luna - wolfssl/tests/api/test

   1/* test_pkcs7.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#include <tests/unit.h>
  23
  24#ifdef NO_INLINE
  25    #include <wolfssl/wolfcrypt/misc.h>
  26#else
  27    #define WOLFSSL_MISC_INCLUDED
  28    #include <wolfcrypt/src/misc.c>
  29#endif
  30
  31#include <wolfssl/wolfcrypt/pkcs7.h>
  32#include <wolfssl/wolfcrypt/asn.h>
  33#ifdef HAVE_LIBZ
  34    #include <wolfssl/wolfcrypt/compress.h>
  35#endif
  36#include <wolfssl/wolfcrypt/types.h>
  37#include <tests/api/api.h>
  38#include <tests/api/test_pkcs7.h>
  39
  40/*******************************************************************************
  41 * PKCS#7
  42 ******************************************************************************/
  43
  44#if defined(HAVE_PKCS7)
  45    typedef struct {
  46        const byte* content;
  47        word32      contentSz;
  48        int         contentOID;
  49        int         encryptOID;
  50        int         keyWrapOID;
  51        int         keyAgreeOID;
  52        byte*       cert;
  53        size_t      certSz;
  54        byte*       privateKey;
  55        word32      privateKeySz;
  56    } pkcs7EnvelopedVector;
  57
  58    #ifndef NO_PKCS7_ENCRYPTED_DATA
  59        typedef struct {
  60            const byte*     content;
  61            word32          contentSz;
  62            int             contentOID;
  63            int             encryptOID;
  64            byte*           encryptionKey;
  65            word32          encryptionKeySz;
  66        } pkcs7EncryptedVector;
  67    #endif
  68#endif /* HAVE_PKCS7 */
  69
  70/*
  71 * Testing wc_PKCS7_New()
  72 */
  73int test_wc_PKCS7_New(void)
  74{
  75    EXPECT_DECLS;
  76#if defined(HAVE_PKCS7)
  77    PKCS7* pkcs7 = NULL;
  78
  79    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
  80    wc_PKCS7_Free(pkcs7);
  81#endif
  82    return EXPECT_RESULT();
  83} /* END test-wc_PKCS7_New */
  84
  85/*
  86 * Testing wc_PKCS7_Init()
  87 */
  88int test_wc_PKCS7_Init(void)
  89{
  90    EXPECT_DECLS;
  91#if defined(HAVE_PKCS7)
  92    PKCS7* pkcs7 = NULL;
  93    void*  heap = NULL;
  94
  95    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
  96
  97    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
  98    /* Pass in bad args. */
  99    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 100
 101    wc_PKCS7_Free(pkcs7);
 102#endif
 103    return EXPECT_RESULT();
 104} /* END test-wc_PKCS7_Init */
 105
 106
 107/*
 108 * Testing wc_PKCS7_InitWithCert()
 109 */
 110int test_wc_PKCS7_InitWithCert(void)
 111{
 112    EXPECT_DECLS;
 113#if defined(HAVE_PKCS7)
 114    PKCS7* pkcs7 = NULL;
 115
 116#ifndef NO_RSA
 117    #if defined(USE_CERT_BUFFERS_2048)
 118        unsigned char    cert[sizeof(client_cert_der_2048)];
 119        int              certSz = (int)sizeof(cert);
 120
 121        XMEMSET(cert, 0, certSz);
 122        XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
 123    #elif defined(USE_CERT_BUFFERS_1024)
 124        unsigned char    cert[sizeof(client_cert_der_1024)];
 125        int              certSz = (int)sizeof(cert);
 126
 127        XMEMSET(cert, 0, certSz);
 128        XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
 129    #else
 130        unsigned char   cert[ONEK_BUF];
 131        XFILE           fp = XBADFILE;
 132        int             certSz;
 133
 134        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
 135            XBADFILE);
 136        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
 137            fp), 0);
 138        if (fp != XBADFILE)
 139            XFCLOSE(fp);
 140    #endif
 141#elif defined(HAVE_ECC)
 142    #if defined(USE_CERT_BUFFERS_256)
 143        unsigned char    cert[sizeof(cliecc_cert_der_256)];
 144        int              certSz = (int)sizeof(cert);
 145
 146        XMEMSET(cert, 0, certSz);
 147        XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
 148    #else
 149        unsigned char   cert[ONEK_BUF];
 150        XFILE           fp = XBADFILE;
 151        int             certSz;
 152
 153        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
 154            XBADFILE);
 155        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256),
 156            fp), 0);
 157        if (fp != XBADFILE)
 158            XFCLOSE(fp);
 159    #endif
 160#else
 161        #error PKCS7 requires ECC or RSA
 162#endif
 163
 164#ifdef HAVE_ECC
 165    {
 166    /* bad test case from ZD 11011, malformed cert gives bad ECC key */
 167        static unsigned char certWithInvalidEccKey[] = {
 168        0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
 169        0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
 170        0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
 171        0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
 172        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
 173        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
 174        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
 175        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
 176        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
 177        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
 178        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
 179        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
 180        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
 181        0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
 182        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
 183        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
 184        0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
 185        0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
 186        0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
 187        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
 188        0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
 189        0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
 190        0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
 191        0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
 192        0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
 193        0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
 194        0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
 195        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
 196        0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
 197        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
 198        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
 199        0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
 200        0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
 201        0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
 202        0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
 203        0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
 204        0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
 205        0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
 206        0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
 207        0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
 208        0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
 209        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
 210        0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
 211        0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
