1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <stdlib.h>
13
14 #include <openssl/pkcs12.h>
15 #include <openssl/x509.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/pem.h>
18
19 #include "testutil.h"
20 #include "helpers/pkcs12.h"
21
22 static int default_libctx = 1;
23
24 static OSSL_LIB_CTX *testctx = NULL;
25 static OSSL_PROVIDER *nullprov = NULL;
26 static OSSL_PROVIDER *deflprov = NULL;
27 static OSSL_PROVIDER *lgcyprov = NULL;
28
29 /* --------------------------------------------------------------------------
30 * PKCS12 component test data
31 */
32
33 static const unsigned char CERT1[] = {
34 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
35 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
36 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
37 0x04, 0x03, 0x0c, 0x0e, 0x50, 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x52, 0x6f, 0x6f, 0x74,
38 0x2d, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x30, 0x30, 0x34, 0x36,
39 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x30, 0x30, 0x34, 0x36, 0x35,
40 0x36, 0x5a, 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x50,
41 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2d, 0x31, 0x30,
42 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
43 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c,
44 0x7a, 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1,
45 0xc8, 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84,
46 0x81, 0x16, 0x64, 0x4a, 0x52, 0xa6, 0x30, 0x44, 0xdc, 0x1a, 0x30, 0xde, 0xae, 0x29, 0x18, 0xcf,
47 0xc7, 0xf3, 0xcf, 0x0c, 0xb7, 0x8e, 0x2b, 0x1e, 0x21, 0x01, 0x0b, 0xfb, 0xe5, 0xe6, 0xcf, 0x2b,
48 0x84, 0xe1, 0x33, 0xf8, 0xba, 0x02, 0xfc, 0x30, 0xfa, 0xc4, 0x33, 0xc7, 0x37, 0xc6, 0x7f, 0x72,
49 0x31, 0x92, 0x1d, 0x8f, 0xa0, 0xfb, 0xe5, 0x4a, 0x08, 0x31, 0x78, 0x80, 0x9c, 0x23, 0xb4, 0xe9,
50 0x19, 0x56, 0x04, 0xfa, 0x0d, 0x07, 0x04, 0xb7, 0x43, 0xac, 0x4c, 0x49, 0x7c, 0xc2, 0xa1, 0x44,
51 0xc1, 0x48, 0x7d, 0x28, 0xe5, 0x23, 0x66, 0x07, 0x22, 0xd5, 0xf0, 0xf1, 0x02, 0x03, 0x01, 0x00,
52 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
53 0x80, 0x14, 0xdb, 0xbb, 0xb8, 0x92, 0x4e, 0x24, 0x0b, 0x1b, 0xbb, 0x78, 0x33, 0xf9, 0x01, 0x02,
54 0x23, 0x0d, 0x96, 0x18, 0x30, 0x47, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30,
55 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x0d,
56 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81,
57 0x00, 0x1c, 0x13, 0xdc, 0x02, 0xf1, 0x44, 0x36, 0x65, 0xa9, 0xbe, 0x30, 0x1c, 0x66, 0x14, 0x20,
58 0x86, 0x5a, 0xa8, 0x69, 0x25, 0xf8, 0x1a, 0xb6, 0x9e, 0x5e, 0xe9, 0x89, 0xb8, 0x67, 0x70, 0x19,
59 0x87, 0x60, 0xeb, 0x4b, 0x11, 0x71, 0x85, 0xf8, 0xe9, 0xa7, 0x3e, 0x20, 0x42, 0xec, 0x43, 0x25,
60 0x01, 0x03, 0xe5, 0x4d, 0x83, 0x22, 0xf5, 0x8e, 0x3a, 0x1a, 0x1b, 0xd4, 0x1c, 0xda, 0x6b, 0x9d,
61 0x10, 0x1b, 0xee, 0x67, 0x4e, 0x1f, 0x69, 0xab, 0xbc, 0xaa, 0x62, 0x8e, 0x9e, 0xc6, 0xee, 0xd6,
62 0x09, 0xc0, 0xca, 0xe0, 0xaa, 0x9f, 0x07, 0xb2, 0xc2, 0xbb, 0x31, 0x96, 0xa2, 0x04, 0x62, 0xd3,
63 0x13, 0x32, 0x29, 0x67, 0x6e, 0xad, 0x2e, 0x0b, 0xea, 0x04, 0x7c, 0x8c, 0x5a, 0x5d, 0xac, 0x14,
64 0xaa, 0x61, 0x7f, 0x28, 0x6c, 0x2d, 0x64, 0x2d, 0xc3, 0xaf, 0x77, 0x52, 0x90, 0xb4, 0x37, 0xc0,
65 0x30,
66 };
67
68 static const unsigned char CERT2[] = {
69 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
70 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
71 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
72 0x04, 0x03, 0x0c, 0x0e, 0x50, 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x52, 0x6f, 0x6f, 0x74,
73 0x2d, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x30, 0x30, 0x34, 0x36,
74 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x30, 0x30, 0x34, 0x36, 0x35,
75 0x36, 0x5a, 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x50,
76 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2d, 0x31, 0x30,
77 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
78 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86,
79 0x9f, 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35,
80 0x4d, 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8,
81 0xa5, 0x96, 0x30, 0x03, 0xc5, 0xc6, 0xd9, 0xa8, 0x4e, 0xbc, 0x23, 0x51, 0xa1, 0x96, 0xd2, 0x03,
82 0x98, 0x73, 0xb6, 0x17, 0x9c, 0x77, 0xd4, 0x95, 0x1e, 0x1b, 0xb3, 0x1b, 0xc8, 0x71, 0xd1, 0x2e,
83 0x31, 0xc7, 0x6a, 0x75, 0x57, 0x08, 0x7f, 0xba, 0x70, 0x76, 0xf7, 0x67, 0xf4, 0x4e, 0xbe, 0xfc,
84 0x70, 0x61, 0x41, 0x07, 0x2b, 0x7c, 0x3c, 0x3b, 0xb3, 0xbc, 0xd5, 0xa8, 0xbd, 0x28, 0xd8, 0x49,
85 0xd3, 0xe1, 0x78, 0xc8, 0xc1, 0x42, 0x5e, 0x18, 0x36, 0xa8, 0x41, 0xf7, 0xc8, 0xaa, 0x35, 0xfe,
86 0x2d, 0xd1, 0xb4, 0xcc, 0x00, 0x67, 0xae, 0x79, 0xd3, 0x28, 0xd5, 0x5b, 0x02, 0x03, 0x01, 0x00,
