1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13
14 #include <openssl/pkcs12.h>
15 #include <openssl/x509.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/pem.h>
18
19 #include "testutil.h"
20 #include "helpers/pkcs12.h"
21
22 static int default_libctx = 1;
23
24 static OSSL_LIB_CTX *testctx = NULL;
25 static OSSL_PROVIDER *nullprov = NULL;
26 static OSSL_PROVIDER *deflprov = NULL;
27 static OSSL_PROVIDER *lgcyprov = NULL;
28
29 /* --------------------------------------------------------------------------
30 * PKCS12 component test data
31 */
32
33 static const unsigned char CERT1[] = {
34 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
35 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
36 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
37 0x04, 0x03, 0x0c, 0x0e, 0x50, 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x52, 0x6f, 0x6f, 0x74,
38 0x2d, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x30, 0x30, 0x34, 0x36,
39 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x30, 0x30, 0x34, 0x36, 0x35,
40 0x36, 0x5a, 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x50,
41 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2d, 0x31, 0x30,
42 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
43 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c,
44 0x7a, 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1,
45 0xc8, 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84,
46 0x81, 0x16, 0x64, 0x4a, 0x52, 0xa6, 0x30, 0x44, 0xdc, 0x1a, 0x30, 0xde, 0xae, 0x29, 0x18, 0xcf,
47 0xc7, 0xf3, 0xcf, 0x0c, 0xb7, 0x8e, 0x2b, 0x1e, 0x21, 0x01, 0x0b, 0xfb, 0xe5, 0xe6, 0xcf, 0x2b,
48 0x84, 0xe1, 0x33, 0xf8, 0xba, 0x02, 0xfc, 0x30, 0xfa, 0xc4, 0x33, 0xc7, 0x37, 0xc6, 0x7f, 0x72,
49 0x31, 0x92, 0x1d, 0x8f, 0xa0, 0xfb, 0xe5, 0x4a, 0x08, 0x31, 0x78, 0x80, 0x9c, 0x23, 0xb4, 0xe9,
50 0x19, 0x56, 0x04, 0xfa, 0x0d, 0x07, 0x04, 0xb7, 0x43, 0xac, 0x4c, 0x49, 0x7c, 0xc2, 0xa1, 0x44,
51 0xc1, 0x48, 0x7d, 0x28, 0xe5, 0x23, 0x66, 0x07, 0x22, 0xd5, 0xf0, 0xf1, 0x02, 0x03, 0x01, 0x00,
52 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
53 0x80, 0x14, 0xdb, 0xbb, 0xb8, 0x92, 0x4e, 0x24, 0x0b, 0x1b, 0xbb, 0x78, 0x33, 0xf9, 0x01, 0x02,
54 0x23, 0x0d, 0x96, 0x18, 0x30, 0x47, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30,
55 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x0d,
56 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81,
57 0x00, 0x1c, 0x13, 0xdc, 0x02, 0xf1, 0x44, 0x36, 0x65, 0xa9, 0xbe, 0x30, 0x1c, 0x66, 0x14, 0x20,
58 0x86, 0x5a, 0xa8, 0x69, 0x25, 0xf8, 0x1a, 0xb6, 0x9e, 0x5e, 0xe9, 0x89, 0xb8, 0x67, 0x70, 0x19,
59 0x87, 0x60, 0xeb, 0x4b, 0x11, 0x71, 0x85, 0xf8, 0xe9, 0xa7, 0x3e, 0x20, 0x42, 0xec, 0x43, 0x25,
60 0x01, 0x03, 0xe5, 0x4d, 0x83, 0x22, 0xf5, 0x8e, 0x3a, 0x1a, 0x1b, 0xd4, 0x1c, 0xda, 0x6b, 0x9d,
61 0x10, 0x1b, 0xee, 0x67, 0x4e, 0x1f, 0x69, 0xab, 0xbc, 0xaa, 0x62, 0x8e, 0x9e, 0xc6, 0xee, 0xd6,
62 0x09, 0xc0, 0xca, 0xe0, 0xaa, 0x9f, 0x07, 0xb2, 0xc2, 0xbb, 0x31, 0x96, 0xa2, 0x04, 0x62, 0xd3,
63 0x13, 0x32, 0x29, 0x67, 0x6e, 0xad, 0x2e, 0x0b, 0xea, 0x04, 0x7c, 0x8c, 0x5a, 0x5d, 0xac, 0x14,
64 0xaa, 0x61, 0x7f, 0x28, 0x6c, 0x2d, 0x64, 0x2d, 0xc3, 0xaf, 0x77, 0x52, 0x90, 0xb4, 0x37, 0xc0,
65 0x30,
66 };
67
68 static const unsigned char CERT2[] = {
69 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
70 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
71 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
72 0x04, 0x03, 0x0c, 0x0e, 0x50, 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x52, 0x6f, 0x6f, 0x74,
73 0x2d, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x30, 0x30, 0x34, 0x36,
74 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x30, 0x30, 0x34, 0x36, 0x35,
75 0x36, 0x5a, 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x50,
76 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2d, 0x31, 0x30,
77 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
78 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86,
79 0x9f, 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35,
80 0x4d, 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8,
81 0xa5, 0x96, 0x30, 0x03, 0xc5, 0xc6, 0xd9, 0xa8, 0x4e, 0xbc, 0x23, 0x51, 0xa1, 0x96, 0xd2, 0x03,
82 0x98, 0x73, 0xb6, 0x17, 0x9c, 0x77, 0xd4, 0x95, 0x1e, 0x1b, 0xb3, 0x1b, 0xc8, 0x71, 0xd1, 0x2e,
83 0x31, 0xc7, 0x6a, 0x75, 0x57, 0x08, 0x7f, 0xba, 0x70, 0x76, 0xf7, 0x67, 0xf4, 0x4e, 0xbe, 0xfc,
84 0x70, 0x61, 0x41, 0x07, 0x2b, 0x7c, 0x3c, 0x3b, 0xb3, 0xbc, 0xd5, 0xa8, 0xbd, 0x28, 0xd8, 0x49,
85 0xd3, 0xe1, 0x78, 0xc8, 0xc1, 0x42, 0x5e, 0x18, 0x36, 0xa8, 0x41, 0xf7, 0xc8, 0xaa, 0x35, 0xfe,
86 0x2d, 0xd1, 0xb4, 0xcc, 0x00, 0x67, 0xae, 0x79, 0xd3, 0x28, 0xd5, 0x5b, 0x02, 0x03, 0x01, 0x00,
