1 // Copyright 2014 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <gtest/gtest.h>
16
17 #include <openssl/bytestring.h>
18 #include <openssl/crypto.h>
19 #include <openssl/mem.h>
20 #include <openssl/pem.h>
21 #include <openssl/pkcs7.h>
22 #include <openssl/span.h>
23 #include <openssl/stack.h>
24 #include <openssl/x509.h>
25
26 #include <string>
27
28 #include "../internal.h"
29 #include "../test/test_data.h"
30 #include "../test/test_util.h"
31
32
33 // kPEMCert is the result of exporting the mail.google.com certificate from
34 // Chrome and then running it through:
35 // openssl pkcs7 -inform DER -in mail.google.com -outform PEM
36 static const char kPEMCert[] =
37 "-----BEGIN PKCS7-----\n"
38 "MIID+wYJKoZIhvcNAQcCoIID7DCCA+gCAQExADALBgkqhkiG9w0BBwGgggPQMIID\n"
39 "zDCCArSgAwIBAgIIWesoywKxoNQwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEBhMC\n"
40 "VVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5l\n"
41 "dCBBdXRob3JpdHkgRzIwHhcNMTUwMjExMTQxNTA2WhcNMTUwNTEyMDAwMDAwWjBp\n"
42 "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91\n"
43 "bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEYMBYGA1UEAwwPbWFpbC5n\n"
44 "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7MdALmCkcRRf/tzQ\n"
45 "a8eu3J7S5CTQa5ns0ReF9ktlbB1RL56BVGAu4p7BrT32D6gDpiggXq3gxN81A0TG\n"
46 "C2yICKOCAWEwggFdMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAsBgNV\n"
47 "HREEJTAjgg9tYWlsLmdvb2dsZS5jb22CEGluYm94Lmdvb2dsZS5jb20wCwYDVR0P\n"
48 "BAQDAgeAMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5n\n"
49 "b29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMx\n"
50 "Lmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQUQqsYsRoWLiG6qmV2N1mpYaHawxAw\n"
51 "DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAX\n"
52 "BgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDov\n"
53 "L3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAKNh3\n"
54 "isNuGBisPKVlekOsZR6S8oP/fS/xt6Hqvg0EwFXvhxoJ40rxAB2LMykY17e+ln3P\n"
55 "MwBBlRkwY1btcDT15JwzgaZb38rq/r+Pkb5Qgmx/InA/pw0QHDtwHQp5uXZuvu6p\n"
56 "J/SlCwyq7EOvByWdVQcMU/dhGa3idXEkn/zwfqcG6YjdWKoDmXWZYv3RiP3wJcRB\n"
57 "9+3U1wOe3uebnZLRWO6/w0to1XY8TFHklyw5rwIE5sbxOx5N3Ne8+GgPrUDvGAz0\n"
58 "rAUKnh3b7GNXL1qlZh2qkhB6rUzvtPpg397Asg3xVtExCHOk4zPqzzicttoEbVVy\n"
59 "0T8rIMUNwC4Beh4JVjEA\n"
60 "-----END PKCS7-----\n";
61
62 /* kPEMCRL is the result of downloading the Equifax CRL and running:
63 openssl crl2pkcs7 -inform DER -in secureca.crl */
64 static const char kPEMCRL[] =
65 "-----BEGIN PKCS7-----\n"
66 "MIIDhQYJKoZIhvcNAQcCoIIDdjCCA3ICAQExADALBgkqhkiG9w0BBwGgAKGCA1gw\n"
67 "ggNUMIICvTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMH\n"
68 "RXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0\n"
69 "aG9yaXR5Fw0xNTAyMjcwMTIzMDBaFw0xNTAzMDkwMTIzMDBaMIICPDAUAgMPWOQX\n"
70 "DTE0MDQyNzA4MTkyMlowFAIDFHYZFw0xNDA2MTgxNTAwMDNaMBQCAw+a+xcNMTQw\n"