 212        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
 213        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
 214        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
 215        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
 216        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
 217        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
 218        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
 219        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
 220        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
 221        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
 222        0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
 223        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
 224        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
 225        0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
 226        0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
 227        0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
 228        0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
 229        0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
 230        0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
 231        0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
 232        0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
 233        0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
 234        0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
 235        0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
 236        0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
 237        0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
 238        0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
 239        0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
 240        0x08, 0xA8, 0xB4
 241        };
 242#endif
 243        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 244        /* If initialization is not successful, it's free'd in init func. */
 245        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz),
 246            0);
 247        wc_PKCS7_Free(pkcs7);
 248        pkcs7 = NULL;
 249
 250        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 251        /* Valid initialization usage. */
 252        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 253
 254        /* Pass in bad args. No need free for null checks, free at end.*/
 255        ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
 256            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 257        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
 258            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 259
 260#ifdef HAVE_ECC
 261        ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
 262            sizeof(certWithInvalidEccKey)), 0);
 263    }
 264#endif
 265
 266    wc_PKCS7_Free(pkcs7);
 267#endif
 268    return EXPECT_RESULT();
 269} /* END test_wc_PKCS7_InitWithCert */
 270
 271
 272/*
 273 * Testing wc_PKCS7_EncodeData()
 274 */
 275int test_wc_PKCS7_EncodeData(void)
 276{
 277    EXPECT_DECLS;
 278#if defined(HAVE_PKCS7)
 279    PKCS7* pkcs7 = NULL;
 280    byte   output[FOURK_BUF];
 281    byte   data[] = "My encoded DER cert.";
 282
 283#ifndef NO_RSA
 284    #if defined(USE_CERT_BUFFERS_2048)
 285        unsigned char cert[sizeof(client_cert_der_2048)];
 286        unsigned char key[sizeof(client_key_der_2048)];
 287        int certSz = (int)sizeof(cert);
 288        int keySz = (int)sizeof(key);
 289
 290        XMEMSET(cert, 0, certSz);
 291        XMEMSET(key, 0, keySz);
 292        XMEMCPY(cert, client_cert_der_2048, certSz);
 293        XMEMCPY(key, client_key_der_2048, keySz);
 294    #elif defined(USE_CERT_BUFFERS_1024)
 295        unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
 296        unsigned char key[sizeof_client_key_der_1024];
 297        int certSz = (int)sizeof(cert);
 298        int keySz = (int)sizeof(key);
 299
 300        XMEMSET(cert, 0, certSz);
 301        XMEMSET(key, 0, keySz);
 302        XMEMCPY(cert, client_cert_der_1024, certSz);
 303        XMEMCPY(key, client_key_der_1024, keySz);
 304    #else
 305        unsigned char cert[ONEK_BUF];
 306        unsigned char key[ONEK_BUF];
 307        XFILE         fp = XBADFILE;
 308        int           certSz;
 309        int           keySz;
 310
 311        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
 312            XBADFILE);
 313        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
 314            fp), 0);
 315        if (fp != XBADFILE) {
 316            XFCLOSE(fp);
 317            fp = XBADFILE;
 318        }
 319
 320        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
 321            XBADFILE);
 322        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
 323            0);
 324        if (fp != XBADFILE)
 325            XFCLOSE(fp);
 326    #endif
 327#elif defined(HAVE_ECC)
 328    #if defined(USE_CERT_BUFFERS_256)
 329        unsigned char    cert[sizeof(cliecc_cert_der_256)];
 330        unsigned char    key[sizeof(ecc_clikey_der_256)];
 331        int              certSz = (int)sizeof(cert);
 332        int              keySz = (int)sizeof(key);
 333        XMEMSET(cert, 0, certSz);
 334        XMEMSET(key, 0, keySz);
 335        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
 336        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
 337    #else
 338        unsigned char   cert[ONEK_BUF];
 339        unsigned char   key[ONEK_BUF];
 340        XFILE           fp = XBADFILE;
 341        int             certSz, keySz;
 342
 343        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
 344            XBADFILE);
 345        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
 346            fp), 0);
 347        if (fp != XBADFILE) {
 348            XFCLOSE(fp);
 349            fp = XBADFILE;
 350        }
 351
 352        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
 353            XBADFILE);
 354        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
 355            0);
 356        if (fp != XBADFILE)
 357            XFCLOSE(fp);
 358    #endif
 359#endif
 360
 361    XMEMSET(output, 0, sizeof(output));
 362
 363    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 364    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 365
 366    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
 367
 368    if (pkcs7 != NULL) {
 369        pkcs7->content = data;
 370        pkcs7->contentSz = sizeof(data);
 371        pkcs7->privateKey = key;
 372        pkcs7->privateKeySz = (word32)keySz;
 373    }
 374    ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
 375
 376    /* Test bad args. */
 377    ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
 378                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 379    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
 380                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 381    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E));
 382
 383    wc_PKCS7_Free(pkcs7);
 384#endif
 385    return EXPECT_RESULT();
 386}  /* END test_wc_PKCS7_EncodeData */
 387
 388
 389#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
 390    !defined(NO_RSA) && !defined(NO_SHA256)
 391/* RSA sign raw digest callback
 392 * This callback demonstrates HSM/secure element use case where the private
 393 * key is not passed through PKCS7 structure but obtained independently.
