diff --git a/tests/api/test_pkcs7.c b/tests/api/test_pkcs7.c index 20d608aa9b..9a08f391cd 100644 --- a/tests/api/test_pkcs7.c +++ b/tests/api/test_pkcs7.c @@ -1013,6 +1013,376 @@ int test_wc_PKCS7_EncodeSignedData(void) } /* END test_wc_PKCS7_EncodeSignedData */ +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && \ + (defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) || \ + !defined(NO_FILESYSTEM) || !defined(NO_SHA256)) +/* Return the offset of needle within hay, or -1 if not present. */ +static int test_PKCS7_findBytes(const byte* hay, int haySz, const byte* needle, + int needleSz) +{ + int i, j; + + if (hay == NULL || needle == NULL || needleSz <= 0 || haySz < needleSz) + return -1; + + for (i = 0; i <= haySz - needleSz; i++) { + for (j = 0; j < needleSz; j++) { + if (hay[i + j] != needle[j]) + break; + } + if (j == needleSz) + return i; + } + return -1; +} +#endif + +/* + * Regression test for the SignerIdentifier subjectKeyIdentifier encoding. + * RFC 5652 defines the CMS module with IMPLICIT TAGS, so the [0] + * subjectKeyIdentifier CHOICE must be encoded with an implicit context + * specific tag (0x80 length value), not an explicit [0] wrapper around an + * OCTET STRING (0xA0 len 0x04 len value). Independent oracle: RFC 5652 + * section 5.3 with X.690 implicit tagging rules. + */ +int test_wc_PKCS7_EncodeSignedData_SKID(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && \ + (defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) || \ + !defined(NO_FILESYSTEM)) + PKCS7* pkcs7 = NULL; + WC_RNG rng; + byte output[FOURK_BUF]; + int outputSz = 0; + byte data[] = "Test data to encode."; + int i; + /* Distinctive SKID so its location in the encoding is unambiguous. */ + byte customSKID[KEYID_SIZE]; + /* Correct implicit form: 0x80, length, value. */ + byte implicitForm[2 + KEYID_SIZE]; + /* Old (incorrect) explicit form: 0xA0, len, 0x04, len, value. */ + byte explicitForm[4 + KEYID_SIZE]; +#if defined(USE_CERT_BUFFERS_2048) + byte key[sizeof(client_key_der_2048)]; + byte cert[sizeof(client_cert_der_2048)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMCPY(key, client_key_der_2048, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); +#elif defined(USE_CERT_BUFFERS_1024) + byte key[sizeof_client_key_der_1024]; + byte cert[sizeof_client_cert_der_1024]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMCPY(key, client_key_der_1024, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); +#else + byte cert[ONEK_BUF]; + byte key[ONEK_BUF]; + word32 certSz = 0; + word32 keySz = 0; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE); + ExpectIntGT(certSz = (word32)XFREAD(cert, 1, sizeof(cert), fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != XBADFILE); + ExpectIntGT(keySz = (word32)XFREAD(key, 1, sizeof(key), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(output, 0, sizeof(output)); + for (i = 0; i < (int)sizeof(customSKID); i++) + customSKID[i] = (byte)(0xA0 + (i * 7)); + + /* Build the expected implicit and explicit encodings from the spec. */ + implicitForm[0] = ASN_CONTEXT_SPECIFIC; /* 0x80 */ + implicitForm[1] = (byte)KEYID_SIZE; + XMEMCPY(implicitForm + 2, customSKID, KEYID_SIZE); + + explicitForm[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; /* 0xA0 */ + explicitForm[1] = (byte)(2 + KEYID_SIZE); + explicitForm[2] = ASN_OCTET_STRING; /* 0x04 */ + explicitForm[3] = (byte)KEYID_SIZE; + XMEMCPY(explicitForm + 4, customSKID, KEYID_SIZE); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Part A: custom SKID, confirm the wire encoding uses implicit