87 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
88 0x80, 0x14, 0xdb, 0xbb, 0xb8, 0x92, 0x4e, 0x24, 0x0b, 0x1b, 0xbb, 0x78, 0x33, 0xf9, 0x01, 0x02,
89 0x23, 0x0d, 0x96, 0x18, 0x30, 0x47, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30,
90 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x0d,
91 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81,
92 0x00, 0x3b, 0xa6, 0x73, 0xbe, 0xe0, 0x28, 0xed, 0x1f, 0x29, 0x78, 0x4c, 0xc0, 0x1f, 0xe9, 0x85,
93 0xc6, 0x8f, 0xe3, 0x87, 0x7c, 0xd9, 0xe7, 0x0a, 0x37, 0xe8, 0xaa, 0xb5, 0xd2, 0x7f, 0xf8, 0x90,
94 0x20, 0x80, 0x35, 0xa7, 0x79, 0x2b, 0x04, 0xa7, 0xbf, 0xe6, 0x7b, 0x58, 0xcb, 0xec, 0x0e, 0x58,
95 0xef, 0x2a, 0x70, 0x8a, 0x56, 0x8a, 0xcf, 0x6b, 0x7a, 0x74, 0x0c, 0xf4, 0x15, 0x37, 0x93, 0xcd,
96 0xe6, 0xb2, 0xa1, 0x83, 0x09, 0xdb, 0x9e, 0x4f, 0xff, 0x6a, 0x17, 0x4f, 0x33, 0xc9, 0xcc, 0x90,
97 0x2a, 0x67, 0xff, 0x16, 0x78, 0xa8, 0x2c, 0x10, 0xe0, 0x52, 0x8c, 0xe6, 0xe9, 0x90, 0x8d, 0xe0,
98 0x62, 0x04, 0x9a, 0x0f, 0x44, 0x01, 0x82, 0x14, 0x92, 0x44, 0x25, 0x69, 0x22, 0xb7, 0xb8, 0xc5,
99 0x94, 0x4c, 0x4b, 0x1c, 0x9b, 0x92, 0x60, 0x66, 0x90, 0x4e, 0xb9, 0xa8, 0x4c, 0x89, 0xbb, 0x0f,
100 0x0b,
101 };
102
103 static const unsigned char KEY1[] = {
104 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c, 0x7a,
105 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1, 0xc8,
106 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84, 0x81,
107 0x16, 0x64, 0x4a, 0x52, 0xa6, 0x30, 0x44, 0xdc, 0x1a, 0x30, 0xde, 0xae, 0x29, 0x18, 0xcf, 0xc7,
108 0xf3, 0xcf, 0x0c, 0xb7, 0x8e, 0x2b, 0x1e, 0x21, 0x01, 0x0b, 0xfb, 0xe5, 0xe6, 0xcf, 0x2b, 0x84,
109 0xe1, 0x33, 0xf8, 0xba, 0x02, 0xfc, 0x30, 0xfa, 0xc4, 0x33, 0xc7, 0x37, 0xc6, 0x7f, 0x72, 0x31,
110 0x92, 0x1d, 0x8f, 0xa0, 0xfb, 0xe5, 0x4a, 0x08, 0x31, 0x78, 0x80, 0x9c, 0x23, 0xb4, 0xe9, 0x19,
111 0x56, 0x04, 0xfa, 0x0d, 0x07, 0x04, 0xb7, 0x43, 0xac, 0x4c, 0x49, 0x7c, 0xc2, 0xa1, 0x44, 0xc1,
112 0x48, 0x7d, 0x28, 0xe5, 0x23, 0x66, 0x07, 0x22, 0xd5, 0xf0, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01,
113 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6d, 0xf9, 0x8f, 0xf5, 0x5a, 0xa3, 0x50, 0xd9, 0x0d, 0x37, 0xbb,
114 0xce, 0x13, 0x94, 0xb8, 0xea, 0x32, 0x7f, 0x0c, 0xf5, 0x46, 0x0b, 0x90, 0x17, 0x7e, 0x5e, 0x63,
115 0xbd, 0xa4, 0x78, 0xcd, 0x19, 0x97, 0xd4, 0x92, 0x30, 0x78, 0xaa, 0xb4, 0xa7, 0x9c, 0xc6, 0xdf,
116 0x2a, 0x65, 0x0e, 0xb5, 0x9f, 0x9c, 0x84, 0x0d, 0x4d, 0x3a, 0x74, 0xfc, 0xd0, 0xb4, 0x09, 0x74,
117 0xc4, 0xb8, 0x24, 0x03, 0xa8, 0xf0, 0xf8, 0x0d, 0x5c, 0x8e, 0xdf, 0x4b, 0xe1, 0x0a, 0x8f, 0x4f,
118 0xd5, 0xc7, 0x9b, 0x54, 0x55, 0x8f, 0x00, 0x5c, 0xea, 0x4c, 0x73, 0xf9, 0x1b, 0xbf, 0xb8, 0x93,
119 0x33, 0x20, 0xce, 0x45, 0xd9, 0x03, 0x02, 0xb2, 0x36, 0xc5, 0x0a, 0x30, 0x50, 0x78, 0x80, 0x66,
120 0x00, 0x22, 0x38, 0x86, 0xcf, 0x63, 0x4a, 0x5c, 0xbf, 0x2b, 0xd9, 0x6e, 0xe6, 0xf0, 0x39, 0xad,
121 0x12, 0x25, 0x41, 0xb9, 0x02, 0x41, 0x00, 0xf3, 0x7c, 0x07, 0x99, 0x64, 0x3a, 0x28, 0x8c, 0x8d,
122 0x05, 0xfe, 0x32, 0xb5, 0x4c, 0x8c, 0x6d, 0xde, 0x3d, 0x16, 0x08, 0xa0, 0x01, 0x61, 0x4f, 0x8e,
123 0xa0, 0xf7, 0x26, 0x26, 0xb5, 0x8e, 0xc0, 0x7a, 0xce, 0x86, 0x34, 0xde, 0xb8, 0xef, 0x86, 0x01,
124 0xbe, 0x24, 0xaa, 0x9b, 0x36, 0x93, 0x72, 0x9b, 0xf9, 0xc6, 0xcb, 0x76, 0x84, 0x67, 0x06, 0x06,
125 0x30, 0x50, 0xdf, 0x42, 0x17, 0xe0, 0xa7, 0x02, 0x41, 0x00, 0xc6, 0x91, 0xa0, 0x41, 0x34, 0x11,
126 0x67, 0x4b, 0x08, 0x0f, 0xda, 0xa7, 0x99, 0xec, 0x58, 0x11, 0xa5, 0x82, 0xdb, 0x50, 0xfe, 0x77,
127 0xe2, 0xd1, 0x53, 0x9c, 0x7d, 0xe8, 0xbf, 0xe7, 0x7c, 0xa9, 0x01, 0xb1, 0x87, 0xc3, 0x52, 0x79,
128 0x9e, 0x2c, 0xa7, 0x6f, 0x02, 0x37, 0x32, 0xef, 0x24, 0x31, 0x21, 0x0b, 0x86, 0x05, 0x32, 0x4a,
129 0x2e, 0x0b, 0x65, 0x05, 0xd3, 0xd6, 0x30, 0xb2, 0xfc, 0xa7, 0x02, 0x41, 0x00, 0xc2, 0xed, 0x31,
130 0xdc, 0x40, 0x9c, 0x3a, 0xe8, 0x42, 0xe2, 0x60, 0x5e, 0x52, 0x3c, 0xc5, 0x54, 0x14, 0x0e, 0x8d,
131 0x7c, 0x3c, 0x34, 0xbe, 0xa6, 0x05, 0x86, 0xa2, 0x36, 0x5d, 0xd9, 0x0e, 0x3e, 0xd4, 0x52, 0x50,
132 0xa9, 0x35, 0x01, 0x93, 0x68, 0x92, 0x2e, 0x9a, 0x86, 0x27, 0x1a, 0xab, 0x32, 0x9e, 0xe2, 0x79,
133 0x9f, 0x5b, 0xf3, 0xa5, 0xd2, 0xf1, 0xd3, 0x6e, 0x7b, 0x3e, 0x1b, 0x85, 0x93, 0x02, 0x40, 0x68,
134 0xb8, 0xb6, 0x7e, 0x8c, 0xba, 0x3c, 0xf2, 0x8a, 0x2e, 0xea, 0x4f, 0x07, 0xd3, 0x68, 0x62, 0xee,
135 0x1a, 0x04, 0x16, 0x44, 0x0d, 0xef, 0xf6, 0x1b, 0x95, 0x65, 0xa5, 0xd1, 0x47, 0x81, 0x2c, 0x14,
136 0xb3, 0x8e, 0xf9, 0x08, 0xcf, 0x11, 0x07, 0x55, 0xca, 0x2a, 0xad, 0xf7, 0xd3, 0xbd, 0x0f, 0x97,
137 0xf0, 0xde, 0xde, 0x70, 0xb6, 0x44, 0x70, 0x47, 0xf7, 0xf9, 0xcf, 0x75, 0x61, 0x7f, 0xf3, 0x02,
138 0x40, 0x38, 0x4a, 0x67, 0xaf, 0xae, 0xb6, 0xb2, 0x6a, 0x00, 0x25, 0x5a, 0xa4, 0x65, 0x20, 0xb1,
139 0x13, 0xbd, 0x83, 0xff, 0xb4, 0xbc, 0xf4, 0xdd, 0xa1, 0xbb, 0x1c, 0x96, 0x37, 0x35, 0xf4, 0xbf,