 394 */
 395static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
 396                              byte* out, word32 outSz, byte* privateKey,
 397                              word32 privateKeySz, int devid, int hashOID)
 398{
 399    /* specific DigestInfo ASN.1 encoding prefix for a SHA256 digest */
 400    byte digInfoEncoding[] = {
 401        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
 402        0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
 403        0x00, 0x04, 0x20
 404    };
 405
 406    int ret;
 407    byte digestInfo[ONEK_BUF];
 408    byte sig[FOURK_BUF];
 409    word32 digestInfoSz = 0;
 410    word32 idx = 0;
 411    RsaKey rsa;
 412
 413    /* privateKey may be NULL in HSM/secure element use case - we load it
 414     * independently in this callback to simulate that scenario */
 415    (void)privateKey;
 416    (void)privateKeySz;
 417
 418    /* SHA-256 required only for this example callback due to above
 419     * digInfoEncoding[] */
 420    if (pkcs7 == NULL || digest == NULL || out == NULL ||
 421        (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
 422        (hashOID != SHA256h)) {
 423        return -1;
 424    }
 425
 426    /* build DigestInfo */
 427    XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
 428    digestInfoSz += sizeof(digInfoEncoding);
 429    XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
 430    digestInfoSz += digestSz;
 431
 432    /* set up RSA key */
 433    ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
 434    if (ret != 0) {
 435        return ret;
 436    }
 437
 438    /* Load key from test buffer - simulates HSM/secure element access */
 439#if defined(USE_CERT_BUFFERS_2048)
 440    ret = wc_RsaPrivateKeyDecode(client_key_der_2048, &idx, &rsa,
 441                                 sizeof_client_key_der_2048);
 442#elif defined(USE_CERT_BUFFERS_1024)
 443    ret = wc_RsaPrivateKeyDecode(client_key_der_1024, &idx, &rsa,
 444                                 sizeof_client_key_der_1024);
 445#else
 446    {
 447        XFILE fp;
 448        byte keyBuf[ONEK_BUF];
 449        int keySz;
 450
 451        fp = XFOPEN("./certs/client-key.der", "rb");
 452        if (fp == XBADFILE) {
 453            wc_FreeRsaKey(&rsa);
 454            return -1;
 455        }
 456        keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp);
 457        XFCLOSE(fp);
 458        if (keySz <= 0) {
 459            wc_FreeRsaKey(&rsa);
 460            return -1;
 461        }
 462        ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &rsa, (word32)keySz);
 463    }
 464#endif
 465
 466    /* sign DigestInfo */
 467    if (ret == 0) {
 468        ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
 469                             &rsa, pkcs7->rng);
 470        if (ret > 0) {
 471            if (ret > (int)outSz) {
 472                /* output buffer too small */
 473                ret = -1;
 474            }
 475            else {
 476                /* success, ret holds sig size */
 477                XMEMCPY(out, sig, ret);
 478            }
 479        }
 480    }
 481
 482    wc_FreeRsaKey(&rsa);
 483
 484    return ret;
 485}
 486#endif
 487
 488#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \
 489    defined(HAVE_ECC) && !defined(NO_SHA256)
 490/* ECC sign raw digest callback
 491 * This callback demonstrates HSM/secure element use case where the private
 492 * key is not passed through PKCS7 structure but obtained independently.
 493 * Note: This example callback is hash-agnostic and will work with any
 494 * hash algorithm. The hashOID parameter can be used to validate or select
 495 * different signing behavior if needed.