71 "NDI5MTgwOTE3WjAUAgMUi8AXDTE0MDcwOTE5NDYzM1owFAIDFOScFw0xNDA0MTYy\n"
72 "MzM5MzVaMBQCAw+GBxcNMTQwNTIxMTU1MDUzWjAUAgMS4ikXDTE0MDYxNzE4NTUx\n"
73 "NVowFAIDDUJmFw0xMjA2MjcxNzEwNTNaMBQCAwMeMxcNMDIwNTE1MTMwNjExWjAU\n"
74 "AgMS4iMXDTE0MDYwNjIwNDAyMVowFAIDE5yrFw0xMDA3MjkxNjQ0MzlaMBQCAxLG\n"
75 "ChcNMTQwNjA2MjIyMTM5WjAUAgMDJYUXDTAyMDUxNDE4MTE1N1owFAIDFIbmFw0x\n"
76 "NDA3MjUwMjAwMzhaMBQCAxOcoRcNMTAwNzI5MTY0NzMyWjAUAgMVTVwXDTE0MDQz\n"
77 "MDAwMDQ0MlowFAIDD/otFw0xNDA2MTcxODUwMTFaMBQCAxN1VRcNMTUwMTE4MDIy\n"
78 "MTMzWjAUAgMPVpYXDTE0MDYyNDEyMzEwMlowFAIDC4CKFw0xMjA2MjcxNzEwMjVa\n"
79 "MBQCAw+UFhcNMTAwMzAxMTM0NTMxWjAUAgMUFrMXDTE0MDYxODE0MzI1NlowFAID\n"
80 "CuGFFw0xMjA2MjcxNzEwMTdaMBQCAxTMPhcNMTQwNzExMTI1NTMxWjAUAgMQW8sX\n"
81 "DTEwMDczMDIxMzEyMFowFAIDFWofFw0xNDAyMjYxMjM1MTlaMA0GCSqGSIb3DQEB\n"
82 "BQUAA4GBAB1cJwcRA/IAvfRGPnH9EISD2dLSGaAg9xpDPazaM/y3QmAapKiyB1xR\n"
83 "FsBCgAoP8EdbS3iQr8esSPjKPBNe9tGIrlWjDIpiRyn4crgkF6+yBh6ncnarlh3g\n"
84 "fNQMQoI9So4Vdy88Kow6BBBV3Lu6sZHue+cjxXETrmshNdNk8ABUMQA=\n"
85 "-----END PKCS7-----\n";
86
TestCertReparse(bssl::Span<const uint8_t> der)87 static void TestCertReparse(bssl::Span<const uint8_t> der) {
88 bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
89 ASSERT_TRUE(certs);
90 bssl::UniquePtr<STACK_OF(X509)> certs2(sk_X509_new_null());
91 ASSERT_TRUE(certs2);
92 uint8_t *result_data, *result2_data;
93 size_t result_len, result2_len;
94
95 CBS pkcs7 = der;
96 ASSERT_TRUE(PKCS7_get_certificates(certs.get(), &pkcs7));
97 EXPECT_EQ(0u, CBS_len(&pkcs7));
98
99 bssl::ScopedCBB cbb;
100 ASSERT_TRUE(CBB_init(cbb.get(), der.size()));
101 ASSERT_TRUE(PKCS7_bundle_certificates(cbb.get(), certs.get()));
102 ASSERT_TRUE(CBB_finish(cbb.get(), &result_data, &result_len));
103 bssl::UniquePtr<uint8_t> free_result_data(result_data);
104
105 CBS_init(&pkcs7, result_data, result_len);
106 ASSERT_TRUE(PKCS7_get_certificates(certs2.get(), &pkcs7));
107 EXPECT_EQ(0u, CBS_len(&pkcs7));
108
109 // PKCS#7 stores certificates in a SET OF, so |PKCS7_bundle_certificates| may
110 // not preserve the original order. All of our test inputs are already sorted,
111 // but this check should be relaxed if we add others.
112 ASSERT_EQ(sk_X509_num(certs.get()), sk_X509_num(certs2.get()));
113 for (size_t i = 0; i < sk_X509_num(certs.get()); i++) {
114 X509 *a = sk_X509_value(certs.get(), i);
115 X509 *b = sk_X509_value(certs2.get(), i);
116 ASSERT_EQ(0, X509_cmp(a, b));
117 }
118
119 ASSERT_TRUE(CBB_init(cbb.get(), der.size()));
120 ASSERT_TRUE(PKCS7_bundle_certificates(cbb.get(), certs2.get()));
121 ASSERT_TRUE(CBB_finish(cbb.get(), &result2_data, &result2_len));
122 bssl::UniquePtr<uint8_t> free_result2_data(result2_data);
123
124 EXPECT_EQ(Bytes(result_data, result_len), Bytes(result2_data, result2_len));
125
126 // Parse with the legacy API instead.
