- Timestamp:
- Aug 14, 2018 7:13:03 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/iprt/crypto/pkix.h
r73665 r73677 260 260 PCRTCRPKIXSIGNATUREDESC RTCrPkixSignatureFindByObjIdString(const char *pszObjId, void *ppvOpaque); 261 261 PCRTCRPKIXSIGNATUREDESC RTCrPkixSignatureFindByObjId(PCRTASN1OBJID pObjId, void **ppvOpaque); 262 RTDECL(int) RTCrPkixSignatureCreateByObjIdString(PRTCRPKIXSIGNATURE phSignature, const char *pszObjId, bool fSigning,263 RTCRKEY hKey, PCRTASN1DYNTYPE pParams );262 RTDECL(int) RTCrPkixSignatureCreateByObjIdString(PRTCRPKIXSIGNATURE phSignature, const char *pszObjId, 263 RTCRKEY hKey, PCRTASN1DYNTYPE pParams, bool fSigning); 264 264 RTDECL(int) RTCrPkixSignatureCreateByObjId(PRTCRPKIXSIGNATURE phSignature, PCRTASN1OBJID pObjId, RTCRKEY hKey, 265 265 PCRTASN1DYNTYPE pParams, bool fSigning); … … 436 436 PCRTCRPKIXENCRYPTIONDESC RTCrPkixEncryptionFindByObjId(PCRTASN1OBJID pObjId, void *ppvOpaque); 437 437 RTDECL(int) RTCrPkixEncryptionCreateByObjIdString(PRTCRPKIXENCRYPTION phEncryption, const char *pszObjId, 438 bool fEncrypt, PCRTASN1BITSTRING pKey,PCRTASN1DYNTYPE pParams);438 bool fEncrypt, RTCRKEY hKey, PCRTASN1DYNTYPE pParams); 439 439 RTDECL(int) RTCrPkixEncryptionCreateByObjId(PRTCRPKIXENCRYPTION phEncryption, PCRTASN1OBJID pObjId, bool fEncrypt, 440 PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams);440 RTCRKEY hKey, PCRTASN1DYNTYPE pParams); 441 441 442 442 -
trunk/src/VBox/Runtime/testcase/tstRTCrPkix-1.cpp
r73665 r73677 34 34 #include <iprt/test.h> 35 35 #include <iprt/crypto/key.h> 36 #include <iprt/crypto/digest.h> 36 37 37 38 … … 228 229 continue; 229 230 230 #if 0231 231 /* 232 * Decode.232 * Create corresponding signing and verifying decoder instances. 233 233 */ 234 /* Raw decoding of DER bytes, structure will have pointers to the raw data. */ 235 RTASN1CURSORPRIMARY PrimaryCursor; 236 RTAsn1CursorInitPrimary(&PrimaryCursor, g_aFiles[i].pbDer, (uint32_t)g_aFiles[i].cbDer, 237 NULL /*pErrInfo*/, &g_RTAsn1DefaultAllocator, RTASN1CURSOR_FLAGS_DER, NULL /*pszErrorTag*/); 238 rc = RTCrRsaPublicKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &Cert0, "Cert0"); 239 if (RT_SUCCESS(rc)) 234 static struct { uint32_t cBits; const char *pszObjId; } const s_aSignatures[] = 240 235 { 241 rc = RTCrX509Certificate_CheckSanity(&Cert0, 0, NULL /*pErrInfo*/, "Cert0"); 242 if (RT_SUCCESS(rc)) 236 { 128, RTCR_PKCS1_MD2_WITH_RSA_OID }, 237 //{ 128, RTCR_PKCS1_MD4_WITH_RSA_OID }, 238 { 128, RTCR_PKCS1_MD5_WITH_RSA_OID }, 239 { 160, RTCR_PKCS1_SHA1_WITH_RSA_OID }, 240 { 256, RTCR_PKCS1_SHA256_WITH_RSA_OID }, 241 { 224, RTCR_PKCS1_SHA224_WITH_RSA_OID }, 242 { 384, RTCR_PKCS1_SHA384_WITH_RSA_OID }, 243 { 512, RTCR_PKCS1_SHA512_WITH_RSA_OID }, 244 }; 245 RTCRPKIXSIGNATURE hSign = NIL_RTCRPKIXSIGNATURE; 246 RTCRPKIXSIGNATURE hVerify = NIL_RTCRPKIXSIGNATURE; 247 for (unsigned iSig = 0; iSig < RT_ELEMENTS(s_aSignatures); iSig++) 248 { 249 RTCrPkixSignatureRelease(hSign); 250 hSign = NIL_RTCRPKIXSIGNATURE; 251 