 496 */
 497static int eccSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
 498                              byte* out, word32 outSz, byte* privateKey,
 499                              word32 privateKeySz, int devid, int hashOID)
 500{
 501    int ret;
 502    word32 idx = 0;
 503    word32 sigSz = outSz;
 504#ifdef WOLFSSL_SMALL_STACK
 505    ecc_key* ecc = NULL;
 506#else
 507    ecc_key ecc[1];
 508#endif
 509
 510    /* privateKey may be NULL in HSM/secure element use case - we load it
 511     * independently in this callback to simulate that scenario */
 512    (void)privateKey;
 513    (void)privateKeySz;
 514    (void)hashOID;
 515
 516    if (pkcs7 == NULL || digest == NULL || out == NULL) {
 517        return -1;
 518    }
 519
 520#ifdef WOLFSSL_SMALL_STACK
 521    ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap, DYNAMIC_TYPE_ECC);
 522    if (ecc == NULL) {
 523        return MEMORY_E;
 524    }
 525#endif
 526
 527    /* set up ECC key */
 528    ret = wc_ecc_init_ex(ecc, pkcs7->heap, devid);
 529    if (ret != 0) {
 530    #ifdef WOLFSSL_SMALL_STACK
 531        XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
 532    #endif
 533        return ret;
 534    }
 535
 536    /* Load key from test buffer - simulates HSM/secure element access */
 537#if defined(USE_CERT_BUFFERS_256)
 538    ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, ecc,
 539                                 sizeof_ecc_clikey_der_256);
 540#else
 541    {
 542        XFILE fp;
 543        byte keyBuf[ONEK_BUF];
 544        int keySz;
 545
 546        fp = XFOPEN("./certs/client-ecc-key.der", "rb");
 547        if (fp == XBADFILE) {
 548            wc_ecc_free(ecc);
 549        #ifdef WOLFSSL_SMALL_STACK
 550            XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
 551        #endif
 552            return -1;
 553        }
 554        keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp);
 555        XFCLOSE(fp);
 556        if (keySz <= 0) {
 557            wc_ecc_free(ecc);
 558        #ifdef WOLFSSL_SMALL_STACK
 559            XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
 560        #endif
 561            return -1;
 562        }
 563        ret = wc_EccPrivateKeyDecode(keyBuf, &idx, ecc, (word32)keySz);
 564    }
 565#endif
 566
 567    /* sign digest */
 568    if (ret == 0) {
 569        ret = wc_ecc_sign_hash(digest, digestSz, out, &sigSz, pkcs7->rng, ecc);
 570        if (ret == 0) {
 571            ret = (int)sigSz;
 572        }
 573    }
 574
 575    wc_ecc_free(ecc);
 576#ifdef WOLFSSL_SMALL_STACK
 577    XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
 578#endif
 579
 580    return ret;
 581}
 582#endif
 583
 584#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
 585typedef struct encodeSignedDataStream {
 586    byte out[FOURK_BUF*3];
 587    int  idx;
 588    word32 outIdx;
 589    word32 chunkSz; /* max amount of data to be returned */
 590} encodeSignedDataStream;
 591
 592
 593/* content is 8k of partially created bundle */
 594static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
 595{
 596    int ret = 0;
 597    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
 598
 599    if (strm->outIdx  < pkcs7->contentSz) {
 600        ret = (pkcs7->contentSz > strm->outIdx + strm->chunkSz)?
 601                strm->chunkSz : pkcs7->contentSz - strm->outIdx;
 602        *content = strm->out + strm->outIdx;
 603        strm->outIdx += ret;
 604    }
 605
 606    (void)pkcs7;
 607    return ret;
 608}
 609
 610static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz,
 611    void* ctx)
 612{
 613    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
 614
 615    XMEMCPY(strm->out + strm->idx, output, outputSz);
 616    strm->idx += outputSz;
 617    (void)pkcs7;
 618    return 0;
 619}
 620#endif
 621
 622
 623/*
 624 * Testing wc_PKCS7_EncodeSignedData()
 625 */
 626int test_wc_PKCS7_EncodeSignedData(void)
 627{
 628    EXPECT_DECLS;
 629#if defined(HAVE_PKCS7)
 630    PKCS7* pkcs7 = NULL;
 631    WC_RNG rng;
 632    byte   output[FOURK_BUF];
 633    byte   badOut[1];
 634    word32 outputSz = (word32)sizeof(output);
 635    word32 badOutSz = 0;
 636    byte   data[] = "Test data to encode.";
 637#ifndef NO_RSA
 638    int    encryptOid = RSAk;
 639    #if defined(USE_CERT_BUFFERS_2048)
 640        byte        key[sizeof(client_key_der_2048)];
 641        byte        cert[sizeof(client_cert_der_2048)];
 642        word32      keySz = (word32)sizeof(key);
 643        word32      certSz = (word32)sizeof(cert);
 644        XMEMSET(key, 0, keySz);
 645        XMEMSET(cert, 0, certSz);
 646        XMEMCPY(key, client_key_der_2048, keySz);
 647        XMEMCPY(cert, client_cert_der_2048, certSz);
 648    #elif defined(USE_CERT_BUFFERS_1024)
 649        byte        key[sizeof_client_key_der_1024];
 650        byte        cert[sizeof(sizeof_client_cert_der_1024)];
 651        word32      keySz = (word32)sizeof(key);
 652        word32      certSz = (word32)sizeof(cert);
 653        XMEMSET(key, 0, keySz);
 654        XMEMSET(cert, 0, certSz);
 655        XMEMCPY(key, client_key_der_1024, keySz);
 656        XMEMCPY(cert, client_cert_der_1024, certSz);
 657    #else
 658        unsigned char   cert[ONEK_BUF];
 659        unsigned char   key[ONEK_BUF];
 660        XFILE           fp = XBADFILE;
 661        int             certSz;
 662        int             keySz;
 663
 664        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
 665            XBADFILE);
 666        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
 667            fp), 0);
 668        if (fp != XBADFILE) {
 669            XFCLOSE(fp);
 670            fp = XBADFILE;
 671        }
 672
 673        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
 674            XBADFILE);
 675        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
 676            0);
 677        if (fp != XBADFILE)
 678            XFCLOSE(fp);
 679    #endif
 680#elif defined(HAVE_ECC)
 681    int    encryptOid = ECDSAk;
 682    #if defined(USE_CERT_BUFFERS_256)
 683        unsigned char    cert[sizeof(cliecc_cert_der_256)];
 684        unsigned char    key[sizeof(ecc_clikey_der_256)];
 685        int              certSz = (int)sizeof(cert);
 686        int              keySz = (int)sizeof(key);
 687        XMEMSET(cert, 0, certSz);
 688        XMEMSET(key, 0, keySz);
 689        XMEMCPY(cert, cliecc_cert_der_256, certSz);
 690        XMEMCPY(key, ecc_clikey_der_256, keySz);
 691    #else
 692        unsigned char   cert[ONEK_BUF];
 693        unsigned char   key[ONEK_BUF];
 694        XFILE           fp = XBADFILE;
 695        int             certSz;
 696        int             keySz;
 697
 698        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
 699            XBADFILE);