140 0xed, 0x4c, 0xed, 0x92, 0xe8, 0xac, 0xc9, 0xc1, 0xa5, 0xa3, 0x23, 0x66, 0x40, 0x8a, 0xa1, 0xe6,
141 0xe3, 0x95, 0xfe, 0xc4, 0x53, 0xf5, 0x7d, 0x6e, 0xca, 0x45, 0x42, 0xe4, 0xc2, 0x9f, 0xe5, 0x1e,
142 0xb5,
143 };
144
145
146 static const unsigned char KEY2[] = {
147 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86, 0x9f,
148 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35, 0x4d,
149 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8, 0xa5,
150 0x96, 0x30, 0x03, 0xc5, 0xc6, 0xd9, 0xa8, 0x4e, 0xbc, 0x23, 0x51, 0xa1, 0x96, 0xd2, 0x03, 0x98,
151 0x73, 0xb6, 0x17, 0x9c, 0x77, 0xd4, 0x95, 0x1e, 0x1b, 0xb3, 0x1b, 0xc8, 0x71, 0xd1, 0x2e, 0x31,
152 0xc7, 0x6a, 0x75, 0x57, 0x08, 0x7f, 0xba, 0x70, 0x76, 0xf7, 0x67, 0xf4, 0x4e, 0xbe, 0xfc, 0x70,
153 0x61, 0x41, 0x07, 0x2b, 0x7c, 0x3c, 0x3b, 0xb3, 0xbc, 0xd5, 0xa8, 0xbd, 0x28, 0xd8, 0x49, 0xd3,
154 0xe1, 0x78, 0xc8, 0xc1, 0x42, 0x5e, 0x18, 0x36, 0xa8, 0x41, 0xf7, 0xc8, 0xaa, 0x35, 0xfe, 0x2d,
155 0xd1, 0xb4, 0xcc, 0x00, 0x67, 0xae, 0x79, 0xd3, 0x28, 0xd5, 0x5b, 0x02, 0x03, 0x01, 0x00, 0x01,
156 0x02, 0x81, 0x81, 0x00, 0xa6, 0x00, 0x83, 0xf8, 0x2b, 0x33, 0xac, 0xfb, 0xdb, 0xf0, 0x52, 0x4b,
157 0xd6, 0x39, 0xe3, 0x94, 0x3d, 0x8d, 0xa9, 0x01, 0xb0, 0x6b, 0xbe, 0x7f, 0x10, 0x01, 0xb6, 0xcd,
158 0x0a, 0x45, 0x0a, 0xca, 0x67, 0x8e, 0xd8, 0x29, 0x44, 0x8a, 0x51, 0xa8, 0x66, 0x35, 0x26, 0x30,
159 0x8b, 0xe9, 0x41, 0xa6, 0x22, 0xec, 0xd2, 0xf0, 0x58, 0x41, 0x33, 0x26, 0xf2, 0x3f, 0xe8, 0x75,
160 0x4f, 0xc7, 0x5d, 0x2e, 0x5a, 0xa8, 0x7a, 0xd2, 0xbf, 0x59, 0xa0, 0x86, 0x79, 0x0b, 0x92, 0x6c,
161 0x95, 0x5d, 0x87, 0x63, 0x5c, 0xd6, 0x1a, 0xc0, 0xf6, 0x7a, 0x15, 0x8d, 0xc7, 0x3c, 0xb6, 0x9e,
162 0xa6, 0x58, 0x46, 0x9b, 0xbf, 0x3e, 0x28, 0x8c, 0xdf, 0x1a, 0x87, 0xaa, 0x7e, 0xf5, 0xf2, 0xcb,
163 0x5e, 0x84, 0x2d, 0xf6, 0x82, 0x7e, 0x89, 0x4e, 0xf5, 0xe6, 0x3c, 0x92, 0x80, 0x1e, 0x98, 0x1c,
164 0x6a, 0x7b, 0x57, 0x01, 0x02, 0x41, 0x00, 0xdd, 0x60, 0x95, 0xd7, 0xa1, 0x9d, 0x0c, 0xa1, 0x84,
165 0xc5, 0x39, 0xca, 0x67, 0x4c, 0x1c, 0x06, 0x71, 0x5b, 0x5c, 0x2d, 0x8d, 0xce, 0xcd, 0xe2, 0x79,
166 0xc8, 0x33, 0xbe, 0x50, 0x37, 0x60, 0x9f, 0x3b, 0xb9, 0x59, 0x55, 0x22, 0x1f, 0xa5, 0x4b, 0x1d,
167 0xca, 0x38, 0xa0, 0xab, 0x87, 0x9c, 0x86, 0x0e, 0xdb, 0x1c, 0x4f, 0x4f, 0x07, 0xed, 0x18, 0x3f,
168 0x05, 0x3c, 0xec, 0x78, 0x11, 0xf6, 0x99, 0x02, 0x41, 0x00, 0xc2, 0xc5, 0xcf, 0xbe, 0x95, 0x91,
169 0xeb, 0xcf, 0x47, 0xf3, 0x33, 0x32, 0xc7, 0x7e, 0x93, 0x56, 0xf7, 0xd8, 0xf9, 0xd4, 0xb6, 0xd6,
170 0x20, 0xac, 0xba, 0x8a, 0x20, 0x19, 0x14, 0xab, 0xc5, 0x5d, 0xb2, 0x08, 0xcc, 0x77, 0x7c, 0x65,
171 0xa8, 0xdb, 0x66, 0x97, 0x36, 0x44, 0x2c, 0x63, 0xc0, 0x6a, 0x7e, 0xb0, 0x0b, 0x5c, 0x90, 0x12,
172 0x50, 0xb4, 0x36, 0x60, 0xc3, 0x1f, 0x22, 0x0c, 0xc8, 0x13, 0x02, 0x40, 0x33, 0xc8, 0x7e, 0x04,
173 0x7c, 0x97, 0x61, 0xf6, 0xfe, 0x39, 0xac, 0x34, 0xfe, 0x48, 0xbd, 0x5d, 0x7c, 0x72, 0xa4, 0x73,
174 0x3b, 0x72, 0x9e, 0x92, 0x55, 0x6e, 0x51, 0x3c, 0x39, 0x43, 0x5a, 0xe4, 0xa4, 0x71, 0xcc, 0xc5,
175 0xaf, 0x3f, 0xbb, 0xc8, 0x80, 0x65, 0x67, 0x2d, 0x9e, 0x32, 0x10, 0x99, 0x03, 0x2c, 0x99, 0xc8,
176 0xab, 0x71, 0xed, 0x31, 0xf8, 0xbb, 0xde, 0xee, 0x69, 0x7f, 0xba, 0x31, 0x02, 0x40, 0x7e, 0xbc,
177 0x60, 0x55, 0x4e, 0xd5, 0xc8, 0x6e, 0xf4, 0x0e, 0x57, 0xbe, 0x2e, 0xf9, 0x39, 0xbe, 0x59, 0x3f,
178 0xa2, 0x30, 0xbb, 0x57, 0xd1, 0xa3, 0x13, 0x2e, 0x55, 0x7c, 0x7c, 0x6a, 0xd8, 0xde, 0x02, 0xbe,
179 0x9e, 0xed, 0x10, 0xd0, 0xc5, 0x73, 0x1d, 0xea, 0x3e, 0xb1, 0x55, 0x81, 0x02, 0xef, 0x48, 0xc8,
180 0x1c, 0x5c, 0x7a, 0x92, 0xb0, 0x58, 0xd3, 0x19, 0x5b, 0x5d, 0xa2, 0xb6, 0x56, 0x69, 0x02, 0x40,
181 0x1e, 0x00, 0x6a, 0x9f, 0xba, 0xee, 0x46, 0x5a, 0xc5, 0xb5, 0x9f, 0x91, 0x33, 0xdd, 0xc9, 0x96,
182 0x75, 0xb7, 0x87, 0xcf, 0x18, 0x1c, 0xb7, 0xb9, 0x3f, 0x04, 0x10, 0xb8, 0x75, 0xa9, 0xb8, 0xa0,
183 0x31, 0x35, 0x03, 0x30, 0x89, 0xc8, 0x37, 0x68, 0x20, 0x30, 0x99, 0x39, 0x96, 0xd6, 0x2b, 0x3d,
184 0x5e, 0x45, 0x84, 0xf7, 0xd2, 0x61, 0x50, 0xc9, 0x50, 0xba, 0x8d, 0x08, 0xaa, 0xd0, 0x08, 0x1e,
185 };
186
187
188 static const PKCS12_ATTR ATTRS1[] = {
189 { "friendlyName", "george" },
190 { "localKeyID", "1234567890" },
191 { "1.2.3.4.5", "MyCustomAttribute" },
192 { NULL, NULL }
193 };
194
195 static const PKCS12_ATTR ATTRS2[] = {
196 { "friendlyName", "janet" },
197 { "localKeyID", "987654321" },
198 { "1.2.3.5.8.13", "AnotherCustomAttribute" },
199 { NULL, NULL }
200 };
201
202 static const PKCS12_ATTR ATTRS3[] = {
203 { "friendlyName", "wildduk" },
204 { "localKeyID", "1122334455" },
205 { "oracle-jdk-trustedkeyusage", "anyExtendedKeyUsage" },
206 { NULL, NULL }
207 };
208
209 static const PKCS12_ATTR ATTRS4[] = {
210 { "friendlyName", "wildduk" },
211 { "localKeyID", "1122334455" },
212 { NULL, NULL }
213 };
214
