacParam, .algId = BSL_CID_PKCS12KDF};
924 ASSERT_EQ(HITLS_PKCS12_EncodeMacData((BSL_Buffer *)initData, &macParam, p12->macData, &output), HITLS_PKI_SUCCESS);
925 ASSERT_EQ(memcmp(output.data, expectData->x, expectData->len), 0);
926
927 hmacParam.itCnt = 999;
928 ASSERT_EQ(HITLS_PKCS12_EncodeMacData((BSL_Buffer *)initData, &macParam, macData, &output),
929 HITLS_PKCS12_ERR_INVALID_ITERATION);
930
931 hmacParam.itCnt = 1024;
932 hmacParam.saltLen = 0;
933 ASSERT_EQ(HITLS_PKCS12_EncodeMacData((BSL_Buffer *)initData, &macParam, macData, &output),
934 HITLS_PKCS12_ERR_INVALID_SALTLEN);
935
936 hmacParam.saltLen = 16;
937 ASSERT_EQ(HITLS_PKCS12_EncodeMacData((BSL_Buffer *)initData, &macParam, macData, &output1), HITLS_PKI_SUCCESS);
938 EXIT:
939 BSL_SAL_Free(output.data);
940 BSL_SAL_Free(output1.data);
941 HITLS_PKCS12_MacDataFree(macData);
942 HITLS_PKCS12_Free(p12);
943 #endif
944 }
945 /* END_CASE */
946
947 /**
948 * For test encode P12 of correct data.
949 */
950 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_P12_TC001(Hex * buff,Hex * cert)951 void SDV_PKCS12_ENCODE_P12_TC001(Hex *buff, Hex *cert)
952 {
953 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
954 (void)buff;
955 (void)cert;
956 SKIP_TEST();
957 #else
958 char *pwd = "123456";
959 BSL_Buffer encPwd;
960 encPwd.data = (uint8_t *)pwd;
961 encPwd.dataLen = strlen(pwd);
962
963 BSL_Buffer output = {0};
964 BSL_Buffer encodeCert1 = {0};
965 BSL_Buffer encodeCert2 = {0};
966 HITLS_PKCS12 *p12 = NULL;
967 HITLS_PKCS12 *p12_1 = NULL;
968
969 HITLS_PKCS12_PwdParam param = {.encPwd = &encPwd, .macPwd = &encPwd};
970 int32_t ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)buff, ¶m, &p12, true);
971 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
972
973 HITLS_PKCS12_EncodeParam encodeParam = {0};
974
975 CRYPT_Pbkdf2Param pbParam = {0};
976 pbParam.pbesId = BSL_CID_PBES2;
977 pbParam.pbkdfId = BSL_CID_PBKDF2;
978 pbParam.hmacId = CRYPT_MAC_HMAC_SHA256;
979 pbParam.symId = CRYPT_CIPHER_AES256_CBC;
980 pbParam.pwd = (uint8_t *)pwd;
981 pbParam.saltLen = 16;
982 pbParam.pwdLen = strlen(pwd);
983 pbParam.itCnt = 2048;
984
985 CRYPT_EncodeParam encParam = {CRYPT_DERIVE_PBKDF2, &pbParam};
986 encodeParam.certEncParam = encParam;
987 encodeParam.keyEncParam = encParam;
988
989 HITLS_PKCS12_KdfParam macParam = {0};
990 macParam.macId = p12->macData->alg;
991 macParam.pwd = (uint8_t *)pwd;
992 macParam.saltLen = p12->macData->macSalt->dataLen;
993 macParam.pwdLen = strlen(pwd);
994 macParam.itCnt = 2048;
995 HITLS_PKCS12_MacParam paramTest = {.para = &macParam, .algId = BSL_CID_PKCS12KDF};
996 encodeParam.macParam = paramTest;
997
998 ASSERT_EQ(TestRandInit(), 0);
999 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output);
1000 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1001 ASSERT_EQ(output.dataLen, buff->len);
1002
1003 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, &output, ¶m, &p12_1, true);
1004 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1005 ASSERT_NE(p12_1->key->value.key, NULL);
1006 ASSERT_NE(p12_1->entityCert->value.cert, NULL);
1007
1008 ret = HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, p12->entityCert->value.cert, &encodeCert1);
1009 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1010
1011 ret = HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, p12_1->entityCert->value.cert, &encodeCert2);
1012 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1013 ASSERT_EQ(memcmp(encodeCert1.data, encodeCert2.data, encodeCert1.dataLen), 0);
1014 ASSERT_EQ(memcmp(encodeCert1.data, cert->x, cert->len), 0);
1015
1016 if (BSL_LIST_COUNT(p12->certList) > 0) {
1017 HITLS_PKCS12_Bag *node1 = BSL_LIST_GET_FIRST(p12->certList);
1018 BSL_Buffer encodeCert3 = {0};
1019 ret = HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, node1->value.cert, &encodeCert3);
1020 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1021
1022 HITLS_PKCS12_Bag *node2 = BSL_LIST_GET_FIRST(p12_1->certList);
1023 BSL_Buffer encodeCert4 = {0};
1024 ret = HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, node2->value.cert, &encodeCert4);
1025 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1026 ASSERT_EQ(memcmp(encodeCert1.data, encodeCert2.data, encodeCert1.dataLen), 0);
1027 BSL_SAL_Free(encodeCert3.data);
1028 BSL_SAL_Free(encodeCert4.data);
1029 }
1030 EXIT:
1031 BSL_SAL_Free(output.data);
1032 BSL_SAL_Free(encodeCert1.data);
1033 BSL_SAL_Free(encodeCert2.data);
1034 HITLS_PKCS12_Free(p12);
1035 HITLS_PKCS12_Free(p12_1);
1036 #endif
1037 }
1038 /* END_CASE */
1039
1040 /**
1041 * For test encode P12 of correct data(no mac).