 700        ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
 701        if (fp != XBADFILE) {
 702            XFCLOSE(fp);
 703            fp = XBADFILE;
 704        }
 705
 706        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
 707            XBADFILE);
 708        ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0);
 709        if (fp != XBADFILE)
 710            XFCLOSE(fp);
 711    #endif
 712#endif
 713
 714    XMEMSET(&rng, 0, sizeof(WC_RNG));
 715
 716    XMEMSET(output, 0, outputSz);
 717    ExpectIntEQ(wc_InitRng(&rng), 0);
 718
 719    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 720    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 721
 722    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
 723
 724    if (pkcs7 != NULL) {
 725        pkcs7->content = data;
 726        pkcs7->contentSz = (word32)sizeof(data);
 727        pkcs7->privateKey = key;
 728        pkcs7->privateKeySz = (word32)sizeof(key);
 729        pkcs7->encryptOID = encryptOid;
 730    #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
 731        pkcs7->hashOID = SHA256h;
 732    #else
 733        pkcs7->hashOID = SHAh;
 734    #endif
 735        pkcs7->rng = &rng;
 736    }
 737
 738    ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
 739    wc_PKCS7_Free(pkcs7);
 740    pkcs7 = NULL;
 741
 742    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 743    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 744    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 745
 746#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
 747    wc_PKCS7_Free(pkcs7);
 748    pkcs7 = NULL;
 749
 750    /* reinitialize and test setting stream mode */
 751    {
 752        int signedSz = 0, i;
 753        encodeSignedDataStream strm;
 754        static const int numberOfChunkSizes = 4;
 755        static const word32 chunkSizes[] = { 4080, 4096, 5000, 9999 };
 756        /* chunkSizes were chosen to test around the default 4096 octet string
 757         * size used in pkcs7.c */
 758
 759        XMEMSET(&strm, 0, sizeof(strm));
 760
 761        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 762        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 763
 764        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
 765
 766        if (pkcs7 != NULL) {
 767            pkcs7->content = data;
 768            pkcs7->contentSz = (word32)sizeof(data);
 769            pkcs7->privateKey = key;
 770            pkcs7->privateKeySz = (word32)sizeof(key);
 771            pkcs7->encryptOID = encryptOid;
 772        #ifdef NO_SHA
 773            pkcs7->hashOID = SHA256h;
 774        #else
 775            pkcs7->hashOID = SHAh;
 776        #endif
 777            pkcs7->rng = &rng;
 778        }
 779        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
 780        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
 781        ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
 782            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 783        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
 784
 785        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
 786            outputSz), 0);
 787        wc_PKCS7_Free(pkcs7);
 788        pkcs7 = NULL;
 789
 790        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 791        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 792
 793        /* use exact signed buffer size since BER encoded */
 794        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output,
 795            (word32)signedSz), 0);
 796        wc_PKCS7_Free(pkcs7);
 797
 798        /* now try with using callbacks for IO */
 799        for (i = 0; i < numberOfChunkSizes; i++) {
 800            strm.idx    = 0;
 801            strm.outIdx = 0;
 802            strm.chunkSz = chunkSizes[i];
 803
 804            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 805            ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 806
 807            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
 808
 809            if (pkcs7 != NULL) {
 810                pkcs7->contentSz  = 10000;
 811                pkcs7->privateKey = key;
 812                pkcs7->privateKeySz = (word32)sizeof(key);
 813                pkcs7->encryptOID = encryptOid;
 814            #ifdef NO_SHA
 815                pkcs7->hashOID = SHA256h;
 816            #else
 817                pkcs7->hashOID = SHAh;
 818            #endif
 819                pkcs7->rng = &rng;
 820            }
 821            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
 822                StreamOutputCB, (void*)&strm), 0);
 823
 824            ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0),
 825                0);
 826            wc_PKCS7_Free(pkcs7);
 827            pkcs7 = NULL;
 828
 829            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 830            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 831
 832            /* use exact signed buffer size since BER encoded */
 833            ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out,
 834                (word32)signedSz), 0);
 835            wc_PKCS7_Free(pkcs7);
 836            pkcs7 = NULL;
 837        }
 838    }
 839#endif
 840#ifndef NO_PKCS7_STREAM
 841    wc_PKCS7_Free(pkcs7);
 842    pkcs7 = NULL;
 843
 844    {
 845        word32 z;
 846        int ret;
 847
 848        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 849        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 850
 851        /* test for streaming mode */
 852        ret = -1;
 853        for (z = 0; z < outputSz && ret != 0; z++) {
 854            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
 855            if (ret < 0){
 856                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 857            }
 858        }
 859        ExpectIntEQ(ret, 0);
 860        ExpectIntNE(pkcs7->contentSz, 0);
 861        ExpectNotNull(pkcs7->contentDynamic);
 862    }
 863#endif /* !NO_PKCS7_STREAM */
 864
 865
 866    /* Pass in bad args. */
 867    ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
 868        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 869    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 870    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
 871                                badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 872    if (pkcs7 != NULL) {
 873        pkcs7->hashOID = 0; /* bad hashOID */
 874    }
 875    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
 876        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 877
 878#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
 879    !defined(NO_RSA) && !defined(NO_SHA256)
 880    /* test RSA sign raw digest callback, if using RSA and compiled in.