RTCrPkixSignatureRelease(hVerify); 252 hVerify = NIL_RTCRPKIXSIGNATURE; 253 254 rc = RTCrPkixSignatureCreateByObjIdString(&hSign, s_aSignatures[iSig].pszObjId, hPrivateKey, NULL, true /*fSigning*/); 255 if (RT_FAILURE(rc)) 256 RTTestIFailed("RTCrPkixSignatureCreateByObjIdString failed with %Rrc on %u bits private key and %u bits MD (%s)", 257 rc, g_aKeyPairs[i].cBits, s_aSignatures[iSig].cBits, s_aSignatures[iSig].pszObjId); 258 259 rc = RTCrPkixSignatureCreateByObjIdString(&hVerify, s_aSignatures[iSig].pszObjId, hPublicKey, NULL, false /*fSigning*/); 260 if (RT_FAILURE(rc)) 261 RTTestIFailed("RTCrPkixSignatureCreateByObjIdString failed with %Rrc on %u bits public key and %u bits MD (%s)", 262 rc, g_aKeyPairs[i].cBits, s_aSignatures[iSig].cBits, s_aSignatures[iSig].pszObjId); 263 264 if (RT_FAILURE(rc) || hSign == NIL_RTCRPKIXSIGNATURE || hVerify == NIL_RTCRPKIXSIGNATURE) 265 continue; 266 267 /* 268 * Try a few different boilplate things. 269 */ 270 static struct { void const *pv; size_t cb; } const s_aTexts[] = 243 271 { 244 /* Check the API, this clones the certificate so no data pointers. */ 245 RTCRX509CERTIFICATE Cert1; 246 memset(&Cert1, i, sizeof(Cert1)); 247 rc = RTCrX509Certificate_ReadFromBuffer(&Cert1, g_aFiles[i].pbDer, g_aFiles[i].cbDer, 0 /*fFlags*/, 248 &g_RTAsn1EFenceAllocator, NULL /*pErrInfo*/, NULL /*pszErrorTag*/); 272 { RT_STR_TUPLE("IPRT") }, 273 { RT_STR_TUPLE("abcdef") }, 274 }; 275 276 for (unsigned iText = 0; iText < RT_ELEMENTS(s_aTexts); iText++) 277 { 278 uint8_t abSignature[4096]; 279 size_t cbSignature = sizeof(abSignature); 280 281 RTCRDIGEST hDigest = NIL_RTCRDIGEST; 282 rc = RTCrDigestCreateByObjIdString(&hDigest, s_aSignatures[iSig].pszObjId); 249 283 if (RT_SUCCESS(rc)) 250 284 { 251 /* Read the PEM variant. */ 252 RTCRX509CERTIFICATE Cert2; 253 memset(&Cert2, ~i, sizeof(Cert2)); 254 rc = RTCrX509Certificate_ReadFromBuffer(&Cert2, g_aFiles[i].pchPem, g_aFiles[i].cbPem, 0 /*fFlags*/, 255 &g_RTAsn1DefaultAllocator, NULL /*pErrInfo*/, NULL /*pszErrorTag*/); 285 rc = RTCrPkixSignatureSign(hSign, hDigest, abSignature, &cbSignature); 256 286 if (RT_SUCCESS(rc)) 257 287 { 258 /* 259 * Compare them, they should be all the same. 260 */ 261 if (RTCrX509Certificate_Compare(&Cert0, &Cert1) != 0) 262 RTTestIFailed("Cert0 and Cert1 (DER) decoding of file %s (#%u) differs", g_aFiles[i].pszFile, i); 263 else if (RTCrX509Certificate_Compare(&Cert0, &Cert2) != 0) 264 RTTestIFailed("Cert0 and Cert2 (PEM) decoding of file %s (#%u) differs", g_aFiles[i].pszFile, i); 265 else if (RTCrX509Certificate_Compare(&Cert1, &Cert2) != 0) 266 RTTestIFailed("Cert1 (DER) and Cert2 (PEM) decoding of file %s (#%u) differs", g_aFiles[i].pszFile, i); 267 else 268 { 269 /* 270 * Encode the certificates. 