87 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
88 0x80, 0x14, 0xdb, 0xbb, 0xb8, 0x92, 0x4e, 0x24, 0x0b, 0x1b, 0xbb, 0x78, 0x33, 0xf9, 0x01, 0x02,
89 0x23, 0x0d, 0x96, 0x18, 0x30, 0x47, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30,
90 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x0d,
91 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81,
92 0x00, 0x3b, 0xa6, 0x73, 0xbe, 0xe0, 0x28, 0xed, 0x1f, 0x29, 0x78, 0x4c, 0xc0, 0x1f, 0xe9, 0x85,
93 0xc6, 0x8f, 0xe3, 0x87, 0x7c, 0xd9, 0xe7, 0x0a, 0x37, 0xe8, 0xaa, 0xb5, 0xd2, 0x7f, 0xf8, 0x90,
94 0x20, 0x80, 0x35, 0xa7, 0x79, 0x2b, 0x04, 0xa7, 0xbf, 0xe6, 0x7b, 0x58, 0xcb, 0xec, 0x0e, 0x58,
95 0xef, 0x2a, 0x70, 0x8a, 0x56, 0x8a, 0xcf, 0x6b, 0x7a, 0x74, 0x0c, 0xf4, 0x15, 0x37, 0x93, 0xcd,
96 0xe6, 0xb2, 0xa1, 0x83, 0x09, 0xdb, 0x9e, 0x4f, 0xff, 0x6a, 0x17, 0x4f, 0x33, 0xc9, 0xcc, 0x90,
97 0x2a, 0x67, 0xff, 0x16, 0x78, 0xa8, 0x2c, 0x10, 0xe0, 0x52, 0x8c, 0xe6, 0xe9, 0x90, 0x8d, 0xe0,
98 0x62, 0x04, 0x9a, 0x0f, 0x44, 0x01, 0x82, 0x14, 0x92, 0x44, 0x25, 0x69, 0x22, 0xb7, 0xb8, 0xc5,
99 0x94, 0x4c, 0x4b, 0x1c, 0x9b, 0x92, 0x60, 0x66, 0x90, 0x4e, 0xb9, 0xa8, 0x4c, 0x89, 0xbb, 0x0f,
100 0x0b,
101 };
102
103 static const unsigned char KEY1[] = {
104 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c, 0x7a,
105 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1, 0xc8,
106 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84, 0x81,
107 0x16, 0x64, 0x4a, 0x52, 0xa6, 0x30, 0x44, 0xdc, 0x1a, 0x30, 0xde, 0xae, 0x29, 0x18, 0xcf, 0xc7,
108 0xf3, 0xcf, 0x0c, 0xb7, 0x8e, 0x2b, 0x1e, 0x21, 0x01, 0x0b, 0xfb, 0xe5, 0xe6, 0xcf, 0x2b, 0x84,
109 0xe1, 0x33, 0xf8, 0xba, 0x02, 0xfc, 0x30, 0xfa, 0xc4, 0x33, 0xc7, 0x37, 0xc6, 0x7f, 0x72, 0x31,
110 0x92, 0x1d, 0x8f, 0xa0, 0xfb, 0xe5, 0x4a, 0x08, 0x31, 0x78, 0x80, 0x9c, 0x23, 0xb4, 0xe9, 0x19,
111 0x56, 0x04, 0xfa, 0x0d, 0x07, 0x04, 0xb7, 0x43, 0xac, 0x4c, 0x49, 0x7c, 0xc2, 0xa1, 0x44, 0xc1,
112 0x48, 0x7d, 0x28, 0xe5, 0x23, 0x66, 0x07, 0x22, 0xd5, 0xf0, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01,
113 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6d, 0xf9, 0x8f, 0xf5, 0x5a, 0xa3, 0x50, 0xd9, 0x0d, 0x37, 0xbb,
114 0xce, 0x13, 0x94, 0xb8, 0xea, 0x32, 0x7f, 0x0c, 0xf5, 0x46, 0x0b, 0x90, 0x17, 0x7e, 0x5e, 0x63,
115 0xbd, 0xa4, 0x78, 0xcd, 0x19, 0x97, 0xd4, 0x92, 0x30, 0x78, 0xaa, 0xb4, 0xa7, 0x9c, 0xc6, 0xdf,
116 0x2a, 0x65, 0x0e, 0xb5, 0x9f, 0x9c, 0x84, 0x0d, 0x4d, 0x3a, 0x74, 0xfc, 0xd0, 0xb4, 0x09, 0x74,
117 0xc4, 0xb8, 0x24, 0x03, 0xa8, 0xf0, 0xf8, 0x0d, 0x5c, 0x8e, 0xdf, 0x4b, 0xe1, 0x0a, 0x8f, 0x4f,
118 0xd5, 0xc7, 0x9b, 0x54, 0x55, 0x8f, 0x00, 0x5c, 0xea, 0x4c, 0x73, 0xf9, 0x1b, 0xbf, 0xb8, 0x93,
119 0x33, 0x20, 0xce, 0x45, 0xd9, 0x03, 0x02, 0xb2, 0x36, 0xc5, 0x0a, 0x30, 0x50, 0x78, 0x80, 0x66,
120 0x00, 0x22, 0x38, 0x86, 0xcf, 0x63, 0x4a, 0x5c, 0xbf, 0x2b, 0xd9, 0x6e, 0xe6, 0xf0, 0x39, 0xad,
121 0x12, 0x25, 0x41, 0xb9, 0x02, 0x41, 0x00, 0xf3, 0x7c, 0x07, 0x99, 0x64, 0x3a, 0x28, 0x8c, 0x8d,
122 0x05, 0xfe, 0x32, 0xb5, 0x4c, 0x8c, 0x6d, 0xde, 0x3d, 0x16, 0x08, 0xa0, 0x01, 0x61, 0x4f, 0x8e,
123 0xa0, 0xf7, 0x26, 0x26, 0xb5, 0x8e, 0xc0, 0x7a, 0xce, 0x86, 0x34, 0xde, 0xb8, 0xef, 0x86, 0x01,
124 0xbe, 0x24, 0xaa, 0x9b, 0x36, 0x93, 0x72, 0x9b, 0xf9, 0xc6, 0xcb, 0x76, 0x84, 0x67, 0x06, 0x06,
125 0x30, 0x50, 0xdf, 0x42, 0x17, 0xe0, 0xa7, 0x02, 0x41, 0x00, 0xc6, 0x91, 0xa0, 0x41, 0x34, 0x11,
126 0x67, 0x4b, 0x08, 0x0f, 0xda, 0xa7, 0x99, 0xec, 0x58, 0x11, 0xa5, 0x82, 0xdb, 0x50, 0xfe, 0x77,
127 0xe2, 0xd1, 0x53, 0x9c, 0x7d, 0xe8, 0xbf, 0xe7, 0x7c, 0xa9, 0x01, 0xb1, 0x87, 0xc3, 0x52, 0x79,
128 0x9e, 0x2c, 0xa7, 0x6f, 0x02, 0x37, 0x32, 0xef, 0x24, 0x31, 0x21, 0x0b, 0x86, 0x05, 0x32, 0x4a,
129 0x2e, 0x0b, 0x65, 0x05, 0xd3, 0xd6, 0x30, 0xb2, 0xfc, 0xa7, 0x02, 0x41, 0x00, 0xc2, 0xed, 0x31,
130 0xdc, 0x40, 0x9c, 0x3a, 0xe8, 0x42, 0xe2, 0x60, 0x5e, 0x52, 0x3c, 0xc5, 0x54, 0x14, 0x0e, 0x8d,
131 0x7c, 0x3c, 0x34, 0xbe, 0xa6, 0x05, 0x86, 0xa2, 0x36, 0x5d, 0xd9, 0x0e, 0x3e, 0xd4, 0x52, 0x50,
132 0xa9, 0x35, 0x01, 0x93, 0x68, 0x92, 0x2e, 0x9a, 0x86, 0x27, 0x1a, 0xab, 0x32, 0x9e, 0xe2, 0x79,
133 0x9f, 0x5b, 0xf3, 0xa5, 0xd2, 0xf1, 0xd3, 0x6e, 0x7b, 0x3e, 0x1b, 0x85, 0x93, 0x02, 0x40, 0x68,
134 0xb8, 0xb6, 0x7e, 0x8c, 0xba, 0x3c, 0xf2, 0x8a, 0x2e, 0xea, 0x4f, 0x07, 0xd3, 0x68, 0x62, 0xee,
135 0x1a, 0x04, 0x16, 0x44, 0x0d, 0xef, 0xf6, 0x1b, 0x95, 0x65, 0xa5, 0xd1, 0x47, 0x81, 0x2c, 0x14,
136 0xb3, 0x8e, 0xf9, 0x08, 0xcf, 0x11, 0x07, 0x55, 0xca, 0x2a, 0xad, 0xf7, 0xd3, 0xbd, 0x0f, 0x97,
137 0xf0, 0xde, 0xde, 0x70, 0xb6, 0x44, 0x70, 0x47, 0xf7, 0xf9, 0xcf, 0x75, 0x61, 0x7f, 0xf3, 0x02,
138 0x40, 0x38, 0x4a, 0x67, 0xaf, 0xae, 0xb6, 0xb2, 0x6a, 0x00, 0x25, 0x5a, 0xa4, 0x65, 0x20, 0xb1,
139 0x13, 0xbd, 0x83, 0xff, 0xb4, 0xbc, 0xf4, 0xdd, 0xa1, 0xbb, 0x1c, 0x96, 0x37, 0x35, 0xf4, 0xbf,