 881     * Example callback assumes SHA-256, so only run test if compiled in. */
 882    wc_PKCS7_Free(pkcs7);
 883    pkcs7 = NULL;
 884    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 885    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
 886
 887    if (pkcs7 != NULL) {
 888        pkcs7->content = data;
 889        pkcs7->contentSz = (word32)sizeof(data);
 890        /* privateKey not set - callback simulates HSM/secure element access */
 891        pkcs7->encryptOID = RSAk;
 892        pkcs7->hashOID = SHA256h;
 893        pkcs7->rng = &rng;
 894    }
 895
 896    ExpectIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
 897
 898    ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
 899#endif
 900
 901#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \
 902    defined(HAVE_ECC) && !defined(NO_SHA256)
 903    /* test ECC sign raw digest callback, if using ECC and compiled in.
 904     * Example callback assumes SHA-256, so only run test if compiled in. */
 905    {
 906    #if defined(USE_CERT_BUFFERS_256)
 907        byte        eccCert[sizeof(cliecc_cert_der_256)];
 908        word32      eccCertSz = (word32)sizeof(eccCert);
 909        XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
 910    #else
 911        byte        eccCert[ONEK_BUF];
 912        int         eccCertSz;
 913        XFILE       eccFp = XBADFILE;
 914
 915        ExpectTrue((eccFp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
 916            XBADFILE);
 917        ExpectIntGT(eccCertSz = (int)XFREAD(eccCert, 1, ONEK_BUF, eccFp), 0);
 918        if (eccFp != XBADFILE)
 919            XFCLOSE(eccFp);
 920    #endif
 921
 922        wc_PKCS7_Free(pkcs7);
 923        pkcs7 = NULL;
 924        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 925        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, (word32)eccCertSz), 0);
 926
 927        if (pkcs7 != NULL) {
 928            pkcs7->content = data;
 929            pkcs7->contentSz = (word32)sizeof(data);
 930            /* privateKey not set - callback simulates HSM/secure element access */
 931            pkcs7->encryptOID = ECDSAk;
 932            pkcs7->hashOID = SHA256h;
 933            pkcs7->rng = &rng;
 934        }
 935
 936        ExpectIntEQ(wc_PKCS7_SetEccSignRawDigestCb(pkcs7, eccSignRawDigestCb), 0);
 937
 938        ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
 939    }
 940#endif
 941
 942    wc_PKCS7_Free(pkcs7);
 943    DoExpectIntEQ(wc_FreeRng(&rng), 0);
 944
 945#endif
 946    return EXPECT_RESULT();
 947} /* END test_wc_PKCS7_EncodeSignedData */
 948
 949
 950/*
 951 * Testing wc_PKCS7_EncodeSignedData() with RSA-PSS signer certificate.
 952 * Uses certs/rsapss/client-rsapss.der and client-rsapss-priv.der.
 953 * Requires both encode and round-trip verify to succeed.
 954 */
 955#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \
 956    !defined(NO_FILESYSTEM) && !defined(NO_SHA256)
 957int test_wc_PKCS7_EncodeSignedData_RSA_PSS(void)
 958{
 959    EXPECT_DECLS;
 960    PKCS7*    pkcs7 = NULL;
 961    WC_RNG    rng;
 962    byte      output[FOURK_BUF];
 963    byte      cert[FOURK_BUF];
 964    byte      key[FOURK_BUF];
 965    word32    outputSz = (word32)sizeof(output);
 966    word32    certSz = 0;
 967    word32    keySz = 0;
 968    XFILE     fp = XBADFILE;
 969    byte      data[] = "Test data for RSA-PSS SignedData.";
 970
 971    XMEMSET(&rng, 0, sizeof(WC_RNG));
 972    XMEMSET(output, 0, outputSz);
 973    XMEMSET(cert, 0, sizeof(cert));
 974    XMEMSET(key, 0, sizeof(key));
 975
 976    ExpectIntEQ(wc_InitRng(&rng), 0);
 977    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
 978
 979    ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss.der", "rb")) != XBADFILE);
 980    if (fp != XBADFILE) {
 981        ExpectIntGT(certSz = (word32)XFREAD(cert, 1, sizeof(cert), fp), 0);
 982        XFCLOSE(fp);
 983        fp = XBADFILE;
 984    }
 985
 986    ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss-priv.der", "rb")) != XBADFILE);
 987    if (fp != XBADFILE) {
 988        ExpectIntGT(keySz = (word32)XFREAD(key, 1, sizeof(key), fp), 0);
 989        XFCLOSE(fp);
 990        fp = XBADFILE;
 991    }
 992
 993    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
 994
 995    if (pkcs7 != NULL) {
 996        /* Force RSA-PSS so SignerInfo uses id-RSASSA-PSS (cert may use RSA
 997         * in subjectPublicKeyInfo).  WC_RSA_PSS is guaranteed by outer guard. */
 998        pkcs7->publicKeyOID = RSAPSSk;
 999
1000        pkcs7->content       = data;
1001        pkcs7->contentSz     = (word32)sizeof(data);
1002        pkcs7->contentOID    = DATA;
1003        pkcs7->hashOID       = SHA256h;
1004        pkcs7->encryptOID    = RSAk;
1005        pkcs7->privateKey    = key;
1006        pkcs7->privateKeySz  = keySz;