tagging. */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = keySz; + pkcs7->encryptOID = RSAk; + #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS) + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); + ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID, + (word16)sizeof(customSKID)), 0); + ExpectIntGT((outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, + (word32)sizeof(output))), 0); + + /* implicit form must be present, explicit form must be absent */ + ExpectIntGE(test_PKCS7_findBytes(output, outputSz, implicitForm, + (int)sizeof(implicitForm)), 0); + ExpectIntEQ(test_PKCS7_findBytes(output, outputSz, explicitForm, + (int)sizeof(explicitForm)), -1); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* Part B: default SKID matching the signer cert, confirm the encoding + * still round-trips through the decoder after the tagging change. */ + XMEMSET(output, 0, sizeof(output)); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = keySz; + pkcs7->encryptOID = RSAk; + #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS) + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); + ExpectIntGT((outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, + (word32)sizeof(output))), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeSignedData_SKID */ + + +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_SHA256) +/* CMS SignedData produced by wolfSSL 5.9.x and earlier, which encoded the + * SignerIdentifier subjectKeyIdentifier as an explicit [0] wrapper around an + * OCTET STRING (0xA0 0x16 0x04 0x14 keyid) rather than the RFC 5652 implicit + * form (0x80 0x14 keyid). Retained as a fixture so the decoder's + * backward-compatible explicit-form parse path stays exercised now that the + * encoder emits the implicit form. Signed with certs/client-cert.der (2048-bit + * RSA) over the content "hello". */ +static const byte explicitSKIDSignedData[] = { + 0x30, 0x82, 0x07, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x02, 0xA0, 0x82, 0x07, 0x07, 0x30, 0x82, 0x07, 0x03, 0x02, + 0x01, 0x01, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x15, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x08, 0x04, 0x06, + 0x68, 0x65, 0x6C, 0x6C, 0x6F, 0x00, 0xA0, 0x82, 0x05, 0x24, 0x30, 0x82, + 0x05, 0x20, 0x30, 0x82, 0x04, 0x08, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, + 0x14, 0x75, 0x90, 0x2E, 0xA0, 0xC3, 0xE1, 0x96, 0xE1, 0x92, 0x48, 0xB7, + 0xA5, 0xC5, 0x83, 0xA1, 0xC9, 0xA7, 0x3E, 0xE9, 0x5F, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, + 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x11, 0x66, 0x61, 0x63, 0x74, 0x73, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x36, + 0x30, 0x36, 0x31, 0x31, 0x32, 0x31, 0x34, 0x34, 0x32, 0x37, 0x5A, 0x17, + 0x0D, 0x32, 0x39, 0x30, 0x33, 0x30, 0x37, 0x32, 0x31, 0x34, 0x34, 0x32, + 0x37, 0x5A, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, + 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x20, + 0x30, 0x1E, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x11, 0x66, 0x61, 0x63, 0x74, 0x73, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, + 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, 0xBD, + 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, + 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, + 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, + 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, + 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, + 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, + 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, + 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, + 