1042 */
1043 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_P12_TC002(Hex * buff,Hex * cert)1044 void SDV_PKCS12_ENCODE_P12_TC002(Hex *buff, Hex *cert)
1045 {
1046 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
1047 (void)buff;
1048 (void)cert;
1049 SKIP_TEST();
1050 #else
1051 ASSERT_EQ(TestRandInit(), 0);
1052 char *pwd = "123456";
1053 BSL_Buffer encPwd;
1054 encPwd.data = (uint8_t *)pwd;
1055 encPwd.dataLen = strlen(pwd);
1056
1057 BSL_Buffer output = {0};
1058 BSL_Buffer encodeCert1 = {0};
1059 BSL_Buffer encodeCert2 = {0};
1060 HITLS_PKCS12 *p12 = NULL;
1061 HITLS_PKCS12 *p12_1 = NULL;
1062
1063 HITLS_PKCS12_PwdParam param = {
1064 .encPwd = &encPwd,
1065 .macPwd = &encPwd,
1066 };
1067 int32_t ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)buff, ¶m, &p12, false);
1068 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1069
1070 HITLS_PKCS12_EncodeParam encodeParam = {0};
1071
1072 CRYPT_Pbkdf2Param pbParam = {0};
1073 pbParam.pbesId = BSL_CID_PBES2;
1074 pbParam.pbkdfId = BSL_CID_PBKDF2;
1075 pbParam.hmacId = CRYPT_MAC_HMAC_SHA256;
1076 pbParam.symId = CRYPT_CIPHER_AES256_CBC;
1077 pbParam.pwd = (uint8_t *)pwd;
1078 pbParam.saltLen = 16;
1079 pbParam.pwdLen = strlen(pwd);
1080 pbParam.itCnt = 2048;
1081
1082 CRYPT_EncodeParam encParam = {CRYPT_DERIVE_PBKDF2, &pbParam};
1083 encodeParam.certEncParam = encParam;
1084 encodeParam.keyEncParam = encParam;
1085
1086 HITLS_PKCS12_KdfParam macParam = {0};
1087 macParam.macId = p12->macData->alg;
1088 macParam.pwd = (uint8_t *)pwd;
1089 macParam.saltLen = 8;
1090 macParam.pwdLen = strlen(pwd);
1091 macParam.itCnt = 2048;
1092 HITLS_PKCS12_MacParam paramTest = {.para = &macParam, .algId = BSL_CID_PKCS12KDF};
1093 encodeParam.macParam = paramTest;
1094
1095 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output);
1096 ASSERT_NE(ret, HITLS_PKI_SUCCESS);
1097
1098 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, false, &output);
1099 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1100 ASSERT_EQ(output.dataLen, buff->len);
1101
1102 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, &output, ¶m, &p12_1, false);
1103 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1104 ASSERT_NE(p12_1->key->value.key, NULL);
1105 ASSERT_NE(p12_1->entityCert->value.cert, NULL);
1106
1107 ret = HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, p12->entityCert->value.cert, &encodeCert1);
1108 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1109
1110 ret = HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, p12_1->entityCert->value.cert, &encodeCert2);
1111 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1112 ASSERT_EQ(memcmp(encodeCert1.data, encodeCert2.data, encodeCert1.dataLen), 0);
1113 ASSERT_EQ(memcmp(encodeCert1.data, cert->x, cert->len), 0);
1114
1115 EXIT:
1116 BSL_SAL_Free(output.data);
1117 BSL_SAL_Free(encodeCert1.data);
1118 BSL_SAL_Free(encodeCert2.data);
1119 HITLS_PKCS12_Free(p12);
1120 HITLS_PKCS12_Free(p12_1);
1121 #endif
1122 }
1123 /* END_CASE */
1124
1125 /**
1126 * For test encode P12 of insufficient data.
1127 */
1128 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_P12_TC003(Hex * buff)1129 void SDV_PKCS12_ENCODE_P12_TC003(Hex *buff)
1130 {
1131 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
1132 (void)buff;
1133 SKIP_TEST();
1134 #else
1135 ASSERT_EQ(TestRandInit(), 0);
1136 char *pwd = "123456";
1137 BSL_Buffer encPwd;
1138 encPwd.data = (uint8_t *)pwd;
1139 encPwd.dataLen = strlen(pwd);
1140
1141 HITLS_PKCS12_PwdParam param = {
1142 .encPwd = &encPwd,
1143 .macPwd = &encPwd,
1144 };
1145
1146 HITLS_PKCS12_EncodeParam encodeParam = {0};
1147
1148 CRYPT_Pbkdf2Param pbParam = {0};
1149 pbParam.pbesId = BSL_CID_PBES2;
1150 pbParam.pbkdfId = BSL_CID_PBKDF2;
1151 pbParam.hmacId = CRYPT_MAC_HMAC_SHA256;
1152 pbParam.symId = CRYPT_CIPHER_AES256_CBC;
1153 pbParam.pwd = (uint8_t *)pwd;
1154 pbParam.saltLen = 16;
1155 pbParam.pwdLen = strlen(pwd);
1156 pbParam.itCnt = 2048;
1157
1158 CRYPT_EncodeParam encParam = {CRYPT_DERIVE_PBKDF2, &pbParam};
1159 encodeParam.certEncParam = encParam;
1160 encodeParam.keyEncParam = encParam;
1161
1162 BSL_Buffer output1 = {0};
1163 BSL_Buffer output2 = {0};
1164 BSL_Buffer output3 = {0};
1165 BSL_Buffer output4 = {0};
1166 BSL_Buffer output5 = {0};
1167 BSL_Buffer output6 = {0};
1168 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
1169 ASSERT_NE(p12, NULL);
1170
1171 // For test p12 has none data, isNeedMac = true.
1172 int32_t ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, false, &output1);
1173 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NONE_DATA);
1174 // For test p12 has none data, isNeedMac = false.