140 0xed, 0x4c, 0xed, 0x92, 0xe8, 0xac, 0xc9, 0xc1, 0xa5, 0xa3, 0x23, 0x66, 0x40, 0x8a, 0xa1, 0xe6,
141 0xe3, 0x95, 0xfe, 0xc4, 0x53, 0xf5, 0x7d, 0x6e, 0xca, 0x45, 0x42, 0xe4, 0xc2, 0x9f, 0xe5, 0x1e,
142 0xb5,
143 };
144
145
146 static const unsigned char KEY2[] = {
147 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86, 0x9f,
148 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35, 0x4d,
149 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8, 0xa5,
150 0x96, 0x30, 0x03, 0xc5, 0xc6, 0xd9, 0xa8, 0x4e, 0xbc, 0x23, 0x51, 0xa1, 0x96, 0xd2, 0x03, 0x98,
151 0x73, 0xb6, 0x17, 0x9c, 0x77, 0xd4, 0x95, 0x1e, 0x1b, 0xb3, 0x1b, 0xc8, 0x71, 0xd1, 0x2e, 0x31,
152 0xc7, 0x6a, 0x75, 0x57, 0x08, 0x7f, 0xba, 0x70, 0x76, 0xf7, 0x67, 0xf4, 0x4e, 0xbe, 0xfc, 0x70,
153 0x61, 0x41, 0x07, 0x2b, 0x7c, 0x3c, 0x3b, 0xb3, 0xbc, 0xd5, 0xa8, 0xbd, 0x28, 0xd8, 0x49, 0xd3,
154 0xe1, 0x78, 0xc8, 0xc1, 0x42, 0x5e, 0x18, 0x36, 0xa8, 0x41, 0xf7, 0xc8, 0xaa, 0x35, 0xfe, 0x2d,
155 0xd1, 0xb4, 0xcc, 0x00, 0x67, 0xae, 0x79, 0xd3, 0x28, 0xd5, 0x5b, 0x02, 0x03, 0x01, 0x00, 0x01,
156 0x02, 0x81, 0x81, 0x00, 0xa6, 0x00, 0x83, 0xf8, 0x2b, 0x33, 0xac, 0xfb, 0xdb, 0xf0, 0x52, 0x4b,
157 0xd6, 0x39, 0xe3, 0x94, 0x3d, 0x8d, 0xa9, 0x01, 0xb0, 0x6b, 0xbe, 0x7f, 0x10, 0x01, 0xb6, 0xcd,
158 0x0a, 0x45, 0x0a, 0xca, 0x67, 0x8e, 0xd8, 0x29, 0x44, 0x8a, 0x51, 0xa8, 0x66, 0x35, 0x26, 0x30,
159 0x8b, 0xe9, 0x41, 0xa6, 0x22, 0xec, 0xd2, 0xf0, 0x58, 0x41, 0x33, 0x26, 0xf2, 0x3f, 0xe8, 0x75,
160 0x4f, 0xc7, 0x5d, 0x2e, 0x5a, 0xa8, 0x7a, 0xd2, 0xbf, 0x59, 0xa0, 0x86, 0x79, 0x0b, 0x92, 0x6c,
161 0x95, 0x5d, 0x87, 0x63, 0x5c, 0xd6, 0x1a, 0xc0, 0xf6, 0x7a, 0x15, 0x8d, 0xc7, 0x3c, 0xb6, 0x9e,
162 0xa6, 0x58, 0x46, 0x9b, 0xbf, 0x3e, 0x28, 0x8c, 0xdf, 0x1a, 0x87, 0xaa, 0x7e, 0xf5, 0xf2, 0xcb,
163 0x5e, 0x84, 0x2d, 0xf6, 0x82, 0x7e, 0x89, 0x4e, 0xf5, 0xe6, 0x3c, 0x92, 0x80, 0x1e, 0x98, 0x1c,
164 0x6a, 0x7b, 0x57, 0x01, 0x02, 0x41, 0x00, 0xdd, 0x60, 0x95, 0xd7, 0xa1, 0x9d, 0x0c, 0xa1, 0x84,
165 0xc5, 0x39, 0xca, 0x67, 0x4c, 0x1c, 0x06, 0x71, 0x5b, 0x5c, 0x2d, 0x8d, 0xce, 0xcd, 0xe2, 0x79,
166 0xc8, 0x33, 0xbe, 0x50, 0x37, 0x60, 0x9f, 0x3b, 0xb9, 0x59, 0x55, 0x22, 0x1f, 0xa5, 0x4b, 0x1d,
167 0xca, 0x38, 0xa0, 0xab, 0x87, 0x9c, 0x86, 0x0e, 0xdb, 0x1c, 0x4f, 0x4f, 0x07, 0xed, 0x18, 0x3f,
168 0x05, 0x3c, 0xec, 0x78, 0x11, 0xf6, 0x99, 0x02, 0x41, 0x00, 0xc2, 0xc5, 0xcf, 0xbe, 0x95, 0x91,
169 0xeb, 0xcf, 0x47, 0xf3, 0x33, 0x32, 0xc7, 0x7e, 0x93, 0x56, 0xf7, 0xd8, 0xf9, 0xd4, 0xb6, 0xd6,
170 0x20, 0xac, 0xba, 0x8a, 0x20, 0x19, 0x14, 0xab, 0xc5, 0x5d, 0xb2, 0x08, 0xcc, 0x77, 0x7c, 0x65,
171 0xa8, 0xdb, 0x66, 0x97, 0x36, 0x44, 0x2c, 0x63, 0xc0, 0x6a, 0x7e, 0xb0, 0x0b, 0x5c, 0x90, 0x12,
172 0x50, 0xb4, 0x36, 0x60, 0xc3, 0x1f, 0x22, 0x0c, 0xc8, 0x13, 0x02, 0x40, 0x33, 0xc8, 0x7e, 0x04,
173 0x7c, 0x97, 0x61, 0xf6, 0xfe, 0x39, 0xac, 0x34, 0xfe, 0x48, 0xbd, 0x5d, 0x7c, 0x72, 0xa4, 0x73,
174 0x3b, 0x72, 0x9e, 0x92, 0x55, 0x6e, 0x51, 0x3c, 0x39, 0x43, 0x5a, 0xe4, 0xa4, 0x71, 0xcc, 0xc5,
175 0xaf, 0x3f, 0xbb, 0xc8, 0x80, 0x65, 0x67, 0x2d, 0x9e, 0x32, 0x10, 0x99, 0x03, 0x2c, 0x99, 0xc8,
176 0xab, 0x71, 0xed, 0x31, 0xf8, 0xbb, 0xde, 0xee, 0x69, 0x7f, 0xba, 0x31, 0x02, 0x40, 0x7e, 0xbc,
177 0x60, 0x55, 0x4e, 0xd5, 0xc8, 0x6e, 0xf4, 0x0e, 0x57, 0xbe, 0x2e, 0xf9, 0x39, 0xbe, 0x59, 0x3f,
178 0xa2, 0x30, 0xbb, 0x57, 0xd1, 0xa3, 0x13, 0x2e, 0x55, 0x7c, 0x7c, 0x6a, 0xd8, 0xde, 0x02, 0xbe,
179 0x9e, 0xed, 0x10, 0xd0, 0xc5, 0x73, 0x1d, 0xea, 0x3e, 0xb1, 0x55, 0x81, 0x02, 0xef, 0x48, 0xc8,
180 0x1c, 0x5c, 0x7a, 0x92, 0xb0, 0x58, 0xd3, 0x19, 0x5b, 0x5d, 0xa2, 0xb6, 0x56, 0x69, 0x02, 0x40,
181 0x1e, 0x00, 0x6a, 0x9f, 0xba, 0xee, 0x46, 0x5a, 0xc5, 0xb5, 0x9f, 0x91, 0x33, 0xdd, 0xc9, 0x96,
182 0x75, 0xb7, 0x87, 0xcf, 0x18, 0x1c, 0xb7, 0xb9, 0x3f, 0x04, 0x10, 0xb8, 0x75, 0xa9, 0xb8, 0xa0,
183 0x31, 0x35, 0x03, 0x30, 0x89, 0xc8, 0x37, 0x68, 0x20, 0x30, 0x99, 0x39, 0x96, 0xd6, 0x2b, 0x3d,
184 0x5e, 0x45, 0x84, 0xf7, 0xd2, 0x61, 0x50, 0xc9, 0x50, 0xba, 0x8d, 0x08, 0xaa, 0xd0, 0x08, 0x1e,
185 };
186
187
188 static const PKCS12_ATTR ATTRS1[] = {
189 { "friendlyName", "george" },
190 { "localKeyID", "1234567890" },
191 { "1.2.3.4.5", "MyCustomAttribute" },
192 { NULL, NULL }
193 };
194
195 static const PKCS12_ATTR ATTRS2[] = {
196 { "friendlyName", "janet" },
197 { "localKeyID", "987654321" },
198 { "1.2.3.5.8.13", "AnotherCustomAttribute" },
199 { NULL, NULL }
200 };
201
202 static const PKCS12_ATTR ATTRS3[] = {
203 { "friendlyName", "wildduk" },
204 { "localKeyID", "1122334455" },
205 { "oracle-jdk-trustedkeyusage", "anyExtendedKeyUsage" },
206 { NULL, NULL }
207 };
208
209 static const PKCS12_ATTR ATTRS4[] = {
210 { "friendlyName", "wildduk" },
211 { "localKeyID", "1122334455" },