215 static const PKCS12_ENC enc_default = {
216 #ifndef OPENSSL_NO_DES
217 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
218 #else
219 NID_aes_128_cbc,
220 #endif
221 "Password1",
222 1000
223 };
224
225 static const PKCS12_ENC mac_default = {
226 NID_sha1,
227 "Password1",
228 1000
229 };
230
231 static const int enc_nids_all[] = {
232 /* NOTE: To use PBES2 we pass the desired cipher NID instead of NID_pbes2 */
233 NID_aes_128_cbc,
234 NID_aes_256_cbc,
235 #ifndef OPENSSL_NO_DES
236 NID_des_ede3_cbc,
237 NID_des_cbc,
238 #endif
239 #ifndef OPENSSL_NO_RC5
240 NID_rc5_cbc,
241 #endif
242 #ifndef OPENSSL_NO_RC4
243 NID_rc4,
244 #endif
245 #ifndef OPENSSL_NO_RC2
246 NID_rc2_cbc,
247 #endif
248
249 #ifndef OPENSSL_NO_MD2
250 # ifndef OPENSSL_NO_DES
251 NID_pbeWithMD2AndDES_CBC,
252 # endif
253 # ifndef OPENSSL_NO_RC2
254 NID_pbeWithMD2AndRC2_CBC,
255 # endif
256 #endif
257
258 #ifndef OPENSSL_NO_MD5
259 # ifndef OPENSSL_NO_DES
260 NID_pbeWithMD5AndDES_CBC,
261 # endif
262 # ifndef OPENSSL_NO_RC2
263 NID_pbeWithMD5AndRC2_CBC,
264 # endif
265 #endif
266 #ifndef OPENSSL_NO_DES
267 NID_pbeWithSHA1AndDES_CBC,
268 #endif
269 #ifndef OPENSSL_NO_RC2
270 NID_pbe_WithSHA1And128BitRC2_CBC,
271 NID_pbe_WithSHA1And40BitRC2_CBC,
272 NID_pbeWithSHA1AndRC2_CBC,
273 #endif
274 #ifndef OPENSSL_NO_RC4
275 NID_pbe_WithSHA1And128BitRC4,
276 NID_pbe_WithSHA1And40BitRC4,
277 #endif
278 #ifndef OPENSSL_NO_DES
279 NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
280 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
281 #endif
282 };
283
284 static const int enc_nids_no_legacy[] = {
285 /* NOTE: To use PBES2 we pass the desired cipher NID instead of NID_pbes2 */
286 NID_aes_128_cbc,
287 NID_aes_256_cbc,
288 #ifndef OPENSSL_NO_DES
289 NID_des_ede3_cbc,
290 NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
291 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
292 #endif
293 };
294
295 static const int mac_nids[] = {
296 NID_sha1,
297 NID_md5,
298 NID_sha256,
299 NID_sha512,
300 NID_sha3_256,
301 NID_sha3_512
302 };
303
304 static const int iters[] = {
305 1,
306 1000
307 };
308
309 static const char *passwords[] = {
310 "Password1",
311 "",
312 };
313
314 /* --------------------------------------------------------------------------
315 * Local functions
316 */
317
get_custom_oid(void)318 static int get_custom_oid(void)
319 {
320 static int sec_nid = -1;
321
322 if (sec_nid != -1)
323 return sec_nid;
324 if (!TEST_true(OBJ_create("1.3.5.7.9", "CustomSecretOID", "My custom secret OID")))
325 return -1;
326 return sec_nid = OBJ_txt2nid("CustomSecretOID");
327 }
328
329
330 /* --------------------------------------------------------------------------
331 * PKCS12 format tests
332 */
333
test_single_cert_no_attrs(void)334 static int test_single_cert_no_attrs(void)
335 {
336 PKCS12_BUILDER *pb = new_pkcs12_builder("1cert.p12");
337
338 /* Generate/encode */
339 start_pkcs12(pb);
340
341 start_contentinfo(pb);
342
343 add_certbag(pb, CERT1, sizeof(CERT1), NULL);
344
345 end_contentinfo(pb);
346
347 end_pkcs12(pb);
348
349 /* Read/decode */
350 start_check_pkcs12(pb);
351
352 start_check_contentinfo(pb);
353
354 check_certbag(pb, CERT1, sizeof(CERT1), NULL);
355
356 end_check_contentinfo(pb);
357
358 end_check_pkcs12(pb);
359
360 return end_pkcs12_builder(pb);
361 }
362
test_single_key(PKCS12_ENC * enc)363 static int test_single_key(PKCS12_ENC *enc)
364 {
365 char fname[80];
366 PKCS12_BUILDER *pb;
367
368 BIO_snprintf(fname, sizeof(fname), "1key_ciph-%s_iter-%d.p12",
369 OBJ_nid2sn(enc->nid), enc->iter);
370
371 pb = new_pkcs12_builder(fname);
372
373 /* Generate/encode */
374 start_pkcs12(pb);
375
376 start_contentinfo(pb);
377
378 add_keybag(pb, KEY1, sizeof(KEY1), NULL, enc);
379
380 end_contentinfo(pb);
381
382 end_pkcs12(pb);
383
384 /* Read/decode */
385 start_check_pkcs12(pb);
386
387 start_check_contentinfo(pb);
388
389 check_keybag(pb, KEY1, sizeof(KEY1), NULL, enc);
390
391 end_check_contentinfo(pb);
392
393 end_check_pkcs12(pb);
394
395 return end_pkcs12_builder(pb);
396 }
397
test_single_key_enc_alg(int z)398 static int test_single_key_enc_alg(int z)
399 {
400 PKCS12_ENC enc;
401
402 if (lgcyprov == NULL)
403 enc.nid = enc_nids_no_legacy[z];
404 else
405 enc.nid = enc_nids_all[z];
406 enc.pass = enc_default.pass;
407 enc.iter = enc_default.iter;
408
409 return test_single_key(&enc);
410 }
411
test_single_key_enc_pass(int z)412 static int test_single_key_enc_pass(int z)
413 {
414 PKCS12_ENC enc;
415
416 enc.nid = enc_default.nid;
417 enc.pass = passwords[z];
418 enc.iter = enc_default.iter;
419
420 return test_single_key(&enc);
421 }
422
test_single_key_enc_iter(int z)423 static int test_single_key_enc_iter(int z)
424 {
425 PKCS12_ENC enc;
426