271 */ 272 unsigned j; 273 PRTCRX509CERTIFICATE paCerts[] = { &Cert0, &Cert1, &Cert2 }; 274 for (j = 0; j < RT_ELEMENTS(paCerts); j++) 275 { 276 uint32_t cbEncoded = ~(j ^ i); 277 RTTESTI_CHECK_RC(rc = RTAsn1EncodePrepare(&paCerts[j]->SeqCore.Asn1Core, 278 RTASN1ENCODE_F_DER, &cbEncoded, NULL), VINF_SUCCESS); 279 if (RT_SUCCESS(rc) && cbEncoded != g_aFiles[i].cbDer) 280 RTTestIFailed("RTAsn1EncodePrepare of file %s (#%u) returned %#x bytes instead of %#x", 281 g_aFiles[i].pszFile, i, cbEncoded, g_aFiles[i].cbDer); 282 283 cbEncoded = (uint32_t)g_aFiles[i].cbDer; 284 void *pvTmp = RTTestGuardedAllocTail(g_hTest, cbEncoded); 285 RTTESTI_CHECK_RC(rc = RTAsn1EncodeToBuffer(&paCerts[j]->SeqCore.Asn1Core, RTASN1ENCODE_F_DER, 286 pvTmp, cbEncoded, NULL /*pErrInfo*/), VINF_SUCCESS); 287 if (RT_SUCCESS(rc) && memcmp(pvTmp, g_aFiles[i].pbDer, cbEncoded) != 0) 288 RTTestIFailed("RTAsn1EncodeToBuffer produces the wrong output for file %s (#%u), variation %u", 289 g_aFiles[i].pszFile, i, j); 290 RTTestGuardedFree(g_hTest, pvTmp); 291 } 292 293 /* 294 * Check that our self signed check works. 295 */ 296 RTTESTI_CHECK(RTCrX509Certificate_IsSelfSigned(&Cert0) == g_aFiles[i].fSelfSigned); 297 RTTESTI_CHECK(RTCrX509Certificate_IsSelfSigned(&Cert1) == g_aFiles[i].fSelfSigned); 298 RTTESTI_CHECK(RTCrX509Certificate_IsSelfSigned(&Cert2) == g_aFiles[i].fSelfSigned); 299 300 if (g_aFiles[i].fSelfSigned) 301 { 302 /* 303 * Verify the certificate signature (self signed). 304 */ 305 for (j = 0; j < RT_ELEMENTS(paCerts); j++) 306 { 307 rc = RTCrX509Certificate_VerifySignatureSelfSigned(paCerts[j], NULL /*pErrInfo*/); 308 if ( RT_FAILURE(rc) 309 && ( rc != VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP 310 || !g_aFiles[i].fMaybeNotInOpenSSL) ) 311 RTTestIFailed("RTCrX509Certificate_VerifySignatureSelfSigned failed for %s (#%u), variation %u: %Rrc", 312 g_aFiles[i].pszFile, i, j, rc); 313 } 314 } 315 } 316 317 RTCrX509Certificate_Delete(&Cert2); 288 rc = RTCrPkixSignatureVerify(hVerify, hDigest, abSignature, cbSignature); 289 if (RT_FAILURE(rc)) 290 RTTestIFailed("RTCrPkixSignatureVerify failed with %Rrc for %u bits MD with %u bits key (%s); signature length %u", 291 rc, s_aSignatures[iSig].cBits, g_aKeyPairs[i].cBits, s_aSignatures[iSig].pszObjId, cbSignature); 292 318 293 } 319 else 320 RTTestIFailed(" Error %Rrc decoding PEM file %s (#%u)", rc, g_aFiles[i].pszFile, i);321 RTCrX509Certificate_Delete(&Cert1);294 else if (rc != VERR_CR_PKIX_HASH_TOO_LONG_FOR_KEY) 295 RTTestIFailed("RTCrPkixSignatureSign failed with %Rrc for %u bits MD with %u bits key (%s)", 296 rc, s_aSignatures[iSig].cBits, g_aKeyPairs[i].cBits, s_aSignatures[iSig].pszObjId); 322 297 } 323 298 else 324 RTTestIFailed("Error %Rrc decoding DER file %s (#%u)", rc, g_aFiles[i].pszFile, i); 299 RTTestIFailed("RTCrDigestCreateByObjIdString failed with %Rrc for %s (%u bits)", 300 rc, s_aSignatures[iSig].pszObjId, s_aSignatures[iSig].cBits); 325 301 } 326 RTCrX509Certificate_Delete(&Cert0);327 302 } 328 #endif 303 304 RTCrPkixSignatureRelease(hSign); 305 hSign = NIL_RTCRPKIXSIGNATURE; 306 RTCrPkixSignatureRelease(hVerify); 307 hVerify = NIL_RTCRPKIXSIGNATURE; 329 308 } 330 309
Note:
See TracChangeset
for help on using the changeset viewer.