212 { NULL, NULL }
213 };
214
215 static const PKCS12_ENC enc_default = {
216 #ifndef OPENSSL_NO_DES
217 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
218 #else
219 NID_aes_128_cbc,
220 #endif
221 "Password1",
222 1000
223 };
224
225 static const PKCS12_ENC mac_default = {
226 NID_sha1,
227 "Password1",
228 1000
229 };
230
231 static const int enc_nids_all[] = {
232 /* NOTE: To use PBES2 we pass the desired cipher NID instead of NID_pbes2 */
233 NID_aes_128_cbc,
234 NID_aes_256_cbc,
235 #ifndef OPENSSL_NO_DES
236 NID_des_ede3_cbc,
237 NID_des_cbc,
238 #endif
239 #ifndef OPENSSL_NO_RC5
240 NID_rc5_cbc,
241 #endif
242 #ifndef OPENSSL_NO_RC4
243 NID_rc4,
244 #endif
245 #ifndef OPENSSL_NO_RC2
246 NID_rc2_cbc,
247 #endif
248
249 #ifndef OPENSSL_NO_MD2
250 # ifndef OPENSSL_NO_DES
251 NID_pbeWithMD2AndDES_CBC,
252 # endif
253 # ifndef OPENSSL_NO_RC2
254 NID_pbeWithMD2AndRC2_CBC,
255 # endif
256 #endif
257
258 #ifndef OPENSSL_NO_MD5
259 # ifndef OPENSSL_NO_DES
260 NID_pbeWithMD5AndDES_CBC,
261 # endif
262 # ifndef OPENSSL_NO_RC2
263 NID_pbeWithMD5AndRC2_CBC,
264 # endif
265 #endif
266 #ifndef OPENSSL_NO_DES
267 NID_pbeWithSHA1AndDES_CBC,
268 #endif
269 #ifndef OPENSSL_NO_RC2
270 NID_pbe_WithSHA1And128BitRC2_CBC,
271 NID_pbe_WithSHA1And40BitRC2_CBC,
272 NID_pbeWithSHA1AndRC2_CBC,
273 #endif
274 #ifndef OPENSSL_NO_RC4
275 NID_pbe_WithSHA1And128BitRC4,
276 NID_pbe_WithSHA1And40BitRC4,
277 #endif
278 #ifndef OPENSSL_NO_DES
279 NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
280 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
281 #endif
282 };
283
284 static const int enc_nids_no_legacy[] = {
285 /* NOTE: To use PBES2 we pass the desired cipher NID instead of NID_pbes2 */
286 NID_aes_128_cbc,
287 NID_aes_256_cbc,
288 #ifndef OPENSSL_NO_DES
289 NID_des_ede3_cbc,
290 NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
291 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
292 #endif
293 };
294
295 static const int mac_nids[] = {
296 NID_sha1,
297 NID_md5,
298 NID_sha256,
299 NID_sha512,
300 NID_sha3_256,
301 NID_sha3_512
302 };
303
304 static const int iters[] = {
305 1,
306 1000
307 };
308
309 static const char *passwords[] = {
310 "Password1",
311 "",
312 };
313
314 /* --------------------------------------------------------------------------
315 * Local functions
316 */
317
get_custom_oid(void)318 static int get_custom_oid(void)
319 {
320 static int sec_nid = -1;
321
322 if (sec_nid != -1)
323 return sec_nid;
324 if (!TEST_true(OBJ_create("1.3.5.7.9", "CustomSecretOID", "My custom secret OID")))
325 return -1;
326 return sec_nid = OBJ_txt2nid("CustomSecretOID");
327 }
328
329
330 /* --------------------------------------------------------------------------
331 * PKCS12 format tests
332 */
333
test_single_cert_no_attrs(void)334 static int test_single_cert_no_attrs(void)
335 {
336 PKCS12_BUILDER *pb = new_pkcs12_builder("1cert.p12");
337
338 /* Generate/encode */
339 start_pkcs12(pb);
340
341 start_contentinfo(pb);
342
343 add_certbag(pb, CERT1, sizeof(CERT1), NULL);
344
345 end_contentinfo(pb);
346
347 end_pkcs12(pb);
348
349 /* Read/decode */
350 start_check_pkcs12(pb);
351
352 start_check_contentinfo(pb);
353
354 check_certbag(pb, CERT1, sizeof(CERT1), NULL);
355
356 end_check_contentinfo(pb);
357
358 end_check_pkcs12(pb);
359
360 return end_pkcs12_builder(pb);
361 }
362
test_single_key(PKCS12_ENC * enc)363 static int test_single_key(PKCS12_ENC *enc)
364 {
365 char fname[80];
366 PKCS12_BUILDER *pb;
367
368 sprintf(fname, "1key_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
369
370 pb = new_pkcs12_builder(fname);
371
372 /* Generate/encode */
373 start_pkcs12(pb);
374
375 start_contentinfo(pb);
376
377 add_keybag(pb, KEY1, sizeof(KEY1), NULL, enc);
378
379 end_contentinfo(pb);
380
381 end_pkcs12(pb);
382
383 /* Read/decode */
384 start_check_pkcs12(pb);
385
386 start_check_contentinfo(pb);
387
388 check_keybag(pb, KEY1, sizeof(KEY1), NULL, enc);
389
390 end_check_contentinfo(pb);
391
392 end_check_pkcs12(pb);
393
394 return end_pkcs12_builder(pb);
395 }
396
test_single_key_enc_alg(int z)397 static int test_single_key_enc_alg(int z)
398 {
399 PKCS12_ENC enc;
400
401 if (lgcyprov == NULL)
402 enc.nid = enc_nids_no_legacy[z];
403 else
404 enc.nid = enc_nids_all[z];
405 enc.pass = enc_default.pass;
406 enc.iter = enc_default.iter;
407
408 return test_single_key(&enc);
409 }
410
test_single_key_enc_pass(int z)411 static int test_single_key_enc_pass(int z)
412 {
413 PKCS12_ENC enc;
414
415 enc.nid = enc_default.nid;
416 enc.pass = passwords[z];
417 enc.iter = enc_default.iter;
418
419 return test_single_key(&enc);
420 }
421
test_single_key_enc_iter(int z)422 static int test_single_key_enc_iter(int z)
423 {