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, 0x10, + 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, + 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, + 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, + 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, + 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, + 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, + 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, + 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, + 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xA3, 0x82, 0x01, 0x50, 0x30, 0x82, 0x01, 0x4C, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, + 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, + 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDF, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xD7, 0x30, 0x81, 0xD4, 0x80, 0x14, 0x33, 0xD8, 0x45, + 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, + 0x26, 0xD7, 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA5, 0xA4, 0x81, 0xA2, 0x30, + 0x81, 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, + 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x11, + 0x66, 0x61, 0x63, 0x74, 0x73, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x75, 0x90, 0x2E, 0xA0, 0xC3, + 0xE1, 0x96, 0xE1, 0x92, 0x48, 0xB7, 0xA5, 0xC5, 0x83, 0xA1, 0xC9, 0xA7, + 0x3E, 0xE9, 0x5F, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, + 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x4F, 0x7C, 0x37, 0xD9, 0xBF, 0xB6, 0xB7, 0x18, 0x12, 0x2E, + 0xFB, 0x6B, 0xA8, 0x0C, 0x9E, 0x24, 0x03, 0xF1, 0xC3, 0x7E, 0xA0, 0xC0, + 0x33, 0xDA, 0x13, 0x83, 0xEE, 0xA3, 0x52, 0x11, 0x0D, 0x66, 0x0C, 0x20, + 0x1B, 0x9D, 0x89, 0x91, 0x0F, 0x1C, 0xA6, 0xE0, 0x16, 0xE7, 0xF7, 0xD3, + 0xC5, 0xD7, 0xD7, 0x11, 0x31, 0xC5, 0x17, 0x90, 0x0F, 0x12, 0x96, 0x95, + 0xDC, 0xC5, 0xCA, 0x6C, 0x33, 0xFA, 0x35, 0xF0, 0xDF, 0x3B, 0x0B, 0xB4, + 0x10, 0x86, 0x31, 0xE6, 0xA5, 0x11, 0x90, 0xC2, 0xD1, 0x95, 0xF2, 0x3F, + 0x86, 0xFA, 0x29, 0x9E, 0xD1, 0x6C, 0xC0, 0x1F, 0x97, 0x76, 0x13, 0xE4, + 0xB0, 0x26, 0x65, 0x9C, 0xD6, 0x3E, 0x43, 0xD2, 0x2E, 0xAA, 0x0C, 0x14, + 0x95, 0xAA, 0x8E, 0x65, 0xD5, 0xF5, 0x61, 0x1C, 0xD6, 0xA3, 0xC0, 0x4C, + 0x2C, 0x90, 0x49, 0xAB, 0xEB, 0x3C, 0x13, 0x5F, 0x85, 0x8C, 0xF8, 0x22, + 0x20, 0xA9, 0x3A, 0x94, 0xEA, 0xFB, 0xFD, 0x40, 0xA4, 0x88, 0x20, 0x06, + 0x31, 0xE3, 0xEE, 0x6E, 0xC8, 0x6D, 0x77, 0xAD, 0xF6, 0xC4, 0x1E, 0xD8, + 0x7A, 0x8E, 0xA4, 0x64, 0x1A, 0x73, 0x6C, 0xE6, 0x7D, 0x79, 0xD9, 0x1E, + 0x44, 0x18, 0xD1, 0x31, 0xB0, 0x97, 0x85, 0xE9, 0xC9, 0xF0, 0x8E, 0xDF, + 0x0E, 0xF8, 0x78, 0xEC, 0x48, 0x9C, 0x70, 0xC8, 0x12, 0x38, 0xF0, 0x04, + 0x4F, 0x3E, 0xAD, 0xBD, 0x90, 0xDD, 0xD8, 0x5D, 0x66, 0x67, 0xB3, 0xE9, + 0xA7, 0x6B, 0x79, 0xAB, 0x9C, 0x04, 0x79, 0x91, 0xE0, 0xE6, 0x36, 0xE5, + 0x1F, 0x82, 0x81, 0x4C, 0x20, 0x71, 0xEA, 0x09, 0x83, 0x9F, 0xCE, 0xA7, + 0x42, 0x74, 0x00, 0xC2, 0x15, 0x77, 0x8A, 0xA2, 0xC6, 0x91, 0x47, 0x94, + 0x01, 0x2D, 0x0D, 0xD7, 0xDE, 0x78, 0x5F, 0xD4, 0x2A, 0x43, 0xF4, 0xFC, + 0x79, 0x53, 0x6D, 0xC4, 0x61, 0x8F, 0x31, 0x82, 0x01, 0xAC, 0x30, 0x82, + 0x01, 0xA8, 0x02, 0x01, 0x03, 0xA0, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, + 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, + 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xA0, 0x69, 0x30, 0x18, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03, 0x31, + 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, + 0x30, 0x1C, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x05, 0x31, 0x0F, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x37, 