1175 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output1);
1176 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NONE_DATA);
1177 HITLS_PKCS12_Free(p12);
1178 p12 = NULL;
1179
1180 ret = HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, (BSL_Buffer *)buff, ¶m, &p12, true);
1181 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1182
1183 HITLS_PKCS12_KdfParam macParam = {0};
1184 macParam.macId = p12->macData->alg;
1185 macParam.pwd = (uint8_t *)pwd;
1186 macParam.saltLen = 8;
1187 macParam.pwdLen = strlen(pwd);
1188 macParam.itCnt = 2048;
1189 HITLS_PKCS12_MacParam paramTest = {.para = &macParam, .algId = BSL_CID_PKCS12KDF};
1190 encodeParam.macParam = paramTest;
1191 HITLS_PKCS12 p12_1 = {0};
1192
1193 // For test gen p12 of wrong input
1194 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_UNKNOWN, &p12_1, &encodeParam, true, &output1);
1195 ASSERT_EQ(ret, HITLS_PKCS12_ERR_FORMAT_UNSUPPORT);
1196
1197 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, NULL, true, &output1);
1198 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1199
1200 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, NULL);
1201 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1202
1203 (void)memcpy(&p12_1, p12, sizeof(HITLS_PKCS12));
1204 CRYPT_EAL_PkeyCtx *temKey = p12_1.key->value.key;
1205 HITLS_X509_Cert *entityCert = p12_1.entityCert->value.cert;
1206 p12_1.key->value.key = NULL;
1207 p12_1.entityCert->value.cert = NULL; // test p12-encode of key and entityCert = NULL.
1208 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, &output1);
1209 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1210
1211 p12_1.key->value.key = NULL; // test p12-encode of key = NULL.
1212 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, &output2);
1213 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1214
1215 p12_1.key->value.key = temKey;
1216 p12_1.entityCert->value.cert = NULL; // test p12-encode of entityCert = NULL.
1217 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, &output3);
1218 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1219
1220 // test p12-encode of entityCert attribute = NULL.
1221 p12_1.entityCert->value.cert = entityCert;
1222 HITLS_X509_AttrsFree(p12_1.entityCert->attributes, HITLS_PKCS12_AttributesFree);
1223 p12_1.entityCert->attributes = NULL;
1224 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, &output4);
1225 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1226
1227 // test p12-encode of key attribute = NULL.
1228 HITLS_X509_AttrsFree(p12_1.key->attributes, HITLS_PKCS12_AttributesFree);
1229 p12_1.key->attributes = NULL;
1230 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, &output5);
1231 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1232
1233 BSL_LIST_DeleteAll(p12_1.certList, BagFree); // test p12-encode of key attribute = NULL.
1234 ret = HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, &p12_1, &encodeParam, true, &output6);
1235 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1236 EXIT:
1237 BSL_SAL_Free(output1.data);
1238 BSL_SAL_Free(output2.data);
1239 BSL_SAL_Free(output3.data);
1240 BSL_SAL_Free(output4.data);
1241 BSL_SAL_Free(output5.data);
1242 BSL_SAL_Free(output6.data);
1243 HITLS_PKCS12_Free(p12);
1244 #endif
1245 }
1246 /* END_CASE */
1247
1248 /**
1249 * For test gen p12-file of different password.
1250 */
1251 /* BEGIN_CASE */
SDV_PKCS12_ENCODE_P12_TC004(char * pkeyPath,char * certPath)1252 void SDV_PKCS12_ENCODE_P12_TC004(char *pkeyPath, char *certPath)
1253 {
1254 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_BSL_SAL_FILE) || !defined(HITLS_CRYPTO_KEY_DECODE)
1255 (void)pkeyPath;
1256 (void)certPath;
1257 SKIP_TEST();
1258 #else
1259 ASSERT_EQ(TestRandInit(), 0);
1260 CRYPT_EAL_PkeyCtx *pkey = NULL;
1261 HITLS_X509_Cert *enCert = NULL;
1262 HITLS_PKCS12_Bag *certBag = NULL;
1263 HITLS_PKCS12_Bag *keyBag = NULL;
1264 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
1265 ASSERT_NE(p12, NULL);
1266
1267 ASSERT_EQ(CRYPT_EAL_DecodeFileKey(BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_UNENCRYPT, pkeyPath, NULL, 0, &pkey), 0);
1268
1269 keyBag = HITLS_PKCS12_BagNew(BSL_CID_PKCS8SHROUDEDKEYBAG, 0, pkey);
1270 ASSERT_NE(keyBag, NULL);
1271
1272 ASSERT_EQ(HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, certPath, &enCert), HITLS_PKI_SUCCESS);
1273
1274 certBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, enCert);
1275 ASSERT_NE(certBag, NULL);
1276
1277 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_KEYBAG, keyBag, 0), HITLS_PKI_SUCCESS);
1278
1279 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, certBag, 0), HITLS_PKI_SUCCESS);
1280
1281 HITLS_PKCS12_EncodeParam encodeParam = {0};
1282
1283 BSL_Buffer output = {0};
1284 // While the encrypted data is null of cert and key
1285 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, false, &output), HITLS_PKCS12_ERR_INVALID_PARAM);
1286
1287 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output), HITLS_PKCS12_ERR_INVALID_PARAM);
1288
1289 char *pwd = "123456";
1290 CRYPT_Pbkdf2Param pbParam = {0};
1291 pbParam.pbesId = BSL_CID_PBES2;
1292 pbParam.pbkdfId = BSL_CID_PBKDF2;
1293 pbParam.hmacId = CRYPT_MAC_HMAC_SHA256;
1294 pbParam.symId = CRYPT_CIPHER_AES256_CBC;