424 PKCS12_ENC enc;
425
426 enc.nid = enc_default.nid;
427 enc.pass = enc_default.pass;
428 enc.iter = iters[z];
429
430 return test_single_key(&enc);
431 }
432
test_single_key_with_attrs(void)433 static int test_single_key_with_attrs(void)
434 {
435 PKCS12_BUILDER *pb = new_pkcs12_builder("1keyattrs.p12");
436
437 /* Generate/encode */
438 start_pkcs12(pb);
439
440 start_contentinfo(pb);
441
442 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
443
444 end_contentinfo(pb);
445
446 end_pkcs12(pb);
447
448 /* Read/decode */
449 start_check_pkcs12(pb);
450
451 start_check_contentinfo(pb);
452
453 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
454
455 end_check_contentinfo(pb);
456
457 end_check_pkcs12(pb);
458
459 return end_pkcs12_builder(pb);
460 }
461
test_single_cert_mac(PKCS12_ENC * mac)462 static int test_single_cert_mac(PKCS12_ENC *mac)
463 {
464 char fname[80];
465 PKCS12_BUILDER *pb;
466
467 sprintf(fname, "1cert_mac-%s_iter-%d.p12", OBJ_nid2sn(mac->nid), mac->iter);
468
469 pb = new_pkcs12_builder(fname);
470
471 /* Generate/encode */
472 start_pkcs12(pb);
473
474 start_contentinfo(pb);
475
476 add_certbag(pb, CERT1, sizeof(CERT1), NULL);
477
478 end_contentinfo(pb);
479
480 end_pkcs12_with_mac(pb, mac);
481
482 /* Read/decode */
483 start_check_pkcs12_with_mac(pb, mac);
484
485 start_check_contentinfo(pb);
486
487 check_certbag(pb, CERT1, sizeof(CERT1), NULL);
488
489 end_check_contentinfo(pb);
490
491 end_check_pkcs12(pb);
492
493 return end_pkcs12_builder(pb);
494 }
495
test_single_cert_mac_alg(int z)496 static int test_single_cert_mac_alg(int z)
497 {
498 PKCS12_ENC mac;
499
500 mac.nid = mac_nids[z];
501 mac.pass = mac_default.pass;
502 mac.iter = mac_default.iter;
503
504 return test_single_cert_mac(&mac);
505 }
506
test_single_cert_mac_pass(int z)507 static int test_single_cert_mac_pass(int z)
508 {
509 PKCS12_ENC mac;
510
511 mac.nid = mac_default.nid;
512 mac.pass = passwords[z];
513 mac.iter = mac_default.iter;
514
515 return test_single_cert_mac(&mac);
516 }
517
test_single_cert_mac_iter(int z)518 static int test_single_cert_mac_iter(int z)
519 {
520 PKCS12_ENC mac;
521
522 mac.nid = mac_default.nid;
523 mac.pass = mac_default.pass;
524 mac.iter = iters[z];
525
526 return test_single_cert_mac(&mac);
527 }
528
test_cert_key_with_attrs_and_mac(void)529 static int test_cert_key_with_attrs_and_mac(void)
530 {
531 PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key.p12");
532
533 /* Generate/encode */
534 start_pkcs12(pb);
535
536 start_contentinfo(pb);
537
538 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
539 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
540
541 end_contentinfo(pb);
542
543 end_pkcs12_with_mac(pb, &mac_default);
544
545 /* Read/decode */
546 start_check_pkcs12_with_mac(pb, &mac_default);
547
548 start_check_contentinfo(pb);
549
550 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
551 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
552
553 end_check_contentinfo(pb);
554
555 end_check_pkcs12(pb);
556
557 return end_pkcs12_builder(pb);
558 }
559
test_cert_key_encrypted_content(void)560 static int test_cert_key_encrypted_content(void)
561 {
562 PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key_enc.p12");
563
564 /* Generate/encode */
565 start_pkcs12(pb);
566
567 start_contentinfo(pb);
568
569 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
570 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
571
572 end_contentinfo_encrypted(pb, &enc_default);
573
574 end_pkcs12_with_mac(pb, &mac_default);
575
576 /* Read/decode */
577 start_check_pkcs12_with_mac(pb, &mac_default);
578
579 start_check_contentinfo_encrypted(pb, &enc_default);
580
581 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
582 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
583
584 end_check_contentinfo(pb);
585
586 end_check_pkcs12(pb);
587
588 return end_pkcs12_builder(pb);
589 }
590
test_single_secret_encrypted_content(void)591 static int test_single_secret_encrypted_content(void)
592 {
593 PKCS12_BUILDER *pb = new_pkcs12_builder("1secret.p12");
594 int custom_nid = get_custom_oid();
595
596 /* Generate/encode */
597 start_pkcs12(pb);
598
599 start_contentinfo(pb);
600
601 add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
602
603 end_contentinfo_encrypted(pb, &enc_default);
604
605 end_pkcs12_with_mac(pb, &mac_default);
606
607 /* Read/decode */
608 start_check_pkcs12_with_mac(pb, &mac_default);
609
610 start_check_contentinfo_encrypted(pb, &enc_default);
611
612 check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
613
614 end_check_contentinfo(pb);
615
616 end_check_pkcs12(pb);
617
618 return end_pkcs12_builder(pb);
619 }
620