127 const uint8_t *ptr = der.data();
128 bssl::UniquePtr<PKCS7> pkcs7_obj(d2i_PKCS7(nullptr, &ptr, der.size()));
129 ASSERT_TRUE(pkcs7_obj);
130 EXPECT_EQ(ptr, der.data() + der.size());
131
132 ASSERT_TRUE(PKCS7_type_is_signed(pkcs7_obj.get()));
133 const STACK_OF(X509) *certs3 = pkcs7_obj->d.sign->cert;
134 ASSERT_EQ(sk_X509_num(certs.get()), sk_X509_num(certs3));
135 for (size_t i = 0; i < sk_X509_num(certs.get()); i++) {
136 X509 *a = sk_X509_value(certs.get(), i);
137 X509 *b = sk_X509_value(certs3, i);
138 ASSERT_EQ(0, X509_cmp(a, b));
139 }
140
141 // Serialize the original object. This should echo back the original saved
142 // bytes.
143 uint8_t *result3_data = nullptr;
144 int result3_len = i2d_PKCS7(pkcs7_obj.get(), &result3_data);
145 ASSERT_GT(result3_len, 0);
146 bssl::UniquePtr<uint8_t> free_result3_data(result3_data);
147 EXPECT_EQ(Bytes(der), Bytes(result3_data, result3_len));
148
149 // Make a new object with the legacy API.
150 pkcs7_obj.reset(
151 PKCS7_sign(nullptr, nullptr, certs.get(), nullptr, PKCS7_DETACHED));
152 ASSERT_TRUE(pkcs7_obj);
153
154 ASSERT_TRUE(PKCS7_type_is_signed(pkcs7_obj.get()));
155 const STACK_OF(X509) *certs4 = pkcs7_obj->d.sign->cert;
156 ASSERT_EQ(sk_X509_num(certs.get()), sk_X509_num(certs4));
157 for (size_t i = 0; i < sk_X509_num(certs.get()); i++) {
158 X509 *a = sk_X509_value(certs.get(), i);
159 X509 *b = sk_X509_value(certs4, i);
160 ASSERT_EQ(0, X509_cmp(a, b));
161 }
162
163 // This new object should serialize canonically.
164 uint8_t *result4_data = nullptr;
165 int result4_len = i2d_PKCS7(pkcs7_obj.get(), &result4_data);
166 ASSERT_GT(result4_len, 0);
167 bssl::UniquePtr<uint8_t> free_result4_data(result4_data);
168 EXPECT_EQ(Bytes(result_data, result_len), Bytes(result4_data, result4_len));
169 }
170
TestCRLReparse(bssl::Span<const uint8_t> der)171 static void TestCRLReparse(bssl::Span<const uint8_t> der) {
172 bssl::UniquePtr<STACK_OF(X509_CRL)> crls(sk_X509_CRL_new_null());
173 ASSERT_TRUE(crls);
174 bssl::UniquePtr<STACK_OF(X509_CRL)> crls2(sk_X509_CRL_new_null());
175 ASSERT_TRUE(crls2);
176 uint8_t *result_data, *result2_data;
177 size_t result_len, result2_len;
178
179 CBS pkcs7 = der;
180 ASSERT_TRUE(PKCS7_get_CRLs(crls.get(), &pkcs7));
181 EXPECT_EQ(0u, CBS_len(&pkcs7));
182
183 bssl::ScopedCBB cbb;
184 ASSERT_TRUE(CBB_init(cbb.get(), der.size()));
185 ASSERT_TRUE(PKCS7_bundle_CRLs(cbb.get(), crls.get()));
186 ASSERT_TRUE(CBB_finish(cbb.get(), &result_data, &result_len));
187 bssl::UniquePtr<uint8_t> free_result_data(result_data);
188
189 CBS_init(&pkcs7, result_data, result_len);
190 ASSERT_TRUE(PKCS7_get_CRLs(crls2.get(), &pkcs7));
191 EXPECT_EQ(0u, CBS_len(&pkcs7));
192
193 // PKCS#7 stores CRLs in a SET OF, so |PKCS7_bundle_CRLs| may not preserve the
194 // original order. All of our test inputs are already sorted, but this check
195 // should be relaxed if we add others.