1295 pbParam.pwd = (uint8_t *)pwd;
1296 pbParam.saltLen = 16;
1297 pbParam.pwdLen = strlen(pwd);
1298 pbParam.itCnt = 2048;
1299 CRYPT_EncodeParam encParam = {CRYPT_DERIVE_PBKDF2, &pbParam};
1300 HITLS_PKCS12_KdfParam macParam = {0};
1301 macParam.macId = BSL_CID_SHA256;
1302 macParam.pwd = (uint8_t *)pwd;
1303 macParam.saltLen = 8;
1304 macParam.pwdLen = strlen(pwd);
1305 macParam.itCnt = 2048;
1306 HITLS_PKCS12_MacParam paramTest = {.para = &macParam, .algId = BSL_CID_PKCS12KDF};
1307 encodeParam.keyEncParam = encParam;
1308
1309 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output), HITLS_PKCS12_ERR_INVALID_PARAM);
1310
1311 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, false, &output), HITLS_PKI_SUCCESS);
1312
1313 BSL_SAL_Free(output.data);
1314 output.data = NULL;
1315 encodeParam.certEncParam = encParam;
1316 paramTest.algId = BSL_CID_MAX;
1317 encodeParam.macParam = paramTest;
1318 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output), HITLS_PKCS12_ERR_INVALID_ALGO);
1319
1320 paramTest.algId = BSL_CID_PKCS12KDF;
1321 paramTest.para = NULL;
1322 encodeParam.macParam = paramTest;
1323 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output), HITLS_PKCS12_ERR_NULL_POINTER);
1324 paramTest.para = &macParam;
1325
1326 BSL_Buffer output1 = {0};
1327 char *pwd1 = "1234567";
1328 CRYPT_Pbkdf2Param pbParam1 = {0};
1329 pbParam1.pbesId = BSL_CID_PBES2;
1330 pbParam1.pbkdfId = BSL_CID_PBKDF2;
1331 pbParam1.hmacId = CRYPT_MAC_HMAC_SHA256;
1332 pbParam1.symId = CRYPT_CIPHER_AES256_CBC;
1333 pbParam1.pwd = (uint8_t *)pwd1;
1334 pbParam1.saltLen = 16;
1335 pbParam1.pwdLen = strlen(pwd1);
1336 pbParam1.itCnt = 2048;
1337 CRYPT_EncodeParam encParam1 = {CRYPT_DERIVE_PBKDF2, &pbParam1};
1338 encodeParam.certEncParam = encParam;
1339 encodeParam.keyEncParam = encParam1;
1340 encodeParam.macParam = paramTest;
1341 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output1), HITLS_PKCS12_ERR_INVALID_PARAM);
1342
1343 encodeParam.keyEncParam = encParam;
1344 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output1), HITLS_PKI_SUCCESS);
1345
1346 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output1), HITLS_PKCS12_ERR_INVALID_PARAM);
1347
1348 BSL_Buffer output2 = {0};
1349 pbParam1.pwd = NULL;
1350 pbParam.pwd = NULL;
1351 pbParam1.pwdLen = 0;
1352 pbParam.pwdLen = 0;
1353 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output2), HITLS_PKI_SUCCESS);
1354 EXIT:
1355 BSL_SAL_Free(output.data);
1356 BSL_SAL_Free(output1.data);
1357 BSL_SAL_Free(output2.data);
1358 HITLS_PKCS12_Free(p12);
1359 HITLS_X509_CertFree(enCert);
1360 CRYPT_EAL_PkeyFreeCtx(pkey);
1361 HITLS_PKCS12_BagFree(keyBag);
1362 HITLS_PKCS12_BagFree(certBag);
1363 #endif
1364 }
1365 /* END_CASE */
1366
1367 /**
1368 * For test gen and parse p12-file.
1369 */
1370 /* BEGIN_CASE */
SDV_PKCS12_GEN_PARSE_P12FILE_TC001(void)1371 void SDV_PKCS12_GEN_PARSE_P12FILE_TC001(void)
1372 {
1373 #if !defined(HITLS_PKI_PKCS12_GEN) || !defined(HITLS_PKI_PKCS12_PARSE)
1374 SKIP_TEST();
1375 #else
1376 ASSERT_EQ(TestRandInit(), 0);
1377 char *pwd = "123456";
1378 BSL_Buffer encPwd;
1379 encPwd.data = (uint8_t *)pwd;
1380 encPwd.dataLen = strlen(pwd);
1381 HITLS_PKCS12 *p12 = NULL;
1382 HITLS_PKCS12 *p12_1 = NULL;
1383
1384 HITLS_PKCS12_PwdParam param = {
1385 .encPwd = &encPwd,
1386 .macPwd = &encPwd,
1387 };
1388
1389 HITLS_PKCS12_EncodeParam encodeParam = {0};
1390
1391 CRYPT_Pbkdf2Param pbParam = {0};
1392 pbParam.pbesId = BSL_CID_PBES2;
1393 pbParam.pbkdfId = BSL_CID_PBKDF2;
1394 pbParam.hmacId = CRYPT_MAC_HMAC_SHA256;
1395 pbParam.symId = CRYPT_CIPHER_AES256_CBC;
1396 pbParam.pwd = (uint8_t *)pwd;
1397 pbParam.saltLen = 16;
1398 pbParam.pwdLen = strlen(pwd);
1399 pbParam.itCnt = 2048;
1400
1401 CRYPT_EncodeParam encParam = {CRYPT_DERIVE_PBKDF2, &pbParam};
1402 encodeParam.certEncParam = encParam;
1403 encodeParam.keyEncParam = encParam;
1404
1405 const char *path = "../testdata/cert/asn1/pkcs12/chain.p12";
1406 const char *writePath = "../testdata/cert/asn1/pkcs12/chain_cp.p12";
1407
1408 int32_t ret = HITLS_PKCS12_ParseFile(BSL_FORMAT_ASN1, NULL, ¶m, &p12, true);
1409 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1410 ret = HITLS_PKCS12_ParseFile(BSL_FORMAT_ASN1, path, ¶m, &p12, true);
1411 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1412
1413 HITLS_PKCS12_KdfParam macParam = {0};
1414 macParam.macId = p12->macData->alg;
1415 macParam.pwd = (uint8_t *)pwd;
1416 macParam.saltLen = 8;
1417 macParam.pwdLen = strlen(pwd);
1418 macParam.itCnt = 2048;
1419 HITLS_PKCS12_MacParam paramTest = {.para = &macParam, .algId = BSL_CID_PKCS12KDF};
1420 encodeParam.macParam = paramTest;
1421
1422 ret = HITLS_PKCS12_GenFile(BSL_FORMAT_ASN1, p12, &encodeParam, true, NULL);
1423 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1424 ret = HITLS_PKCS12_GenFile(BSL_FORMAT_ASN1, p12, &encodeParam, true, writePath);
1425 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1426
1427 ret = HITLS_PKCS12_ParseFile(BSL_FORMAT_ASN1, writePath, ¶m, &p12_1, true);
1428 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1429 EXIT:
1430 HITLS_PKCS12_Free(p12);
1431 HITLS_PKCS12_Free(p12_1);
1432 #endif
1433 }
1434 /* END_CASE */
1435
1436 /**
1437 * For test p12-ctrl.