test_single_secret(PKCS12_ENC * enc)621 static int test_single_secret(PKCS12_ENC *enc)
622 {
623 int custom_nid;
624 char fname[80];
625 PKCS12_BUILDER *pb;
626
627 sprintf(fname, "1secret_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
628 pb = new_pkcs12_builder(fname);
629 custom_nid = get_custom_oid();
630
631 /* Generate/encode */
632 start_pkcs12(pb);
633
634 start_contentinfo(pb);
635
636 add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
637
638 end_contentinfo_encrypted(pb, enc);
639
640 end_pkcs12_with_mac(pb, &mac_default);
641
642 /* Read/decode */
643 start_check_pkcs12_with_mac(pb, &mac_default);
644
645 start_check_contentinfo_encrypted(pb, enc);
646
647 check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
648
649 end_check_contentinfo(pb);
650
651 end_check_pkcs12(pb);
652
653 return end_pkcs12_builder(pb);
654 }
655
test_single_secret_enc_alg(int z)656 static int test_single_secret_enc_alg(int z)
657 {
658 PKCS12_ENC enc;
659
660 if (lgcyprov == NULL)
661 enc.nid = enc_nids_no_legacy[z];
662 else
663 enc.nid = enc_nids_all[z];
664 enc.pass = enc_default.pass;
665 enc.iter = enc_default.iter;
666
667 return test_single_secret(&enc);
668 }
669
test_multiple_contents(void)670 static int test_multiple_contents(void)
671 {
672 PKCS12_BUILDER *pb = new_pkcs12_builder("multi_contents.p12");
673 int custom_nid = get_custom_oid();
674
675 /* Generate/encode */
676 start_pkcs12(pb);
677
678 start_contentinfo(pb);
679
680 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
681 add_certbag(pb, CERT2, sizeof(CERT2), ATTRS2);
682 add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
683 add_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default);
684
685 end_contentinfo(pb);
686
687 start_contentinfo(pb);
688
689 add_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1);
690
691 end_contentinfo_encrypted(pb, &enc_default);
692
693 end_pkcs12_with_mac(pb, &mac_default);
694
695 /* Read/decode */
696 start_check_pkcs12_with_mac(pb, &mac_default);
697
698 start_check_contentinfo(pb);
699
700 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1);
701 check_certbag(pb, CERT2, sizeof(CERT2), ATTRS2);
702 check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default);
703 check_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default);
704
705 end_check_contentinfo(pb);
706
707 start_check_contentinfo_encrypted(pb, &enc_default);
708
709 check_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1);
710
711 end_check_contentinfo(pb);
712
713 end_check_pkcs12(pb);
714
715 return end_pkcs12_builder(pb);
716 }
717
test_jdk_trusted_attr(void)718 static int test_jdk_trusted_attr(void)
719 {
720 PKCS12_BUILDER *pb = new_pkcs12_builder("jdk_trusted.p12");
721
722 /* Generate/encode */
723 start_pkcs12(pb);
724
725 start_contentinfo(pb);
726
727 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS3);
728
729 end_contentinfo(pb);
730
731 end_pkcs12_with_mac(pb, &mac_default);
732
733 /* Read/decode */
734 start_check_pkcs12_with_mac(pb, &mac_default);
735
736 start_check_contentinfo(pb);
737
738 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS3);
739
740 end_check_contentinfo(pb);
741
742 end_check_pkcs12(pb);
743
744 return end_pkcs12_builder(pb);
745 }
746
test_set0_attrs(void)747 static int test_set0_attrs(void)
748 {
749 PKCS12_BUILDER *pb = new_pkcs12_builder("attrs.p12");
750 PKCS12_SAFEBAG *bag = NULL;
751 STACK_OF(X509_ATTRIBUTE) *attrs = NULL;
752 X509_ATTRIBUTE *attr = NULL;
753
754 start_pkcs12(pb);
755
756 start_contentinfo(pb);
757
758 /* Add cert and attrs (name/locakkey only) */
759 add_certbag(pb, CERT1, sizeof(CERT1), ATTRS4);
760
761 bag = sk_PKCS12_SAFEBAG_value(pb->bags, 0);
762 attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
763
764 /* Create new attr, add to list and confirm return attrs is not NULL */
765 attr = X509_ATTRIBUTE_create(NID_oracle_jdk_trustedkeyusage, V_ASN1_OBJECT, OBJ_txt2obj("anyExtendedKeyUsage", 0));
766 X509at_add1_attr(&attrs, attr);
767 PKCS12_SAFEBAG_set0_attrs(bag, attrs);
768 attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
769 X509_ATTRIBUTE_free(attr);
770 if(!TEST_ptr(attrs)) {
771 goto err;
772 }
773
774 end_contentinfo(pb);
775
776 end_pkcs12(pb);
777
778 /* Read/decode */
779 start_check_pkcs12(pb);
780
781 start_check_contentinfo(pb);
782
783 /* Use existing check functionality to confirm cert bag attrs identical to ATTRS3 */
784 check_certbag(pb, CERT1, sizeof(CERT1), ATTRS3);
785
786 end_check_contentinfo(pb);
787
788 end_check_pkcs12(pb);
789
790 return end_pkcs12_builder(pb);
791
792 err:
793 (void)end_pkcs12_builder(pb);
794 return 0;
795 }
796
797 #ifndef OPENSSL_NO_DES
pkcs12_create_test(void)798 static int pkcs12_create_test(void)
799 {
800 int ret = 0;