196 ASSERT_EQ(sk_X509_CRL_num(crls.get()), sk_X509_CRL_num(crls.get()));
197 for (size_t i = 0; i < sk_X509_CRL_num(crls.get()); i++) {
198 X509_CRL *a = sk_X509_CRL_value(crls.get(), i);
199 X509_CRL *b = sk_X509_CRL_value(crls2.get(), i);
200 ASSERT_EQ(0, X509_CRL_cmp(a, b));
201 }
202
203 ASSERT_TRUE(CBB_init(cbb.get(), der.size()));
204 ASSERT_TRUE(PKCS7_bundle_CRLs(cbb.get(), crls2.get()));
205 ASSERT_TRUE(CBB_finish(cbb.get(), &result2_data, &result2_len));
206 bssl::UniquePtr<uint8_t> free_result2_data(result2_data);
207
208 EXPECT_EQ(Bytes(result_data, result_len), Bytes(result2_data, result2_len));
209
210 // Parse with the legacy API instead.
211 const uint8_t *ptr = der.data();
212 bssl::UniquePtr<PKCS7> pkcs7_obj(d2i_PKCS7(nullptr, &ptr, der.size()));
213 ASSERT_TRUE(pkcs7_obj);
214 EXPECT_EQ(ptr, der.data() + der.size());
215
216 ASSERT_TRUE(PKCS7_type_is_signed(pkcs7_obj.get()));
217 const STACK_OF(X509_CRL) *crls3 = pkcs7_obj->d.sign->crl;
218 ASSERT_EQ(sk_X509_CRL_num(crls.get()), sk_X509_CRL_num(crls3));
219 for (size_t i = 0; i < sk_X509_CRL_num(crls.get()); i++) {
220 X509_CRL *a = sk_X509_CRL_value(crls.get(), i);
221 X509_CRL *b = sk_X509_CRL_value(crls3, i);
222 ASSERT_EQ(0, X509_CRL_cmp(a, b));
223 }
224
225 ptr = result_data;
226 pkcs7_obj.reset(d2i_PKCS7(nullptr, &ptr, result_len));
227 ASSERT_TRUE(pkcs7_obj);
228 EXPECT_EQ(ptr, result_data + result_len);
229
230 ASSERT_TRUE(PKCS7_type_is_signed(pkcs7_obj.get()));
231 const STACK_OF(X509_CRL) *crls4 = pkcs7_obj->d.sign->crl;
232 ASSERT_EQ(sk_X509_CRL_num(crls.get()), sk_X509_CRL_num(crls4));
233 for (size_t i = 0; i < sk_X509_CRL_num(crls.get()); i++) {
234 X509_CRL *a = sk_X509_CRL_value(crls.get(), i);
235 X509_CRL *b = sk_X509_CRL_value(crls4, i);
236 ASSERT_EQ(0, X509_CRL_cmp(a, b));
237 }
238 }
239
TestPEMCerts(const char * pem)240 static void TestPEMCerts(const char *pem) {
241 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
242 ASSERT_TRUE(bio);
243 bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
244 ASSERT_TRUE(certs);
245
246 ASSERT_TRUE(PKCS7_get_PEM_certificates(certs.get(), bio.get()));
247 ASSERT_EQ(1u, sk_X509_num(certs.get()));
248 }
249
TestPEMCRLs(const char * pem)250 static void TestPEMCRLs(const char *pem) {
251 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
252 ASSERT_TRUE(bio);
253 bssl::UniquePtr<STACK_OF(X509_CRL)> crls(sk_X509_CRL_new_null());
254 ASSERT_TRUE(crls);
255
256 ASSERT_TRUE(PKCS7_get_PEM_CRLs(crls.get(), bio.get()));
257 ASSERT_EQ(1u, sk_X509_CRL_num(crls.get()));
258 }
259
TEST(PKCS7Test,CertReparseNSS)260 TEST(PKCS7Test, CertReparseNSS) {
261 // nss.p7c contains the certificate chain of mail.google.com, as saved by NSS
262 // using the Chrome UI.
263 TestCertReparse(
264 bssl::StringAsBytes(GetTestData("crypto/pkcs7/test/nss.p7c")));
265 }
266
TEST(PKCS7Test,CertReparseWindows)267 TEST(PKCS7Test, CertReparseWindows) {
268 // windows.p7c is the Equifax root certificate, as exported by Windows 7.