427 enc.nid = enc_default.nid;
428 enc.pass = enc_default.pass;
429 enc.iter = iters[z];
430
431 return test_single_key(&enc);
432 }
433
test_single_key_with_attrs(void)434 static int test_single_key_with_attrs(void)
435 {
436 PKCS12_BUILDER *pb = new_pkcs12_builder("1keyattrs.p12");
437
438 /* Generate/encode */
439 start_pkcs12(pb);
440
441 start_contentinfo(pb);
442
443 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
444
445 end_contentinfo(pb);
446
447 end_pkcs12(pb);
448
449 /* Read/decode */
450 start_check_pkcs12(pb);
451
452 start_check_contentinfo(pb);
453
454 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
455
456 end_check_contentinfo(pb);
457
458 end_check_pkcs12(pb);
459
460 return end_pkcs12_builder(pb);
461 }
462
test_single_cert_mac(PKCS12_ENC * mac)463 static int test_single_cert_mac(PKCS12_ENC *mac)
464 {
465 char fname[80];
466 PKCS12_BUILDER *pb;
467
468 BIO_snprintf(fname, sizeof(fname), "1cert_mac-%s_iter-%d.p12",
469 OBJ_nid2sn(mac->nid), mac->iter);
470
471 pb = new_pkcs12_builder(fname);
472
473 /* Generate/encode */
474 start_pkcs12(pb);
475
476 start_contentinfo(pb);
477
478 add_certbag(pb, CERT1, sizeof(CERT1), NULL);
479
480 end_contentinfo(pb);
481
482 end_pkcs12_with_mac(pb, mac);
483
484 /* Read/decode */
485 start_check_pkcs12_with_mac(pb, mac);
486
487 start_check_contentinfo(pb);
488
489 check_certbag(pb, CERT1, sizeof(CERT1), NULL);
490
491 end_check_contentinfo(pb);
492
493 end_check_pkcs12(pb);
494
495 return end_pkcs12_builder(pb);
496 }
497
test_single_cert_mac_alg(int z)498 static int test_single_cert_mac_alg(int z)
499 {
500 PKCS12_ENC mac;
501
502 mac.nid = mac_nids[z];
503 mac.pass = mac_default.pass;
504 mac.iter = mac_default.iter;
505
506 return test_single_cert_mac(&mac);
507 }
508
test_single_cert_mac_pass(int z)509 static int test_single_cert_mac_pass(int z)
510 {
511 PKCS12_ENC mac;
512
513 mac.nid = mac_default.nid;
514 mac.pass = passwords[z];
515 mac.iter = mac_default.iter;
516
517 return test_single_cert_mac(&mac);
518 }
519
test_single_cert_mac_iter(int z)520 static int test_single_cert_mac_iter(int z)
521 {
522 PKCS12_ENC mac;
523
524 mac.nid = mac_default.nid;
525 mac.pass = mac_default.pass;
526 mac.iter = iters[z];
527
528 return test_single_cert_mac(&mac);
529 }
530
test_cert_key_with_attrs_and_mac(void)531 static int test_cert_key_with_attrs_and_mac(void)
532 {
533 PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key.p12");
534
535 /* Generate/encode */
536 start_pkcs12(pb);
537
538 start_contentinfo(pb);
539
540 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
541 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
542
543 end_contentinfo(pb);
544
545 end_pkcs12_with_mac(pb, &mac_default);
546
547 /* Read/decode */
548 start_check_pkcs12_with_mac(pb, &mac_default);
549
550 start_check_contentinfo(pb);
551
552 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
553 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
554
555 end_check_contentinfo(pb);
556
557 end_check_pkcs12(pb);
558
559 return end_pkcs12_builder(pb);
560 }
561
test_cert_key_encrypted_content(void)562 static int test_cert_key_encrypted_content(void)
563 {
564 PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key_enc.p12");
565
566 /* Generate/encode */
567 start_pkcs12(pb);
568
569 start_contentinfo(pb);
570
571 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
572 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
573
574 end_contentinfo_encrypted(pb, &enc_default);
575
576 end_pkcs12_with_mac(pb, &mac_default);
577
578 /* Read/decode */
579 start_check_pkcs12_with_mac(pb, &mac_default);
580
581 start_check_contentinfo_encrypted(pb, &enc_default);
582
583 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
584 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
585
586 end_check_contentinfo(pb);
587
588 end_check_pkcs12(pb);
589
590 return end_pkcs12_builder(pb);
591 }
592
test_single_secret_encrypted_content(void)593 static int test_single_secret_encrypted_content(void)
594 {
595 PKCS12_BUILDER *pb = new_pkcs12_builder("1secret.p12");
596 int custom_nid = get_custom_oid();
597
598 /* Generate/encode */
599 start_pkcs12(pb);
600
601 start_contentinfo(pb);
602
603 add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
604
605 end_contentinfo_encrypted(pb, &enc_default);
606
607 end_pkcs12_with_mac(pb, &mac_default);
608
609 /* Read/decode */
610 start_check_pkcs12_with_mac(pb, &mac_default);
611
612 start_check_contentinfo_encrypted(pb, &enc_default);
613
614 check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
615
616 end_check_contentinfo(pb);
617
618 end_check_pkcs12(pb);
619
620 return end_pkcs12_builder(pb);
621 }
622