1007        pkcs7->rng           = &rng;
1008        pkcs7->signedAttribs = NULL;
1009        pkcs7->signedAttribsSz = 0;
1010    }
1011
1012    /* EncodeSignedData with RSA-PSS cert: require encode and verify success */
1013    {
1014        int outLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
1015        ExpectIntGT(outLen, 0);
1016        if (outLen > 0) {
1017            int verifyRet = wc_PKCS7_VerifySignedData(pkcs7, output,
1018                                                       (word32)outLen);
1019            ExpectIntEQ(verifyRet, 0);
1020
1021            if (pkcs7 != NULL) {
1022                /* Verify decoded RSASSA-PSS parameters match what we
1023                 * encoded:
1024                 *   hashAlgorithm    = SHA-256
1025                 *   maskGenAlgorithm = MGF1-SHA-256
1026                 *   saltLength       = 32 (== SHA-256 digest length) */
1027                ExpectIntEQ(pkcs7->pssHashType, (int)WC_HASH_TYPE_SHA256);
1028                ExpectIntEQ(pkcs7->pssMgf, WC_MGF1SHA256);
1029                ExpectIntEQ(pkcs7->pssSaltLen, 32);
1030            }
1031        }
1032    }
1033
1034    wc_PKCS7_Free(pkcs7);
1035    DoExpectIntEQ(wc_FreeRng(&rng), 0);
1036
1037    return EXPECT_RESULT();
1038} /* END test_wc_PKCS7_EncodeSignedData_RSA_PSS */
1039#endif
1040
1041
1042/*
1043 * Testing wc_PKCS7_EncodeEnvelopedData() with RSA-PSS signed certificate
1044 * for KTRI key transport. Uses certs/rsapss/client-rsapss.der.
1045 * Requires encode and round-trip decode to succeed.
1046 */
1047#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \
1048    !defined(NO_FILESYSTEM) && !defined(NO_SHA256) && \
1049    !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
1050int test_wc_PKCS7_EnvelopedData_KTRI_RSA_PSS(void)
1051{
1052    EXPECT_DECLS;
1053    PKCS7*    pkcs7 = NULL;
1054    byte      encrypted[FOURK_BUF];
1055    byte      decrypted[FOURK_BUF];
1056    byte      cert[FOURK_BUF];
1057    byte      key[FOURK_BUF];
1058    word32    certSz = 0;
1059    word32    keySz = 0;
1060    XFILE     fp = XBADFILE;
1061    byte      data[] = "Test data for RSA-PSS EnvelopedData KTRI.";
1062    int       encryptedSz = 0, decryptedSz = 0;
1063
1064    XMEMSET(cert, 0, sizeof(cert));
1065    XMEMSET(key, 0, sizeof(key));
1066
1067    /* Load RSA-PSS client cert */
1068    ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss.der", "rb"))
1069               != XBADFILE);
1070    if (fp != XBADFILE) {
1071        ExpectIntGT(certSz = (word32)XFREAD(cert, 1, sizeof(cert), fp), 0);
1072        XFCLOSE(fp);
1073        fp = XBADFILE;
1074    }
1075
1076    /* Load RSA-PSS client private key */
1077    ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss-priv.der", "rb"))
1078               != XBADFILE);
1079    if (fp != XBADFILE) {
1080        ExpectIntGT(keySz = (word32)XFREAD(key, 1, sizeof(key), fp), 0);
1081        XFCLOSE(fp);
1082        fp = XBADFILE;
1083    }
1084
1085    /* Encode EnvelopedData with KTRI using RSA-PSS cert */
1086    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1087    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
1088    if (pkcs7 != NULL) {
1089        pkcs7->content    = data;
1090        pkcs7->contentSz  = (word32)sizeof(data);
1091        pkcs7->contentOID = DATA;
1092        pkcs7->encryptOID = AES256CBCb;
1093    }
1094
1095    ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7,
1096                    encrypted, sizeof(encrypted)), 0);
1097    wc_PKCS7_Free(pkcs7);
1098    pkcs7 = NULL;
1099
1100    /* Decode EnvelopedData */
1101    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1102    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
1103    if (pkcs7 != NULL) {
1104        pkcs7->privateKey   = key;
1105        pkcs7->privateKeySz = keySz;
1106    }
1107
1108    ExpectIntGT(decryptedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
1109                    encrypted, (word32)encryptedSz,
1110                    decrypted, sizeof(decrypted)), 0);
1111    ExpectIntEQ(decryptedSz, (int)sizeof(data));
1112    ExpectIntEQ(XMEMCMP(decrypted, data, sizeof(data)), 0);
1113
1114    wc_PKCS7_Free(pkcs7);
1115
1116    return EXPECT_RESULT();
1117} /* END test_wc_PKCS7_EnvelopedData_KTRI_RSA_PSS */
1118#endif
1119
1120
1121/*
1122 * Bleichenbacher padding-oracle regression: wc_PKCS7_DecryptKtri must not
1123 * return a distinguishable error when RSA PKCS#1 v1.5 unwrap of the
1124 * encrypted CEK fails vs. when it succeeds with a wrong key. The
1125 * mitigation substitutes a deterministic pseudo-random CEK on RSA failure
1126 * so content decryption fails indistinguishably. This test corrupts the
1127 * encryptedKey in a valid EnvelopedData and asserts the error matches
1128 * content corruption rather than surfacing an RSA/recipient-level code.