269 TestCertReparse(
270 bssl::StringAsBytes(GetTestData("crypto/pkcs7/test/windows.p7c")));
271 }
272
TEST(PKCS7Test,CrlReparse)273 TEST(PKCS7Test, CrlReparse) {
274 // openssl_crl.p7c is the Equifax CRL, converted to PKCS#7 form by:
275 // openssl crl2pkcs7 -inform DER -in secureca.crl
276 TestCRLReparse(
277 bssl::StringAsBytes(GetTestData("crypto/pkcs7/test/openssl_crl.p7c")));
278 }
279
TEST(PKCS7Test,PEMCerts)280 TEST(PKCS7Test, PEMCerts) {
281 TestPEMCerts(kPEMCert);
282 }
283
TEST(PKCS7Test,PEMCRLs)284 TEST(PKCS7Test, PEMCRLs) {
285 TestPEMCRLs(kPEMCRL);
286 }
287
288 // Test that we output certificates in the canonical DER order.
TEST(PKCS7Test,SortCerts)289 TEST(PKCS7Test, SortCerts) {
290 // nss.p7c contains three certificates in the canonical DER order.
291 std::string nss_p7c = GetTestData("crypto/pkcs7/test/nss.p7c");
292 CBS pkcs7 = bssl::StringAsBytes(nss_p7c);
293 bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
294 ASSERT_TRUE(certs);
295 ASSERT_TRUE(PKCS7_get_certificates(certs.get(), &pkcs7));
296 ASSERT_EQ(3u, sk_X509_num(certs.get()));
297
298 X509 *cert1 = sk_X509_value(certs.get(), 0);
299 X509 *cert2 = sk_X509_value(certs.get(), 1);
300 X509 *cert3 = sk_X509_value(certs.get(), 2);
301
302 auto check_order = [&](X509 *new_cert1, X509 *new_cert2, X509 *new_cert3) {
303 // Bundle the certificates in the new order.
304 bssl::UniquePtr<STACK_OF(X509)> new_certs(sk_X509_new_null());
305 ASSERT_TRUE(new_certs);
306 ASSERT_TRUE(bssl::PushToStack(new_certs.get(), bssl::UpRef(new_cert1)));
307 ASSERT_TRUE(bssl::PushToStack(new_certs.get(), bssl::UpRef(new_cert2)));
308 ASSERT_TRUE(bssl::PushToStack(new_certs.get(), bssl::UpRef(new_cert3)));
309 bssl::ScopedCBB cbb;
310 ASSERT_TRUE(CBB_init(cbb.get(), nss_p7c.size()));
311 ASSERT_TRUE(PKCS7_bundle_certificates(cbb.get(), new_certs.get()));
312
313 // The bundle should be sorted back to the original order.
314 CBS cbs;
315 CBS_init(&cbs, CBB_data(cbb.get()), CBB_len(cbb.get()));
316 bssl::UniquePtr<STACK_OF(X509)> result(sk_X509_new_null());
317 ASSERT_TRUE(result);
318 ASSERT_TRUE(PKCS7_get_certificates(result.get(), &cbs));
319 ASSERT_EQ(sk_X509_num(certs.get()), sk_X509_num(result.get()));
320 for (size_t i = 0; i < sk_X509_num(certs.get()); i++) {
321 X509 *a = sk_X509_value(certs.get(), i);
322 X509 *b = sk_X509_value(result.get(), i);
323 EXPECT_EQ(0, X509_cmp(a, b));
324 }
325 };
326
327 check_order(cert1, cert2, cert3);
328 check_order(cert3, cert2, cert1);
329 check_order(cert2, cert3, cert1);
330 }
331
332 // Test that we output certificates in the canonical DER order, using the
333 // CRYPTO_BUFFER version of the parse and bundle functions.
TEST(PKCS7Test,SortCertsRaw)334 TEST(PKCS7Test, SortCertsRaw) {
335 // nss.p7c contains three certificates in the canonical DER order.