test_single_secret(PKCS12_ENC * enc)623 static int test_single_secret(PKCS12_ENC *enc)
624 {
625 int custom_nid;
626 char fname[80];
627 PKCS12_BUILDER *pb;
628
629 BIO_snprintf(fname, sizeof(fname), "1secret_ciph-%s_iter-%d.p12",
630 OBJ_nid2sn(enc->nid), enc->iter);
631 pb = new_pkcs12_builder(fname);
632 custom_nid = get_custom_oid();
633
634 /* Generate/encode */
635 start_pkcs12(pb);
636
637 start_contentinfo(pb);
638
639 add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
640
641 end_contentinfo_encrypted(pb, enc);
642
643 end_pkcs12_with_mac(pb, &mac_default);
644
645 /* Read/decode */
646 start_check_pkcs12_with_mac(pb, &mac_default);
647
648 start_check_contentinfo_encrypted(pb, enc);
649
650 check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
651
652 end_check_contentinfo(pb);
653
654 end_check_pkcs12(pb);
655
656 return end_pkcs12_builder(pb);
657 }
658
test_single_secret_enc_alg(int z)659 static int test_single_secret_enc_alg(int z)
660 {
661 PKCS12_ENC enc;
662
663 if (lgcyprov == NULL)
664 enc.nid = enc_nids_no_legacy[z];
665 else
666 enc.nid = enc_nids_all[z];
667 enc.pass = enc_default.pass;
668 enc.iter = enc_default.iter;
669
670 return test_single_secret(&enc);
671 }
672
test_multiple_contents(void)673 static int test_multiple_contents(void)
674 {
675 PKCS12_BUILDER *pb = new_pkcs12_builder("multi_contents.p12");
676 int custom_nid = get_custom_oid();
677
678 /* Generate/encode */
679 start_pkcs12(pb);
680
681 start_contentinfo(pb);
682
683 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
684 add_certbag(pb, CERT2, sizeof(CERT2), ATTRS2);
685 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
686 add_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default);
687
688 end_contentinfo(pb);
689
690 start_contentinfo(pb);
691
692 add_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1);
693
694 end_contentinfo_encrypted(pb, &enc_default);
695
696 end_pkcs12_with_mac(pb, &mac_default);
697
698 /* Read/decode */
699 start_check_pkcs12_with_mac(pb, &mac_default);
700
701 start_check_contentinfo(pb);
702
703 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
704 check_certbag(pb, CERT2, sizeof(CERT2), ATTRS2);
705 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
706 check_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default);
707
708 end_check_contentinfo(pb);
709
710 start_check_contentinfo_encrypted(pb, &enc_default);
711
712 check_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1);
713
714 end_check_contentinfo(pb);
715
716 end_check_pkcs12(pb);
717
718 return end_pkcs12_builder(pb);
719 }
720
test_jdk_trusted_attr(void)721 static int test_jdk_trusted_attr(void)
722 {
723 PKCS12_BUILDER *pb = new_pkcs12_builder("jdk_trusted.p12");
724
725 /* Generate/encode */
726 start_pkcs12(pb);
727
728 start_contentinfo(pb);
729
730 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS3);
731
732 end_contentinfo(pb);
733
734 end_pkcs12_with_mac(pb, &mac_default);
735
736 /* Read/decode */
737 start_check_pkcs12_with_mac(pb, &mac_default);
738
739 start_check_contentinfo(pb);
740
741 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS3);
742
743 end_check_contentinfo(pb);
744
745 end_check_pkcs12(pb);
746
747 return end_pkcs12_builder(pb);
748 }
749
test_set0_attrs(void)750 static int test_set0_attrs(void)
751 {
752 PKCS12_BUILDER *pb = new_pkcs12_builder("attrs.p12");
753 PKCS12_SAFEBAG *bag = NULL;
754 STACK_OF(X509_ATTRIBUTE) *attrs = NULL;
755 X509_ATTRIBUTE *attr = NULL;
756
757 start_pkcs12(pb);
758
759 start_contentinfo(pb);
760
761 /* Add cert and attrs (name/locakkey only) */
762 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS4);
763
764 bag = sk_PKCS12_SAFEBAG_value(pb->bags, 0);
765 attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
766
767 /* Create new attr, add to list and confirm return attrs is not NULL */
768 attr = X509_ATTRIBUTE_create(NID_oracle_jdk_trustedkeyusage, V_ASN1_OBJECT, OBJ_txt2obj("anyExtendedKeyUsage", 0));
769 X509at_add1_attr(&attrs, attr);
770 PKCS12_SAFEBAG_set0_attrs(bag, attrs);
771 attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
772 X509_ATTRIBUTE_free(attr);
773 if(!TEST_ptr(attrs)) {
774 goto err;
775 }
776
777 end_contentinfo(pb);
778
779 end_pkcs12(pb);
780
781 /* Read/decode */
782 start_check_pkcs12(pb);
783
784 start_check_contentinfo(pb);
785
786 /* Use existing check functionality to confirm cert bag attrs identical to ATTRS3 */
787 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS3);
788
789 end_check_contentinfo(pb);
790
791 end_check_pkcs12(pb);
792
793 return end_pkcs12_builder(pb);
794
795 err:
796 (void)end_pkcs12_builder(pb);
797 return 0;
798 }
799
800 #ifndef OPENSSL_NO_DES
pkcs12_create_test(void)801 static int pkcs12_create_test(void)
802 {