0x31, 0x36, 0x32, + 0x30, 0x35, 0x34, 0x32, 0x30, 0x5A, 0x30, 0x2F, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04, 0x31, 0x22, 0x04, 0x20, 0xF3, + 0xAE, 0xFE, 0x62, 0x96, 0x5A, 0x91, 0x90, 0x36, 0x10, 0xF0, 0xE2, 0x3C, + 0xC8, 0xA6, 0x9D, 0x5B, 0x87, 0xCE, 0xA6, 0xD2, 0x8E, 0x75, 0x48, 0x9B, + 0x0D, 0x2C, 0xA0, 0x2E, 0xD7, 0x99, 0x3C, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x04, 0x82, + 0x01, 0x00, 0x82, 0x0D, 0x82, 0x14, 0xA6, 0x1E, 0xDC, 0x74, 0xB2, 0x17, + 0xEB, 0x11, 0xF4, 0xD8, 0x84, 0x14, 0x2E, 0x70, 0x5B, 0xDF, 0xB4, 0x3A, + 0x21, 0x6F, 0x0A, 0x12, 0x58, 0x47, 0xEC, 0x35, 0x40, 0x45, 0x2D, 0x18, + 0x2A, 0xBC, 0x13, 0xC7, 0xE4, 0xA6, 0x39, 0xDC, 0xE2, 0x7D, 0x6C, 0x62, + 0xA9, 0xEF, 0x4F, 0x91, 0x60, 0x8C, 0x8F, 0xF9, 0x80, 0xE0, 0x46, 0x83, + 0xF6, 0xE2, 0x77, 0x8E, 0xE6, 0xE4, 0x45, 0x82, 0xC2, 0xF7, 0x67, 0x10, + 0x4F, 0x11, 0xE3, 0xB5, 0xCC, 0x3B, 0x6A, 0x1D, 0x2E, 0xB1, 0xA1, 0x88, + 0xB0, 0xBC, 0x95, 0x16, 0x83, 0x3D, 0xFC, 0x17, 0x27, 0x16, 0x4D, 0x5E, + 0x26, 0xD8, 0x3E, 0xF6, 0x06, 0x39, 0xAE, 0xDB, 0x68, 0xBC, 0x98, 0x0A, + 0x2E, 0x70, 0x0A, 0xED, 0x78, 0x90, 0xF2, 0xE3, 0xB1, 0x10, 0x83, 0xCB, + 0x1C, 0xDE, 0x11, 0x3D, 0x7B, 0x2C, 0x24, 0x03, 0x91, 0xEF, 0x8A, 0x42, + 0x44, 0x73, 0xC0, 0xF6, 0x8B, 0x69, 0x4E, 0x78, 0x9C, 0xB4, 0x0D, 0x01, + 0x0B, 0xB7, 0x5F, 0xB0, 0xA8, 0x04, 0x19, 0x60, 0x4A, 0x4B, 0xC2, 0xCF, + 0x9A, 0xD5, 0x38, 0xFA, 0xE9, 0x61, 0xE8, 0xF6, 0xCB, 0xB3, 0x75, 0xFE, + 0xC6, 0x53, 0xE0, 0x4C, 0x64, 0x6E, 0xF0, 0x86, 0x36, 0x42, 0x7F, 0x2E, + 0xF4, 0x07, 0x80, 0xFB, 0xB0, 0x8B, 0x0D, 0x40, 0x8A, 0xB8, 0x39, 0xE8, + 0x86, 0xD7, 0xD8, 0xAA, 0x1A, 0x1E, 0xAF, 0x29, 0xEF, 0xD2, 0x16, 0xF6, + 0x36, 0xF6, 0x93, 0x8F, 0xBC, 0xE0, 0x61, 0x9C, 0xE9, 0xCA, 0x95, 0x04, + 0x83, 0xC5, 0xF1, 0x74, 0x30, 0x33, 0x2F, 0x7B, 0x7C, 0xB8, 0x74, 0xB8, + 0xBC, 0x24, 0x81, 0x95, 0x38, 0x0D, 0x66, 0x7C, 0xDA, 0xE6, 0x35, 0x9E, + 0x16, 0xB9, 0xA7, 0x06, 0x5B, 0x9F, 0xC6, 0x44, 0xB4, 0x75, 0xB5, 0x3A, + 0xB7, 0x82, 0xA4, 0xE6, 0x5D, 0xB1 +}; +#endif + +/* + * Regression test for decoding the legacy explicit-form SignerIdentifier + * subjectKeyIdentifier. wolfSSL now emits the RFC 5652 implicit form, but the + * decoder must keep accepting the older explicit form for interoperability + * with SignedData produced by earlier releases. Independent oracle: a byte + * fixture captured from a prior wolfSSL release (not from the code under test), + * which must still verify. + */ +int test_wc_PKCS7_VerifySignedData_ExplicitSKID(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_SHA256) + PKCS7* pkcs7 = NULL; + byte msg[sizeof(explicitSKIDSignedData)]; + /* legacy explicit [0] SKID marker: 0xA0 len 0x04 len */ + static const byte explicitMarker[] = { 0xA0, 0x16, 0x04, 0x14 }; + + /* Confirm the fixture really carries the explicit form, otherwise the + * decode path under test would not be exercised. */ + ExpectIntGE(test_PKCS7_findBytes(explicitSKIDSignedData, + (int)sizeof(explicitSKIDSignedData), explicitMarker, + (int)sizeof(explicitMarker)), 0); + + /* wc_PKCS7_VerifySignedData takes a mutable buffer, copy the fixture. */ + XMEMCPY(msg, explicitSKIDSignedData, sizeof(explicitSKIDSignedData)); + + /* The decoder must accept the legacy explicit form and verify. */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, msg, (word32)sizeof(msg)), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_VerifySignedData_ExplicitSKID */ + + + /* * Testing wc_PKCS7_EncodeSignedData() with RSA-PSS signer certificate. * Uses certs/rsapss/client-rsapss.der and client-rsapss-priv.der. diff --git