801 EVP_PKEY *pkey = NULL;
802 PKCS12 *p12 = NULL;
803 const unsigned char *p;
804
805 static const unsigned char rsa_key[] = {
806 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbb,
807 0x24, 0x7a, 0x09, 0x7e, 0x0e, 0xb2, 0x37, 0x32, 0xcc, 0x39, 0x67, 0xad,
808 0xf1, 0x9e, 0x3d, 0x6b, 0x82, 0x83, 0xd1, 0xd0, 0xac, 0xa4, 0xc0, 0x18,
809 0xbe, 0x8d, 0x98, 0x00, 0xc0, 0x7b, 0xff, 0x07, 0x44, 0xc9, 0xca, 0x1c,
810 0xba, 0x36, 0xe1, 0x27, 0x69, 0xff, 0xb1, 0xe3, 0x8d, 0x8b, 0xee, 0x57,
811 0xa9, 0x3a, 0xaa, 0x16, 0x43, 0x39, 0x54, 0x19, 0x7c, 0xae, 0x69, 0x24,
812 0x14, 0xf6, 0x64, 0xff, 0xbc, 0x74, 0xc6, 0x67, 0x6c, 0x4c, 0xf1, 0x02,
813 0x49, 0x69, 0xc7, 0x2b, 0xe1, 0xe1, 0xa1, 0xa3, 0x43, 0x14, 0xf4, 0x77,
814 0x8f, 0xc8, 0xd0, 0x85, 0x5a, 0x35, 0x95, 0xac, 0x62, 0xa9, 0xc1, 0x21,
815 0x00, 0x77, 0xa0, 0x8b, 0x97, 0x30, 0xb4, 0x5a, 0x2c, 0xb8, 0x90, 0x2f,
816 0x48, 0xa0, 0x05, 0x28, 0x4b, 0xf2, 0x0f, 0x8d, 0xec, 0x8b, 0x4d, 0x03,
817 0x42, 0x75, 0xd6, 0xad, 0x81, 0xc0, 0x11, 0x02, 0x03, 0x01, 0x00, 0x01,
818 0x02, 0x81, 0x80, 0x00, 0xfc, 0xb9, 0x4a, 0x26, 0x07, 0x89, 0x51, 0x2b,
819 0x53, 0x72, 0x91, 0xe0, 0x18, 0x3e, 0xa6, 0x5e, 0x31, 0xef, 0x9c, 0x0c,
820 0x16, 0x24, 0x42, 0xd0, 0x28, 0x33, 0xf9, 0xfa, 0xd0, 0x3c, 0x54, 0x04,
821 0x06, 0xc0, 0x15, 0xf5, 0x1b, 0x9a, 0xb3, 0x24, 0x31, 0xab, 0x3c, 0x6b,
822 0x47, 0x43, 0xb0, 0xd2, 0xa9, 0xdc, 0x05, 0xe1, 0x81, 0x59, 0xb6, 0x04,
823 0xe9, 0x66, 0x61, 0xaa, 0xd7, 0x0b, 0x00, 0x8f, 0x3d, 0xe5, 0xbf, 0xa2,
824 0xf8, 0x5e, 0x25, 0x6c, 0x1e, 0x22, 0x0f, 0xb4, 0xfd, 0x41, 0xe2, 0x03,
825 0x31, 0x5f, 0xda, 0x20, 0xc5, 0xc0, 0xf3, 0x55, 0x0e, 0xe1, 0xc9, 0xec,
826 0xd7, 0x3e, 0x2a, 0x0c, 0x01, 0xca, 0x7b, 0x22, 0xcb, 0xac, 0xf4, 0x2b,
827 0x27, 0xf0, 0x78, 0x5f, 0xb5, 0xc2, 0xf9, 0xe8, 0x14, 0x5a, 0x6e, 0x7e,
828 0x86, 0xbd, 0x6a, 0x9b, 0x20, 0x0c, 0xba, 0xcc, 0x97, 0x20, 0x11, 0x02,
829 0x41, 0x00, 0xc9, 0x59, 0x9f, 0x29, 0x8a, 0x5b, 0x9f, 0xe3, 0x2a, 0xd8,
830 0x7e, 0xc2, 0x40, 0x9f, 0xa8, 0x45, 0xe5, 0x3e, 0x11, 0x8d, 0x3c, 0xed,
831 0x6e, 0xab, 0xce, 0xd0, 0x65, 0x46, 0xd8, 0xc7, 0x07, 0x63, 0xb5, 0x23,
832 0x34, 0xf4, 0x9f, 0x7e, 0x1c, 0xc7, 0xc7, 0xf9, 0x65, 0xd1, 0xf4, 0x04,
833 0x42, 0x38, 0xbe, 0x3a, 0x0c, 0x9d, 0x08, 0x25, 0xfc, 0xa3, 0x71, 0xd9,
834 0xae, 0x0c, 0x39, 0x61, 0xf4, 0x89, 0x02, 0x41, 0x00, 0xed, 0xef, 0xab,
835 0xa9, 0xd5, 0x39, 0x9c, 0xee, 0x59, 0x1b, 0xff, 0xcf, 0x48, 0x44, 0x1b,
836 0xb6, 0x32, 0xe7, 0x46, 0x24, 0xf3, 0x04, 0x7f, 0xde, 0x95, 0x08, 0x6d,
837 0x75, 0x9e, 0x67, 0x17, 0xba, 0x5c, 0xa4, 0xd4, 0xe2, 0xe2, 0x4d, 0x77,
838 0xce, 0xeb, 0x66, 0x29, 0xc5, 0x96, 0xe0, 0x62, 0xbb, 0xe5, 0xac, 0xdc,
839 0x44, 0x62, 0x54, 0x86, 0xed, 0x64, 0x0c, 0xce, 0xd0, 0x60, 0x03, 0x9d,
840 0x49, 0x02, 0x40, 0x54, 0xd9, 0x18, 0x72, 0x27, 0xe4, 0xbe, 0x76, 0xbb,
841 0x1a, 0x6a, 0x28, 0x2f, 0x95, 0x58, 0x12, 0xc4, 0x2c, 0xa8, 0xb6, 0xcc,
842 0xe2, 0xfd, 0x0d, 0x17, 0x64, 0xc8, 0x18, 0xd7, 0xc6, 0xdf, 0x3d, 0x4c,
843 0x1a, 0x9e, 0xf9, 0x2a, 0xb0, 0xb9, 0x2e, 0x12, 0xfd, 0xec, 0xc3, 0x51,
844 0xc1, 0xed, 0xa9, 0xfd, 0xb7, 0x76, 0x93, 0x41, 0xd8, 0xc8, 0x22, 0x94,
845 0x1a, 0x77, 0xf6, 0x9c, 0xc3, 0xc3, 0x89, 0x02, 0x41, 0x00, 0x8e, 0xf9,
846 0xa7, 0x08, 0xad, 0xb5, 0x2a, 0x04, 0xdb, 0x8d, 0x04, 0xa1, 0xb5, 0x06,
847 0x20, 0x34, 0xd2, 0xcf, 0xc0, 0x89, 0xb1, 0x72, 0x31, 0xb8, 0x39, 0x8b,
848 0xcf, 0xe2, 0x8e, 0xa5, 0xda, 0x4f, 0x45, 0x1e, 0x53, 0x42, 0x66, 0xc4,
849 0x30, 0x4b, 0x29, 0x8e, 0xc1, 0x69, 0x17, 0x29, 0x8c, 0x8a, 0xe6, 0x0f,
850 0x82, 0x68, 0xa1, 0x41, 0xb3, 0xb6, 0x70, 0x99, 0x75, 0xa9, 0x27, 0x18,
851 0xe4, 0xe9, 0x02, 0x41, 0x00, 0x89, 0xea, 0x6e, 0x6d, 0x70, 0xdf, 0x25,
852 0x5f, 0x18, 0x3f, 0x48, 0xda, 0x63, 0x10, 0x8b, 0xfe, 0xa8, 0x0c, 0x94,
853 0x0f, 0xde, 0x97, 0x56, 0x53, 0x89, 0x94, 0xe2, 0x1e, 0x2c, 0x74, 0x3c,
854 0x91, 0x81, 0x34, 0x0b, 0xa6, 0x40, 0xf8, 0xcb, 0x2a, 0x60, 0x8c, 0xe0,
855 0x02, 0xb7, 0x89, 0x93, 0xcf, 0x18, 0x9f, 0x49, 0x54, 0xfd, 0x7d, 0x3f,
856 0x9a, 0xef, 0xd4, 0xa4, 0x4f, 0xc1, 0x45, 0x99, 0x91,
857 };
858
859 p = rsa_key;
860 if (!TEST_ptr(pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &p,
861 sizeof(rsa_key), NULL, NULL)))
862 goto err;
863 if (!TEST_int_eq(ERR_peek_error(), 0))
864 goto err;
865 p12 = PKCS12_create(NULL, NULL, pkey, NULL, NULL,
866 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
867 NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2, 1, 0);
868 if (!TEST_ptr(p12))
869 goto err;
870
871 if (!TEST_int_eq(ERR_peek_error(), 0))
872 goto err;
873 ret = 1;
874 err:
875 PKCS12_free(p12);
876 EVP_PKEY_free(pkey);
877 return ret;
878 }
879 #endif
880
pkcs12_recreate_test(void)881 static int pkcs12_recreate_test(void)
882 {
883 int ret = 0;
884 X509 *cert = NULL;
885 X509 *cert_parsed = NULL;