1438 */
1439 /* BEGIN_CASE */
SDV_PKCS12_CTRL_TEST_TC001(char * pkeyPath,char * enCertPath,char * caCertPath)1440 void SDV_PKCS12_CTRL_TEST_TC001(char *pkeyPath, char *enCertPath, char *caCertPath)
1441 {
1442 #if !defined(HITLS_PKI_PKCS12_PARSE) || !defined(HITLS_PKI_PKCS12_GEN)
1443 (void)pkeyPath;
1444 (void)enCertPath;
1445 (void)caCertPath;
1446 SKIP_TEST();
1447 #else
1448 TestMemInit();
1449 ASSERT_EQ(TestRandInit(), 0);
1450 CRYPT_EAL_PkeyCtx *pkey = NULL;
1451 HITLS_X509_Cert *enCert = NULL;
1452 HITLS_X509_Cert *caCert = NULL;
1453 HITLS_X509_Cert *targetCert = NULL;
1454 CRYPT_EAL_PkeyCtx *targetKey = NULL;
1455 HITLS_PKCS12_Bag *caBag = NULL;
1456 HITLS_PKCS12_Bag *pkeyBag = NULL;
1457 HITLS_PKCS12_Bag *encertBag = NULL;
1458 int32_t mdId = CRYPT_MD_SHA1;
1459 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
1460 ASSERT_NE(p12, NULL);
1461
1462 int32_t ret = CRYPT_EAL_DecodeFileKey(BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_UNENCRYPT, pkeyPath, NULL, 0, &pkey);
1463 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1464
1465 ret = HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, enCertPath, &enCert);
1466 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1467
1468 ret = HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, caCertPath, &caCert);
1469 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1470
1471 caBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, caCert);
1472 ASSERT_NE(caBag, NULL);
1473
1474 pkeyBag = HITLS_PKCS12_BagNew(BSL_CID_PKCS8SHROUDEDKEYBAG, 0, pkey);
1475 ASSERT_NE(pkeyBag, NULL);
1476
1477 encertBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, enCert);
1478 ASSERT_NE(encertBag, NULL);
1479
1480 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_KEYBAG, pkeyBag, 0);
1481 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1482
1483 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, encertBag, 0);
1484 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1485
1486 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GET_ENTITY_CERT, &targetCert, 0);
1487 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1488 ASSERT_NE(targetCert, NULL);
1489
1490 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GET_ENTITY_KEY, &targetKey, 0);
1491 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1492 ASSERT_NE(targetKey, NULL);
1493
1494 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, sizeof(CRYPT_MD_AlgId));
1495 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1496
1497 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, 0);
1498 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_PARAM);
1499
1500 mdId = BSL_CID_MD4 - 1;
1501 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, sizeof(CRYPT_MD_AlgId));
1502 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_PARAM);
1503
1504 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_ADD_CERTBAG, caBag, 0);
1505 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1506
1507 ASSERT_NE(p12->key->value.key, NULL);
1508 ASSERT_NE(p12->entityCert->value.cert, NULL);
1509 ASSERT_EQ(BSL_LIST_COUNT(p12->key->attributes->list), 1);
1510 ASSERT_EQ(BSL_LIST_COUNT(p12->entityCert->attributes->list), 1);
1511 ASSERT_EQ(BSL_LIST_COUNT(p12->certList), 1);
1512
1513 EXIT:
1514 HITLS_X509_CertFree(targetCert);
1515 CRYPT_EAL_PkeyFreeCtx(targetKey);
1516 HITLS_PKCS12_BagFree(pkeyBag);
1517 HITLS_PKCS12_BagFree(encertBag);
1518 HITLS_PKCS12_BagFree(caBag);
1519 CRYPT_EAL_PkeyFreeCtx(pkey);
1520 HITLS_PKCS12_Free(p12);
1521 HITLS_X509_CertFree(enCert);
1522 HITLS_X509_CertFree(caCert);
1523 #endif
1524 }
1525 /* END_CASE */
1526
1527 /**
1528 * For test p12-ctrl in invalid params.
1529 */
1530 /* BEGIN_CASE */
SDV_PKCS12_CTRL_TEST_TC002(char * enCertPath)1531 void SDV_PKCS12_CTRL_TEST_TC002(char *enCertPath)
1532 {
1533 #if !defined(HITLS_PKI_PKCS12_PARSE) || !defined(HITLS_PKI_PKCS12_GEN)
1534 (void)enCertPath;
1535 SKIP_TEST();
1536 #else
1537 HITLS_X509_Cert *enCert = NULL;
1538 HITLS_X509_Cert *target = NULL;
1539 HITLS_PKCS12_Bag *certBag = NULL;
1540 HITLS_PKCS12_Bag keyBag = {0};
1541 HITLS_PKCS12_Bag *entityCertBag = NULL;
1542 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
1543 ASSERT_NE(p12, NULL);
1544 int32_t mdId = CRYPT_MD_SHA1;
1545 int32_t ret = HITLS_PKCS12_Ctrl(NULL, HITLS_PKCS12_SET_ENTITY_KEYBAG, &keyBag, 0); // p12 == NULL.
1546 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1547
1548 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_KEYBAG, NULL, 0); // keyBag == NULL.