a/tests/api/test_pkcs7.h b/tests/api/test_pkcs7.h index 1a49be5aa6..66f0b519e6 100644 --- a/tests/api/test_pkcs7.h +++ b/tests/api/test_pkcs7.h @@ -30,6 +30,8 @@ int test_wc_PKCS7_InitWithCert(void); int test_wc_PKCS7_InitWithCert_guardrails(void); int test_wc_PKCS7_EncodeData(void); int test_wc_PKCS7_EncodeSignedData(void); +int test_wc_PKCS7_EncodeSignedData_SKID(void); +int test_wc_PKCS7_VerifySignedData_ExplicitSKID(void); int test_wc_PKCS7_EncodeSignedData_AttribOverflow(void); int test_wc_PKCS7_EncodeAuthEnvelopedData_AttribOverflow(void); #if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ @@ -117,6 +119,8 @@ int test_wc_PKCS7_VerifySignedData_TruncCertSetTag(void); TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_InitWithCert_guardrails), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeData), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_SKID), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_ExplicitSKID), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_AttribOverflow), \ TEST_PKCS7_RSA_PSS_SD_DECL \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_ex), \ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 858b5c1baa..17946ff752 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1724,9 +1724,8 @@ typedef struct ESD { byte issuerSnSeq[MAX_SEQ_SZ]; byte issuerName[MAX_SEQ_SZ]; byte issuerSn[MAX_SN_SZ]; - /* OR subjectKeyIdentifier */ + /* OR subjectKeyIdentifier (implicit [0] header) */ byte issuerSKIDSeq[MAX_SEQ_SZ]; - byte issuerSKID[MAX_OCTET_STR_SZ]; byte signerDigAlgoId[MAX_ALGO_SZ]; #if defined(WC_RSA_PSS) byte digEncAlgoId[128]; /* RSASSA-PSS needs full params */ @@ -1747,7 +1746,7 @@ typedef struct ESD { word32 outerSeqSz, outerContentSz, innerSeqSz, versionSz, digAlgoIdSetSz, singleDigAlgoIdSz, certsSetSz; word32 signerInfoSetSz, signerInfoSeqSz, signerVersionSz, - issuerSnSeqSz, issuerNameSz, issuerSnSz, issuerSKIDSz, + issuerSnSeqSz, issuerNameSz, issuerSnSz, issuerSKIDSeqSz, signerDigAlgoIdSz, digEncAlgoIdSz, signerDigestSz; word32 encContentDigestSz, signedAttribsSz, signedAttribsCount, signedAttribSetSz, signedAttribsCap; @@ -3674,13 +3673,13 @@ static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7, } } else if (pkcs7->sidType == CMS_SKID) { - /* SubjectKeyIdentifier */ - esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID); - esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + + /* SubjectKeyIdentifier is implicit [0] tagged, RFC 5652 uses IMPLICIT + * TAGS. The context tag replaces the OCTET STRING tag (0x80 len value) + * instead of an explicit [0] wrapper. */ + esd->issuerSKIDSeqSz = SetImplicit(ASN_OCTET_STRING, 0, (word32)keyIdSize, esd->issuerSKIDSeq, 0); - signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + - (word32)keyIdSize); + signerInfoSz += (esd->issuerSKIDSeqSz + (word32)keyIdSize); /* version MUST be 3 */ esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0); @@ -4114,13 +4113,11 @@ static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7, esd->issuerSn, esd->issuerSnSz); idx += (int)esd->issuerSnSz; } else if (pkcs7->sidType == CMS_SKID) { - /* SubjectKeyIdentifier */ + /* SubjectKeyIdentifier, the implicit [0] header directly precedes the + * raw key identifier value (no inner OCTET STRING header). */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSKIDSeq, esd->issuerSKIDSeqSz); idx += (int)esd->issuerSKIDSeqSz; - wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, - esd->issuerSKID, esd->issuerSKIDSz); - idx += (int)esd->issuerSKIDSz; if (pkcs7->customSKID) { wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,