336 std::string nss_p7c = GetTestData("crypto/pkcs7/test/nss.p7c");
337 CBS pkcs7 = bssl::StringAsBytes(nss_p7c);
338 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null());
339 ASSERT_TRUE(certs);
340 ASSERT_TRUE(PKCS7_get_raw_certificates(certs.get(), &pkcs7, nullptr));
341 ASSERT_EQ(3u, sk_CRYPTO_BUFFER_num(certs.get()));
342
343 CRYPTO_BUFFER *cert1 = sk_CRYPTO_BUFFER_value(certs.get(), 0);
344 CRYPTO_BUFFER *cert2 = sk_CRYPTO_BUFFER_value(certs.get(), 1);
345 CRYPTO_BUFFER *cert3 = sk_CRYPTO_BUFFER_value(certs.get(), 2);
346
347 auto check_order = [&](CRYPTO_BUFFER *new_cert1, CRYPTO_BUFFER *new_cert2,
348 CRYPTO_BUFFER *new_cert3) {
349 // Bundle the certificates in the new order.
350 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_certs(
351 sk_CRYPTO_BUFFER_new_null());
352 ASSERT_TRUE(new_certs);
353 ASSERT_TRUE(bssl::PushToStack(new_certs.get(), bssl::UpRef(new_cert1)));
354 ASSERT_TRUE(bssl::PushToStack(new_certs.get(), bssl::UpRef(new_cert2)));
355 ASSERT_TRUE(bssl::PushToStack(new_certs.get(), bssl::UpRef(new_cert3)));
356 bssl::ScopedCBB cbb;
357 ASSERT_TRUE(CBB_init(cbb.get(), nss_p7c.size()));
358 ASSERT_TRUE(PKCS7_bundle_raw_certificates(cbb.get(), new_certs.get()));
359
360 // The bundle should be sorted back to the original order.
361 CBS cbs;
362 CBS_init(&cbs, CBB_data(cbb.get()), CBB_len(cbb.get()));
363 bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> result(
364 sk_CRYPTO_BUFFER_new_null());
365 ASSERT_TRUE(result);
366 ASSERT_TRUE(PKCS7_get_raw_certificates(result.get(), &cbs, nullptr));
367 ASSERT_EQ(sk_CRYPTO_BUFFER_num(certs.get()),
368 sk_CRYPTO_BUFFER_num(result.get()));
369 for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(certs.get()); i++) {
370 CRYPTO_BUFFER *a = sk_CRYPTO_BUFFER_value(certs.get(), i);
371 CRYPTO_BUFFER *b = sk_CRYPTO_BUFFER_value(result.get(), i);
372 EXPECT_EQ(Bytes(CRYPTO_BUFFER_data(a), CRYPTO_BUFFER_len(a)),
373 Bytes(CRYPTO_BUFFER_data(b), CRYPTO_BUFFER_len(b)));
374 }
375 };
376
377 check_order(cert1, cert2, cert3);
378 check_order(cert3, cert2, cert1);
379 check_order(cert2, cert3, cert1);
380 }
381
382 // Test that we output CRLs in the canonical DER order.
TEST(PKCS7Test,SortCRLs)383 TEST(PKCS7Test, SortCRLs) {
384 static const char kCRL1[] = R"(
385 -----BEGIN X509 CRL-----
386 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
387 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
388 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
389 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
390 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
391 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
392 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
393 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
394 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
395 -----END X509 CRL-----
396 )";
397 static const char kCRL2[] = R"(
398 -----BEGIN X509 CRL-----
399 MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
400 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
401 Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX
402 DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB
403 AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d
404 sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH
405 NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5
406 OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp
407 Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO
408 xzfKY2TzxLiOmctG0hXFkH5J
409 -----END X509 CRL-----
410 )";
411
412 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCRL1, strlen(kCRL1)));
413 ASSERT_TRUE(bio);
414 bssl::UniquePtr<X509_CRL> crl1(
415 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
416 ASSERT_TRUE(crl1);
417 bio.reset(BIO_new_mem_buf(kCRL2, strlen(kCRL2)));
418 ASSERT_TRUE(bio);
419 bssl::UniquePtr<X509_CRL> crl2(
420 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
421 ASSERT_TRUE(crl2);
422
423 // DER's SET OF ordering sorts by tag, then length, so |crl1| comes before
424 // |crl2|.
425 auto check_order = [&](X509_CRL *new_crl1, X509_CRL *new_crl2) {
426 // Bundle the CRLs in the new order.
427 bssl::UniquePtr<STACK_OF(X509_CRL)> new_crls(sk_X509_CRL_new_null());
428 ASSERT_TRUE(new_crls);
429 ASSERT_TRUE(bssl::PushToStack(new_crls.get(), bssl::UpRef(new_crl1)));
430 ASSERT_TRUE(bssl::PushToStack(new_crls.get(), bssl::UpRef(new_crl2)));
431 bssl::ScopedCBB cbb;
432 ASSERT_TRUE(CBB_init(cbb.get(), 64));
433 ASSERT_TRUE(PKCS7_bundle_CRLs(cbb.get(), new_crls.get()));
434
435 // The bundle should be sorted back to the original order.