1549 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1550
1551 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID - 1, &mdId, sizeof(CRYPT_MD_AlgId)); // cmd is invalid.
1552 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_PARAM);
1553
1554 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GET_ENTITY_CERT, &target, 0); // no cert to obtain.
1555 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NO_ENTITYCERT);
1556
1557 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, sizeof(CRYPT_MD_AlgId)); // no key and cert
1558 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1559
1560 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, entityCertBag, 0); // enCertBag is invalid.
1561 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1562
1563 #if defined(HITLS_CRYPTO_KEY_DECODE) && defined(HITLS_BSL_SAL_FILE)
1564 ret = HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, enCertPath, &enCert);
1565 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1566
1567 entityCertBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, enCert);
1568 ASSERT_NE(entityCertBag, NULL);
1569
1570 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, entityCertBag, 0);
1571 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1572 #else
1573 (void)enCertPath;
1574 SKIP_TEST();
1575 #endif
1576
1577 // no key to set localKeyId.
1578 p12->key = &keyBag;
1579 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, sizeof(CRYPT_MD_AlgId));
1580 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NO_PAIRED_CERT_AND_KEY);
1581 p12->key = NULL;
1582
1583 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_ADD_CERTBAG, certBag, 0); // certBag is NULL.
1584 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1585
1586 keyBag.type = BSL_CID_PKCS8SHROUDEDKEYBAG;
1587 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_ADD_CERTBAG, &keyBag, 0); // certBag-type is wrong.
1588 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_PARAM);
1589
1590 EXIT:
1591 HITLS_PKCS12_Free(p12);
1592 HITLS_X509_CertFree(enCert);
1593 HITLS_PKCS12_BagFree(entityCertBag);
1594 #endif
1595 }
1596 /* END_CASE */
1597
1598 /**
1599 * For test p12-bag creat, set, and free.
1600 */
1601 /* BEGIN_CASE */
SDV_PKCS12_BAG_TEST_TC001(char * pkeyPath,char * certPath)1602 void SDV_PKCS12_BAG_TEST_TC001(char *pkeyPath, char *certPath)
1603 {
1604 #if !defined(HITLS_PKI_PKCS12_PARSE) || !defined(HITLS_BSL_SAL_FILE) || !defined(HITLS_PKI_PKCS12_GEN)
1605 (void)pkeyPath;
1606 (void)certPath;
1607 SKIP_TEST();
1608 #else
1609 CRYPT_EAL_PkeyCtx *pkey = NULL;
1610 HITLS_X509_Cert *enCert = NULL;
1611 HITLS_PKCS12_Bag *keyBag = NULL;
1612 HITLS_PKCS12_Bag *certBag = NULL;
1613 char *name = "friendlyName";
1614 uint32_t nameLen = strlen(name);
1615 BSL_Buffer buffer = {.data = (uint8_t *)name, .dataLen = nameLen};
1616
1617 int32_t ret = CRYPT_EAL_DecodeFileKey(BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_UNENCRYPT, pkeyPath, NULL, 0, &pkey);
1618 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1619
1620 keyBag = HITLS_PKCS12_BagNew(BSL_CID_PKCS8SHROUDEDKEYBAG, 0, pkey);
1621 ASSERT_NE(keyBag, NULL);
1622
1623 ret = HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, certPath, &enCert);
1624 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1625
1626 certBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, enCert);
1627 ASSERT_NE(certBag, NULL);
1628
1629 ret = HITLS_PKCS12_BagAddAttr(keyBag, BSL_CID_FRIENDLYNAME, &buffer);
1630 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1631
1632 ret = HITLS_PKCS12_BagCtrl(certBag, HITLS_PKCS12_BAG_ADD_ATTR, &buffer, BSL_CID_FRIENDLYNAME);
1633 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1634
1635 EXIT:
1636 HITLS_PKCS12_BagFree(keyBag);
1637 HITLS_PKCS12_BagFree(certBag);
1638 CRYPT_EAL_PkeyFreeCtx(pkey);
1639 HITLS_X509_CertFree(enCert);
1640 #endif
1641 }
1642 /* END_CASE */
1643
1644 /**
1645 * For test p12-bag in invalid params.
1646 */
1647 /* BEGIN_CASE */
SDV_PKCS12_BAG_TEST_TC002(char * pkeyPath)1648 void SDV_PKCS12_BAG_TEST_TC002(char *pkeyPath)
1649 {
1650 #if !defined(HITLS_CRYPTO_KEY_DECODE) || !defined(HITLS_BSL_SAL_FILE) || !defined(HITLS_PKI_PKCS12_GEN)
1651 (void)pkeyPath;
1652 SKIP_TEST();
1653 #else
1654 CRYPT_EAL_PkeyCtx *pkey = NULL;
1655 HITLS_PKCS12_Bag *keyBag = NULL;
1656
1657 BSL_Buffer buffer = {0};
1658 int32_t ret = CRYPT_EAL_DecodeFileKey(BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_UNENCRYPT, pkeyPath, NULL, 0, &pkey);
1659 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1660
1661 keyBag = HITLS_PKCS12_BagNew(BSL_CID_MAX, 0, pkey); // invalid bag-id.
1662 ASSERT_EQ(keyBag, NULL);
1663 keyBag = HITLS_PKCS12_BagNew(BSL_CID_PKCS8SHROUDEDKEYBAG, 0, pkey);
1664 ASSERT_NE(keyBag, NULL);
1665
1666 ret = HITLS_PKCS12_BagAddAttr(keyBag, BSL_CID_FRIENDLYNAME, NULL); // Attribute is null.