886 EVP_PKEY *pkey = NULL;
887 EVP_PKEY *pkey_parsed = NULL;
888 PKCS12 *p12 = NULL;
889 PKCS12 *p12_parsed = NULL;
890 PKCS12 *p12_recreated = NULL;
891 const unsigned char *cert_bytes = CERT1;
892 const unsigned char *key_bytes = KEY1;
893 BIO *bio = NULL;
894
895 cert = d2i_X509(NULL, &cert_bytes, sizeof(CERT1));
896 if (!TEST_ptr(cert))
897 goto err;
898 pkey = d2i_AutoPrivateKey(NULL, &key_bytes, sizeof(KEY1));
899 if (!TEST_ptr(pkey))
900 goto err;
901 p12 = PKCS12_create("pass", NULL, pkey, cert, NULL, NID_aes_256_cbc,
902 NID_aes_256_cbc, 2, 1, 0);
903 if (!TEST_ptr(p12))
904 goto err;
905 if (!TEST_int_eq(ERR_peek_error(), 0))
906 goto err;
907
908 bio = BIO_new(BIO_s_mem());
909 if (!TEST_ptr(bio))
910 goto err;
911 if (!TEST_int_eq(i2d_PKCS12_bio(bio, p12), 1))
912 goto err;
913 p12_parsed = PKCS12_init_ex(NID_pkcs7_data, testctx, NULL);
914 if (!TEST_ptr(p12_parsed))
915 goto err;
916 p12_parsed = d2i_PKCS12_bio(bio, &p12_parsed);
917 if (!TEST_ptr(p12_parsed))
918 goto err;
919 if (!TEST_int_eq(PKCS12_parse(p12_parsed, "pass", &pkey_parsed,
920 &cert_parsed, NULL), 1))
921 goto err;
922
923 /* cert_parsed also contains auxiliary data */
924 p12_recreated = PKCS12_create("new_pass", NULL, pkey_parsed, cert_parsed,
925 NULL, NID_aes_256_cbc, NID_aes_256_cbc,
926 2, 1, 0);
927 if (!TEST_ptr(p12_recreated))
928 goto err;
929 if (!TEST_int_eq(ERR_peek_error(), 0))
930 goto err;
931
932 ret = 1;
933 err:
934 BIO_free(bio);
935 PKCS12_free(p12);
936 PKCS12_free(p12_parsed);
937 PKCS12_free(p12_recreated);
938 EVP_PKEY_free(pkey);
939 EVP_PKEY_free(pkey_parsed);
940 X509_free(cert);
941 X509_free(cert_parsed);
942 return ret;
943 }
944
945 typedef enum OPTION_choice {
946 OPT_ERR = -1,
947 OPT_EOF = 0,
948 OPT_WRITE,
949 OPT_LEGACY,
950 OPT_CONTEXT,
951 OPT_TEST_ENUM
952 } OPTION_CHOICE;
953
test_get_options(void)954 const OPTIONS *test_get_options(void)
955 {
956 static const OPTIONS options[] = {
957 OPT_TEST_OPTIONS_DEFAULT_USAGE,
958 { "write", OPT_WRITE, '-', "Write PKCS12 objects to file" },
959 { "legacy", OPT_LEGACY, '-', "Test the legacy APIs" },
960 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
961 { NULL }
962 };
963 return options;
964 }
965
setup_tests(void)966 int setup_tests(void)
967 {
968 OPTION_CHOICE o;
969
970 while ((o = opt_next()) != OPT_EOF) {
971 switch (o) {
972 case OPT_WRITE:
973 PKCS12_helper_set_write_files(1);
974 break;
975 case OPT_LEGACY:
976 PKCS12_helper_set_legacy(1);
977 break;
978 case OPT_CONTEXT:
979 default_libctx = 0;
980 break;
981 case OPT_TEST_CASES:
982 break;
983 default:
984 return 0;
985 }
986 }
987
988 if (!default_libctx) {
989 testctx = OSSL_LIB_CTX_new();
990 if (!TEST_ptr(testctx))
991 return 0;
992 nullprov = OSSL_PROVIDER_load(NULL, "null");
993 if (!TEST_ptr(nullprov))
994 return 0;
995 }
996
997 deflprov = OSSL_PROVIDER_load(testctx, "default");
998 if (!TEST_ptr(deflprov))
999 return 0;
1000 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
1001
1002 PKCS12_helper_set_libctx(testctx);
1003
1004 /*
1005 * Verify that the default and fips providers in the default libctx are not
1006 * available if we are using a standalone context
1007 */
1008 if (!default_libctx) {
1009 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
1010 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
1011 return 0;
1012 }
1013
1014 ADD_TEST(test_single_cert_no_attrs);
1015 if (lgcyprov == NULL) {
1016 ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
1017 ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
1018 } else {
1019 ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_all));
1020 ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_all));
1021 }
1022 #ifndef OPENSSL_NO_DES
1023 if (default_libctx)
1024 ADD_TEST(pkcs12_create_test);
1025 #endif
1026 if (default_libctx)
1027 ADD_TEST(pkcs12_recreate_test);
1028 ADD_ALL_TESTS(test_single_key_enc_pass, OSSL_NELEM(passwords));
1029 ADD_ALL_TESTS(test_single_key_enc_iter, OSSL_NELEM(iters));
1030 ADD_TEST(test_single_key_with_attrs);
1031 ADD_ALL_TESTS(test_single_cert_mac_alg, OSSL_NELEM(mac_nids));
1032 ADD_ALL_TESTS(test_single_cert_mac_pass, OSSL_NELEM(passwords));
1033 ADD_ALL_TESTS(test_single_cert_mac_iter, OSSL_NELEM(iters));
1034 ADD_TEST(test_cert_key_with_attrs_and_mac);
1035 ADD_TEST(test_cert_key_encrypted_content);
1036 ADD_TEST(test_single_secret_encrypted_content);
1037 ADD_TEST(test_multiple_contents);
1038 ADD_TEST(test_jdk_trusted_attr);
1039 ADD_TEST(test_set0_attrs);
1040 return 1;
1041 }
1042
cleanup_tests(void)1043 void cleanup_tests(void)
1044 {
1045 OSSL_PROVIDER_unload(nullprov);
1046 OSSL_PROVIDER_unload(deflprov);
1047 OSSL_PROVIDER_unload(lgcyprov);
1048 OSSL_LIB_CTX_free(testctx);
1049 }
1050