436 CBS cbs;
437 CBS_init(&cbs, CBB_data(cbb.get()), CBB_len(cbb.get()));
438 bssl::UniquePtr<STACK_OF(X509_CRL)> result(sk_X509_CRL_new_null());
439 ASSERT_TRUE(result);
440 ASSERT_TRUE(PKCS7_get_CRLs(result.get(), &cbs));
441 ASSERT_EQ(2u, sk_X509_CRL_num(result.get()));
442 EXPECT_EQ(0, X509_CRL_cmp(crl1.get(), sk_X509_CRL_value(result.get(), 0)));
443 EXPECT_EQ(0, X509_CRL_cmp(crl2.get(), sk_X509_CRL_value(result.get(), 1)));
444 };
445
446 check_order(crl1.get(), crl2.get());
447 check_order(crl2.get(), crl1.get());
448 }
449
TEST(PKCS7Test,KernelModuleSigning)450 TEST(PKCS7Test, KernelModuleSigning) {
451 // Sign a message with the same call that the Linux kernel's sign-file.c
452 // makes.
453 std::string cert_pem = GetTestData("crypto/pkcs7/test/sign_cert.pem");
454 std::string key_pem = GetTestData("crypto/pkcs7/test/sign_key.pem");
455 bssl::UniquePtr<BIO> cert_bio(
456 BIO_new_mem_buf(cert_pem.data(), cert_pem.size()));
457 bssl::UniquePtr<X509> cert(
458 PEM_read_bio_X509(cert_bio.get(), nullptr, nullptr, nullptr));
459
460 bssl::UniquePtr<BIO> key_bio(BIO_new_mem_buf(key_pem.data(), key_pem.size()));
461 bssl::UniquePtr<EVP_PKEY> key(
462 PEM_read_bio_PrivateKey(key_bio.get(), nullptr, nullptr, nullptr));
463
464 static const char kSignedData[] = "signed data";
465 bssl::UniquePtr<BIO> data_bio(
466 BIO_new_mem_buf(kSignedData, sizeof(kSignedData) - 1));
467
468 bssl::UniquePtr<PKCS7> pkcs7(
469 PKCS7_sign(cert.get(), key.get(), /*certs=*/nullptr, data_bio.get(),
470 PKCS7_NOATTR | PKCS7_BINARY | PKCS7_NOCERTS | PKCS7_DETACHED));
471 ASSERT_TRUE(pkcs7);
472
473 uint8_t *pkcs7_bytes = nullptr;
474 const int pkcs7_len = i2d_PKCS7(pkcs7.get(), &pkcs7_bytes);
475 ASSERT_GE(pkcs7_len, 0);
476 bssl::UniquePtr<uint8_t> pkcs7_storage(pkcs7_bytes);
477
478 // RSA signatures are deterministic so the output should not change.
479 std::string expected = GetTestData("crypto/pkcs7/test/sign_sha256.p7s");
480 EXPECT_EQ(Bytes(pkcs7_bytes, pkcs7_len), Bytes(expected));
481
482 // Other option combinations should fail.
483 EXPECT_FALSE(
484 PKCS7_sign(cert.get(), key.get(), /*certs=*/nullptr, data_bio.get(),
485 PKCS7_NOATTR | PKCS7_BINARY | PKCS7_NOCERTS));
486 EXPECT_FALSE(
487 PKCS7_sign(cert.get(), key.get(), /*certs=*/nullptr, data_bio.get(),
488 PKCS7_BINARY | PKCS7_NOCERTS | PKCS7_DETACHED));
489 EXPECT_FALSE(
490 PKCS7_sign(cert.get(), key.get(), /*certs=*/nullptr, data_bio.get(),
491 PKCS7_NOATTR | PKCS7_TEXT | PKCS7_NOCERTS | PKCS7_DETACHED));
492 EXPECT_FALSE(
493 PKCS7_sign(cert.get(), key.get(), /*certs=*/nullptr, data_bio.get(),
494 PKCS7_NOATTR | PKCS7_BINARY | PKCS7_DETACHED));
495
496 ERR_clear_error();
497 }
498