1667 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1668
1669 char *name = "friendlyName";
1670 uint32_t nameLen = strlen(name);
1671 buffer.data = (uint8_t *)name;
1672 buffer.dataLen = nameLen;
1673 ret = HITLS_PKCS12_BagAddAttr(NULL, BSL_CID_FRIENDLYNAME, &buffer);
1674 ASSERT_EQ(ret, HITLS_PKCS12_ERR_NULL_POINTER);
1675
1676 ret = HITLS_PKCS12_BagAddAttr(keyBag, BSL_CID_EXTEND, &buffer);
1677 ASSERT_EQ(ret, HITLS_PKCS12_ERR_INVALID_SAFEBAG_ATTRIBUTES);
1678
1679 ret = HITLS_PKCS12_BagAddAttr(keyBag, BSL_CID_FRIENDLYNAME, &buffer);
1680 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1681
1682 ret = HITLS_PKCS12_BagAddAttr(keyBag, BSL_CID_FRIENDLYNAME, &buffer);
1683 ASSERT_EQ(ret, HITLS_X509_ERR_SET_ATTR_REPEAT);
1684 EXIT:
1685 HITLS_PKCS12_BagFree(keyBag);
1686 CRYPT_EAL_PkeyFreeCtx(pkey);
1687 #endif
1688 }
1689 /* END_CASE */
1690
1691
1692 /**
1693 * For test p12-ctrl in invalid params of repeated attributes.
1694 */
1695 /* BEGIN_CASE */
SDV_PKCS12_BAG_TEST_TC003(char * pkeyPath,char * certPath)1696 void SDV_PKCS12_BAG_TEST_TC003(char *pkeyPath, char *certPath)
1697 {
1698 #if !defined(HITLS_CRYPTO_KEY_DECODE) || !defined(HITLS_BSL_SAL_FILE) || !defined(HITLS_PKI_PKCS12_GEN)
1699 (void)pkeyPath;
1700 (void)certPath;
1701 SKIP_TEST();
1702 #else
1703 CRYPT_EAL_PkeyCtx *pkey = NULL;
1704 HITLS_X509_Cert *enCert = NULL;
1705 HITLS_PKCS12_Bag *certBag = NULL;
1706 HITLS_PKCS12_Bag *keyBag = NULL;
1707 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
1708 ASSERT_NE(p12, NULL);
1709 int32_t mdId = CRYPT_MD_SHA1;
1710
1711 int32_t ret = CRYPT_EAL_DecodeFileKey(BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_UNENCRYPT, pkeyPath, NULL, 0, &pkey);
1712 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1713
1714 keyBag = HITLS_PKCS12_BagNew(BSL_CID_PKCS8SHROUDEDKEYBAG, 0, pkey);
1715 ASSERT_NE(keyBag, NULL);
1716
1717 ret = HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, certPath, &enCert);
1718 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1719
1720 certBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, enCert);
1721 ASSERT_NE(certBag, NULL);
1722
1723 uint8_t keyId[32] = {0};
1724 uint32_t idLen = 32;
1725 BSL_Buffer attr = {.data = keyId, .dataLen = idLen};
1726 ret = HITLS_PKCS12_BagAddAttr(certBag, BSL_CID_LOCALKEYID, &attr);
1727 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1728
1729 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_KEYBAG, keyBag, 0);
1730 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1731
1732 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_KEYBAG, keyBag, 0);
1733 ASSERT_EQ(ret, HITLS_PKCS12_ERR_REPEATED_SET_KEY); // Repeat setting.
1734
1735 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, certBag, 0);
1736 ASSERT_EQ(ret, HITLS_PKI_SUCCESS);
1737
1738 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, certBag, 0);
1739 ASSERT_EQ(ret, HITLS_PKCS12_ERR_REPEATED_SET_ENTITYCERT); // Repeat setting.
1740
1741 // The key bag has pushed the localKey-id attribute.
1742 ret = HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, sizeof(CRYPT_MD_AlgId));
1743 ASSERT_EQ(ret, HITLS_X509_ERR_SET_ATTR_REPEAT);
1744
1745 EXIT:
1746 HITLS_PKCS12_Free(p12);
1747 HITLS_X509_CertFree(enCert);
1748 CRYPT_EAL_PkeyFreeCtx(pkey);
1749 HITLS_PKCS12_BagFree(keyBag);
1750 HITLS_PKCS12_BagFree(certBag);
1751 #endif
1752 }
1753 /* END_CASE */
1754
1755 /**
1756 * For test generating a .p12 from reading buffer.
1757 */
1758 /* BEGIN_CASE */
SDV_PKCS12_GEN_FROM_DATA_TC001(char * pkeyPath,char * enCertPath,char * ca1CertPath,char * otherCertPath)1759 void SDV_PKCS12_GEN_FROM_DATA_TC001(char *pkeyPath, char *enCertPath, char *ca1CertPath, char *otherCertPath)
1760 {
1761 #ifndef HITLS_PKI_PKCS12_GEN
1762 (void)pkeyPath;
1763 (void)enCertPath;
1764 (void)ca1CertPath;
1765 (void)otherCertPath;
1766 SKIP_TEST();
1767 #else
1768 TestMemInit();
1769 ASSERT_EQ(TestRandInit(), 0);
1770 char *pwd = "123456";
1771 CRYPT_Pbkdf2Param pbParam = {BSL_CID_PBES2, BSL_CID_PBKDF2, CRYPT_MAC_HMAC_SHA256, CRYPT_CIPHER_AES256_CBC,
1772 16, (uint8_t *)pwd, strlen(pwd), 2048};
1773 CRYPT_EncodeParam encParam = {CRYPT_DERIVE_PBKDF2, &pbParam};
1774 HITLS_PKCS12_KdfParam macParam = {8, 2048, BSL_CID_SHA256, (uint8_t *)pwd, strlen(pwd)};
1775 HITLS_PKCS12_MacParam paramTest = {.para = &macParam, .algId = BSL_CID_PKCS12KDF};