803 int ret = 0;
804 EVP_PKEY *pkey = NULL;
805 PKCS12 *p12 = NULL;
806 const unsigned char *p;
807
808 static const unsigned char rsa_key[] = {
809 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbb,
810 0x24, 0x7a, 0x09, 0x7e, 0x0e, 0xb2, 0x37, 0x32, 0xcc, 0x39, 0x67, 0xad,
811 0xf1, 0x9e, 0x3d, 0x6b, 0x82, 0x83, 0xd1, 0xd0, 0xac, 0xa4, 0xc0, 0x18,
812 0xbe, 0x8d, 0x98, 0x00, 0xc0, 0x7b, 0xff, 0x07, 0x44, 0xc9, 0xca, 0x1c,
813 0xba, 0x36, 0xe1, 0x27, 0x69, 0xff, 0xb1, 0xe3, 0x8d, 0x8b, 0xee, 0x57,
814 0xa9, 0x3a, 0xaa, 0x16, 0x43, 0x39, 0x54, 0x19, 0x7c, 0xae, 0x69, 0x24,
815 0x14, 0xf6, 0x64, 0xff, 0xbc, 0x74, 0xc6, 0x67, 0x6c, 0x4c, 0xf1, 0x02,
816 0x49, 0x69, 0xc7, 0x2b, 0xe1, 0xe1, 0xa1, 0xa3, 0x43, 0x14, 0xf4, 0x77,
817 0x8f, 0xc8, 0xd0, 0x85, 0x5a, 0x35, 0x95, 0xac, 0x62, 0xa9, 0xc1, 0x21,
818 0x00, 0x77, 0xa0, 0x8b, 0x97, 0x30, 0xb4, 0x5a, 0x2c, 0xb8, 0x90, 0x2f,
819 0x48, 0xa0, 0x05, 0x28, 0x4b, 0xf2, 0x0f, 0x8d, 0xec, 0x8b, 0x4d, 0x03,
820 0x42, 0x75, 0xd6, 0xad, 0x81, 0xc0, 0x11, 0x02, 0x03, 0x01, 0x00, 0x01,
821 0x02, 0x81, 0x80, 0x00, 0xfc, 0xb9, 0x4a, 0x26, 0x07, 0x89, 0x51, 0x2b,
822 0x53, 0x72, 0x91, 0xe0, 0x18, 0x3e, 0xa6, 0x5e, 0x31, 0xef, 0x9c, 0x0c,
823 0x16, 0x24, 0x42, 0xd0, 0x28, 0x33, 0xf9, 0xfa, 0xd0, 0x3c, 0x54, 0x04,
824 0x06, 0xc0, 0x15, 0xf5, 0x1b, 0x9a, 0xb3, 0x24, 0x31, 0xab, 0x3c, 0x6b,
825 0x47, 0x43, 0xb0, 0xd2, 0xa9, 0xdc, 0x05, 0xe1, 0x81, 0x59, 0xb6, 0x04,
826 0xe9, 0x66, 0x61, 0xaa, 0xd7, 0x0b, 0x00, 0x8f, 0x3d, 0xe5, 0xbf, 0xa2,
827 0xf8, 0x5e, 0x25, 0x6c, 0x1e, 0x22, 0x0f, 0xb4, 0xfd, 0x41, 0xe2, 0x03,
828 0x31, 0x5f, 0xda, 0x20, 0xc5, 0xc0, 0xf3, 0x55, 0x0e, 0xe1, 0xc9, 0xec,
829 0xd7, 0x3e, 0x2a, 0x0c, 0x01, 0xca, 0x7b, 0x22, 0xcb, 0xac, 0xf4, 0x2b,
830 0x27, 0xf0, 0x78, 0x5f, 0xb5, 0xc2, 0xf9, 0xe8, 0x14, 0x5a, 0x6e, 0x7e,
831 0x86, 0xbd, 0x6a, 0x9b, 0x20, 0x0c, 0xba, 0xcc, 0x97, 0x20, 0x11, 0x02,
832 0x41, 0x00, 0xc9, 0x59, 0x9f, 0x29, 0x8a, 0x5b, 0x9f, 0xe3, 0x2a, 0xd8,
833 0x7e, 0xc2, 0x40, 0x9f, 0xa8, 0x45, 0xe5, 0x3e, 0x11, 0x8d, 0x3c, 0xed,
834 0x6e, 0xab, 0xce, 0xd0, 0x65, 0x46, 0xd8, 0xc7, 0x07, 0x63, 0xb5, 0x23,
835 0x34, 0xf4, 0x9f, 0x7e, 0x1c, 0xc7, 0xc7, 0xf9, 0x65, 0xd1, 0xf4, 0x04,
836 0x42, 0x38, 0xbe, 0x3a, 0x0c, 0x9d, 0x08, 0x25, 0xfc, 0xa3, 0x71, 0xd9,
837 0xae, 0x0c, 0x39, 0x61, 0xf4, 0x89, 0x02, 0x41, 0x00, 0xed, 0xef, 0xab,
838 0xa9, 0xd5, 0x39, 0x9c, 0xee, 0x59, 0x1b, 0xff, 0xcf, 0x48, 0x44, 0x1b,
839 0xb6, 0x32, 0xe7, 0x46, 0x24, 0xf3, 0x04, 0x7f, 0xde, 0x95, 0x08, 0x6d,
840 0x75, 0x9e, 0x67, 0x17, 0xba, 0x5c, 0xa4, 0xd4, 0xe2, 0xe2, 0x4d, 0x77,
841 0xce, 0xeb, 0x66, 0x29, 0xc5, 0x96, 0xe0, 0x62, 0xbb, 0xe5, 0xac, 0xdc,
842 0x44, 0x62, 0x54, 0x86, 0xed, 0x64, 0x0c, 0xce, 0xd0, 0x60, 0x03, 0x9d,
843 0x49, 0x02, 0x40, 0x54, 0xd9, 0x18, 0x72, 0x27, 0xe4, 0xbe, 0x76, 0xbb,
844 0x1a, 0x6a, 0x28, 0x2f, 0x95, 0x58, 0x12, 0xc4, 0x2c, 0xa8, 0xb6, 0xcc,
845 0xe2, 0xfd, 0x0d, 0x17, 0x64, 0xc8, 0x18, 0xd7, 0xc6, 0xdf, 0x3d, 0x4c,
846 0x1a, 0x9e, 0xf9, 0x2a, 0xb0, 0xb9, 0x2e, 0x12, 0xfd, 0xec, 0xc3, 0x51,
847 0xc1, 0xed, 0xa9, 0xfd, 0xb7, 0x76, 0x93, 0x41, 0xd8, 0xc8, 0x22, 0x94,
848 0x1a, 0x77, 0xf6, 0x9c, 0xc3, 0xc3, 0x89, 0x02, 0x41, 0x00, 0x8e, 0xf9,
849 0xa7, 0x08, 0xad, 0xb5, 0x2a, 0x04, 0xdb, 0x8d, 0x04, 0xa1, 0xb5, 0x06,
850 0x20, 0x34, 0xd2, 0xcf, 0xc0, 0x89, 0xb1, 0x72, 0x31, 0xb8, 0x39, 0x8b,
851 0xcf, 0xe2, 0x8e, 0xa5, 0xda, 0x4f, 0x45, 0x1e, 0x53, 0x42, 0x66, 0xc4,
852 0x30, 0x4b, 0x29, 0x8e, 0xc1, 0x69, 0x17, 0x29, 0x8c, 0x8a, 0xe6, 0x0f,
853 0x82, 0x68, 0xa1, 0x41, 0xb3, 0xb6, 0x70, 0x99, 0x75, 0xa9, 0x27, 0x18,
854 0xe4, 0xe9, 0x02, 0x41, 0x00, 0x89, 0xea, 0x6e, 0x6d, 0x70, 0xdf, 0x25,
855 0x5f, 0x18, 0x3f, 0x48, 0xda, 0x63, 0x10, 0x8b, 0xfe, 0xa8, 0x0c, 0x94,
856 0x0f, 0xde, 0x97, 0x56, 0x53, 0x89, 0x94, 0xe2, 0x1e, 0x2c, 0x74, 0x3c,
857 0x91, 0x81, 0x34, 0x0b, 0xa6, 0x40, 0xf8, 0xcb, 0x2a, 0x60, 0x8c, 0xe0,
858 0x02, 0xb7, 0x89, 0x93, 0xcf, 0x18, 0x9f, 0x49, 0x54, 0xfd, 0x7d, 0x3f,
859 0x9a, 0xef, 0xd4, 0xa4, 0x4f, 0xc1, 0x45, 0x99, 0x91,
860 };
861
862 p = rsa_key;
863 if (!TEST_ptr(pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &p,
864 sizeof(rsa_key), NULL, NULL)))
865 goto err;
866 if (!TEST_int_eq(ERR_peek_error(), 0))
867 goto err;
868 p12 = PKCS12_create(NULL, NULL, pkey, NULL, NULL,
869 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
870 NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2, 1, 0);
871 if (!TEST_ptr(p12))
872 goto err;
873
874 if (!TEST_int_eq(ERR_peek_error(), 0))
875 goto err;
876 ret = 1;
877 err:
878 PKCS12_free(p12);
879 EVP_PKEY_free(pkey);
880 return ret;
881 }
882 #endif
883
pkcs12_recreate_test(void)884 static int pkcs12_recreate_test(void)
885 {
886 int ret = 0;
887 X509 *cert = NULL;
888 X509 *cert_parsed = NULL;
889 EVP_PKEY *pkey = NULL;
890 EVP_PKEY *pkey_parsed = NULL;
891 PKCS12 *p12 = NULL;
892 PKCS12 *p12_parsed = NULL;
893 PKCS12 *p12_recreated = NULL;
894 const unsigned char *cert_bytes = CERT1;
895 const unsigned char *key_bytes = KEY1;
896 BIO *bio = NULL;
897
898 cert = d2i_X509(NULL, &cert_bytes, sizeof(CERT1));
899 if (!TEST_ptr(cert))
900 goto err;
901 pkey = d2i_AutoPrivateKey(NULL, &key_bytes, sizeof(KEY1));
902 if (!TEST_ptr(pkey))
903 goto err;
904 p12 = PKCS12_create("pass", NULL, pkey, cert, NULL, NID_aes_256_cbc,
905 NID_aes_256_cbc, 2, 1, 0);
906 if (!TEST_ptr(p12))
907 goto err;
908 if (!TEST_int_eq(ERR_peek_error(), 0))
909 goto err;
910
911 bio = BIO_new(BIO_s_mem());
912 if (!TEST_ptr(bio))
913 goto err;
914 if (!TEST_int_eq(i2d_PKCS12_bio(bio, p12), 1))
915 goto err;
916 p12_parsed = PKCS12_init_ex(NID_pkcs7_data, testctx, NULL);
917 if (!TEST_ptr(p12_parsed))
918 goto err;
919 p12_parsed = d2i_PKCS12_bio(bio, &p12_parsed);
920 if (!TEST_ptr(p12_parsed))
921 goto err;
922 if (!TEST_int_eq(PKCS12_parse(p12_parsed, "pass", &pkey_parsed,
923 &cert_parsed, NULL), 1))
924 goto err;
925
926 /* cert_parsed also contains auxiliary data */
927 p12_recreated = PKCS12_create("new_pass", NULL, pkey_parsed, cert_parsed,
928 NULL, NID_aes_256_cbc, NID_aes_256_cbc,
929 2, 1, 0);
930 if (!TEST_ptr(p12_recreated))
931 goto err;
932 if (!TEST_int_eq(ERR_peek_error(), 0))
933 goto err;
934
935 ret = 1;
936 err:
937 BIO_free(bio);
938 PKCS12_free(p12);
939 PKCS12_free(p12_parsed);
940 PKCS12_free(p12_recreated);
941 EVP_PKEY_free(pkey);
942 EVP_PKEY_free(pkey_parsed);
943 X509_free(cert);
944 X509_free(cert_parsed);
945 return ret;
946 }
947
948 typedef enum OPTION_choice {
949 OPT_ERR = -1,
950 OPT_EOF = 0,
951 OPT_WRITE,
952 OPT_LEGACY,
953 OPT_CONTEXT,
954 OPT_TEST_ENUM
955 } OPTION_CHOICE;
956
test_get_options(void)957 const OPTIONS *test_get_options(void)
958 {
959 static const OPTIONS options[] = {
960 OPT_TEST_OPTIONS_DEFAULT_USAGE,
961 { "write", OPT_WRITE, '-', "Write PKCS12 objects to file" },
962 { "legacy", OPT_LEGACY, '-', "Test the legacy APIs" },
963 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
964 { NULL }
965 };
966 return options;
967 }
968
setup_tests(void)969 int setup_tests(void)
970 {
971 OPTION_CHOICE o;
972
973 while ((o = opt_next()) != OPT_EOF) {
974 switch (o) {
975 case OPT_WRITE:
976 PKCS12_helper_set_write_files(1);
977 break;
978 case OPT_LEGACY:
979 PKCS12_helper_set_legacy(1);
980 break;
981 case OPT_CONTEXT:
982 default_libctx = 0;
983 break;
984 case OPT_TEST_CASES:
985 break;
986 default:
987 return 0;
988 }
989 }
990
991 if (!default_libctx) {
992 testctx = OSSL_LIB_CTX_new();
993 if (!TEST_ptr(testctx))
994 return 0;
995 nullprov = OSSL_PROVIDER_load(NULL, "null");
996 if (!TEST_ptr(nullprov))
997 return 0;
998 }
999
1000 deflprov = OSSL_PROVIDER_load(testctx, "default");
1001 if (!TEST_ptr(deflprov))
1002 return 0;
1003 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
1004
1005 PKCS12_helper_set_libctx(testctx);
1006
1007 /*
1008 * Verify that the default and fips providers in the default libctx are not
1009 * available if we are using a standalone context
1010 */
1011 if (!default_libctx) {
1012 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
1013 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
1014 return 0;
1015 }
1016
1017 ADD_TEST(test_single_cert_no_attrs);
1018 if (lgcyprov == NULL) {
1019 ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
1020 ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
1021 } else {
1022 ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_all));
1023 ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_all));
1024 }
1025 #ifndef OPENSSL_NO_DES
1026 if (default_libctx)
1027 ADD_TEST(pkcs12_create_test);
1028 #endif
1029 if (default_libctx)
1030 ADD_TEST(pkcs12_recreate_test);
1031 ADD_ALL_TESTS(test_single_key_enc_pass, OSSL_NELEM(passwords));
1032 ADD_ALL_TESTS(test_single_key_enc_iter, OSSL_NELEM(iters));
1033 ADD_TEST(test_single_key_with_attrs);
1034 ADD_ALL_TESTS(test_single_cert_mac_alg, OSSL_NELEM(mac_nids));
1035 ADD_ALL_TESTS(test_single_cert_mac_pass, OSSL_NELEM(passwords));
1036 ADD_ALL_TESTS(test_single_cert_mac_iter, OSSL_NELEM(iters));
1037 ADD_TEST(test_cert_key_with_attrs_and_mac);
1038 ADD_TEST(test_cert_key_encrypted_content);
1039 ADD_TEST(test_single_secret_encrypted_content);
1040 ADD_TEST(test_multiple_contents);
1041 ADD_TEST(test_jdk_trusted_attr);
1042 ADD_TEST(test_set0_attrs);
1043 return 1;
1044 }
1045
cleanup_tests(void)1046 void cleanup_tests(void)
1047 {
1048 OSSL_PROVIDER_unload(nullprov);
1049 OSSL_PROVIDER_unload(deflprov);
1050 OSSL_PROVIDER_unload(lgcyprov);
1051 OSSL_LIB_CTX_free(testctx);
1052 }
1053