1776 HITLS_PKCS12_EncodeParam encodeParam = {encParam, encParam, paramTest};
1777
1778 #ifdef HITLS_PKI_PKCS12_PARSE
1779 BSL_Buffer encPwd = {.data = (uint8_t *)pwd, .dataLen = strlen(pwd)};
1780 HITLS_PKCS12_PwdParam pwdParam = {.encPwd = &encPwd, .macPwd = &encPwd};
1781 #endif
1782
1783 CRYPT_EAL_PkeyCtx *pkey = NULL;
1784 HITLS_X509_Cert *enCert = NULL;
1785 HITLS_X509_Cert *ca1Cert = NULL;
1786 HITLS_X509_Cert *otherCert = NULL;
1787
1788 HITLS_PKCS12_Bag *pkeyBag = NULL;
1789 HITLS_PKCS12_Bag *encertBag = NULL;
1790 HITLS_PKCS12_Bag *ca1Bag = NULL;
1791 HITLS_PKCS12_Bag *otherCertBag = NULL;
1792
1793 HITLS_X509_Cert *targetCert = NULL;
1794 CRYPT_EAL_PkeyCtx *targetKey = NULL;
1795
1796 char *name = "entity";
1797 uint32_t nameLen = strlen(name);
1798 BSL_Buffer buffer1 = {0};
1799 buffer1.data = (uint8_t *)name;
1800 buffer1.dataLen = nameLen;
1801
1802 char *name1 = "ca1";
1803 uint32_t nameLen1 = strlen(name1);
1804 BSL_Buffer buffer2 = {0};
1805 buffer2.data = (uint8_t *)name1;
1806 buffer2.dataLen = nameLen1;
1807
1808 BSL_Buffer output = {0};
1809
1810 int32_t mdId = CRYPT_MD_SHA1;
1811 HITLS_PKCS12 *p12_1 = NULL;
1812 HITLS_PKCS12 *p12 = HITLS_PKCS12_New();
1813 ASSERT_NE(p12, NULL);
1814
1815 ASSERT_EQ(CRYPT_EAL_DecodeFileKey(BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_UNENCRYPT, pkeyPath, NULL, 0, &pkey), 0);
1816 ASSERT_EQ(HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, enCertPath, &enCert), HITLS_PKI_SUCCESS);
1817 ASSERT_EQ(HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, ca1CertPath, &ca1Cert), HITLS_PKI_SUCCESS);
1818 ASSERT_EQ(HITLS_X509_CertParseFile(BSL_FORMAT_ASN1, otherCertPath, &otherCert), HITLS_PKI_SUCCESS);
1819
1820 pkeyBag = HITLS_PKCS12_BagNew(BSL_CID_PKCS8SHROUDEDKEYBAG, 0, pkey); // new a key Bag
1821 ASSERT_NE(pkeyBag, NULL);
1822
1823 ca1Bag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, ca1Cert); // new a cert Bag
1824 ASSERT_NE(ca1Bag, NULL);
1825
1826 encertBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, enCert); // new a cert Bag
1827 ASSERT_NE(encertBag, NULL);
1828
1829 otherCertBag = HITLS_PKCS12_BagNew(BSL_CID_CERTBAG, BSL_CID_X509CERTIFICATE, otherCert);
1830 ASSERT_NE(otherCertBag, NULL);
1831
1832 // Add a attribute to the keyBag.
1833 ASSERT_EQ(HITLS_PKCS12_BagAddAttr(pkeyBag, BSL_CID_FRIENDLYNAME, &buffer1), 0);
1834 // Add a attribute to the certBag.
1835 ASSERT_EQ(HITLS_PKCS12_BagAddAttr(encertBag, BSL_CID_FRIENDLYNAME, &buffer1), 0);
1836 ASSERT_EQ(HITLS_PKCS12_BagAddAttr(ca1Bag, BSL_CID_FRIENDLYNAME, &buffer2), 0);
1837 // Set entity-key to p12.
1838 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_KEYBAG, pkeyBag, 0), 0);
1839 // Set entity-cert to p12.
1840 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_SET_ENTITY_CERTBAG, encertBag, 0), 0);
1841 // Set ca-cert to p12.
1842 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_ADD_CERTBAG, ca1Bag, 0), 0);
1843 // Set the second cert, which has no attr.
1844 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_ADD_CERTBAG, otherCertBag, 0), 0);
1845 // Cal localKeyId to p12.
1846 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12, HITLS_PKCS12_GEN_LOCALKEYID, &mdId, sizeof(CRYPT_MD_AlgId)), 0);
1847
1848 ASSERT_EQ(HITLS_PKCS12_GenBuff(BSL_FORMAT_ASN1, p12, &encodeParam, true, &output), 0);
1849
1850 #ifdef HITLS_PKI_PKCS12_PARSE
1851 ASSERT_EQ(HITLS_PKCS12_ParseBuff(BSL_FORMAT_ASN1, &output, &pwdParam, &p12_1, true), 0);
1852
1853 // Attempt to get a entity-cert from p12 we parsed.
1854 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12_1, HITLS_PKCS12_GET_ENTITY_CERT, &targetCert, 0), 0);
1855 ASSERT_NE(targetCert, NULL);
1856
1857 ASSERT_EQ(HITLS_PKCS12_Ctrl(p12_1, HITLS_PKCS12_GET_ENTITY_KEY, &targetKey, 0), 0); // Attempt to get a entity-key.
1858 ASSERT_NE(targetKey, NULL);
1859
1860 ASSERT_EQ(BSL_LIST_COUNT(p12_1->certList), 2);
1861 #endif
1862 EXIT:
1863 HITLS_X509_CertFree(targetCert);
1864 CRYPT_EAL_PkeyFreeCtx(targetKey);
1865 HITLS_PKCS12_BagFree(pkeyBag);
1866 HITLS_PKCS12_BagFree(encertBag);
1867 HITLS_PKCS12_BagFree(ca1Bag);
1868 HITLS_PKCS12_BagFree(otherCertBag);
1869 CRYPT_EAL_PkeyFreeCtx(pkey);
1870 HITLS_X509_CertFree(enCert);
1871 HITLS_X509_CertFree(ca1Cert);
1872 HITLS_X509_CertFree(otherCert);
1873 HITLS_PKCS12_Free(p12);
1874 HITLS_PKCS12_Free(p12_1);
1875 BSL_SAL_Free(output.data);
1876 #endif
1877 }
1878 /* END_CASE */