1129 * Runs for AES-128 and AES-256 because the fake CEK is a fixed 32 bytes:
1130 * AES-128 (key size 16) exercises the path where the fake size differs
1131 * from the real CEK size.
1132 */
1133#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_SHA256) && \
1134    !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
1135    defined(WOLFSSL_AES_256) && !defined(NO_HMAC) && \
1136    !defined(WOLFSSL_NO_MALLOC) && \
1137    (defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) || \
1138     !defined(NO_FILESYSTEM))
1139static int pkcs7_ktri_bad_pad_case(int encryptOID, byte* rsaCert,
1140                                   word32 rsaCertSz, byte* rsaPrivKey,
1141                                   word32 rsaPrivKeySz, byte* encrypted,
1142                                   word32 encryptedCap, byte* decoded,
1143                                   word32 decodedCap)
1144{
1145    EXPECT_DECLS;
1146    PKCS7* pkcs7 = NULL;
1147    byte   data[] = "PKCS7 KTRI bad-RSA-padding regression payload.";
1148    int    encryptedSz = 0;
1149    int    badKeyRet = 0;
1150    int    badContentRet = 0;
1151    byte   savedKeyByte = 0;
1152    byte   savedContentByte = 0;
1153    word32 i;
1154    word32 encryptedKeyOff = 0;
1155    static const byte rsaEncOid[] = {
1156        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
1157        0x01, 0x01, 0x01
1158    };
1159
1160    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1161    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, rsaCert, rsaCertSz), 0);
1162    if (pkcs7 != NULL) {
1163        pkcs7->content    = data;
1164        pkcs7->contentSz  = (word32)sizeof(data);
1165        pkcs7->contentOID = DATA;
1166        pkcs7->encryptOID = encryptOID;
1167    }
1168    ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7,
1169                    encrypted, encryptedCap), 0);
1170    wc_PKCS7_Free(pkcs7);
1171    pkcs7 = NULL;
1172
1173    /* Locate the KTRI encryptedKey OCTET STRING. After the rsaEncryption
1174     * OID there are NULL algorithm parameters (05 00), then a 256-byte
1175     * OCTET STRING (tag 04, long-form length 82 01 00 for RSA-2048). */
1176    for (i = 0; (int)(i + sizeof(rsaEncOid)) < encryptedSz; i++) {
1177        if (XMEMCMP(&encrypted[i], rsaEncOid, sizeof(rsaEncOid)) == 0) {
1178            word32 p = i + (word32)sizeof(rsaEncOid);
1179            if (p + 2 < (word32)encryptedSz &&
1180                encrypted[p] == 0x05 && encrypted[p + 1] == 0x00) {
1181                p += 2;
1182            }
1183            if (p + 4 < (word32)encryptedSz && encrypted[p] == 0x04) {
1184                if (encrypted[p + 1] == 0x82) {
1185                    encryptedKeyOff = p + 4;
1186                }
1187                else if (encrypted[p + 1] == 0x81) {
1188                    encryptedKeyOff = p + 3;
1189                }
1190                else {
1191                    encryptedKeyOff = p + 2;
1192                }
1193            }
1194            break;
1195        }
1196    }
1197    ExpectIntGT(encryptedKeyOff, 0);
1198    ExpectIntLT(encryptedKeyOff + 32, (word32)encryptedSz);
1199
1200    /* Case 1: corrupt a byte inside the RSA ciphertext, decode, restore. */
1201    savedKeyByte = encrypted[encryptedKeyOff + 16];
1202    encrypted[encryptedKeyOff + 16] ^= 0xA5;
1203
1204    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1205    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, rsaCert, rsaCertSz), 0);
1206    if (pkcs7 != NULL) {
1207        pkcs7->privateKey   = rsaPrivKey;
1208        pkcs7->privateKeySz = rsaPrivKeySz;
1209    }
1210    badKeyRet = wc_PKCS7_DecodeEnvelopedData(pkcs7, encrypted,
1211                    (word32)encryptedSz, decoded, decodedCap);
1212    wc_PKCS7_Free(pkcs7);
1213    pkcs7 = NULL;
1214    encrypted[encryptedKeyOff + 16] = savedKeyByte;
1215
1216    /* Case 2: corrupt a byte in the second-to-last AES ciphertext block.
1217     * In CBC mode this deterministically XOR-flips the corresponding byte
1218     * in the last plaintext block, invalidating the PKCS#7 padding
1219     * (original pad byte 0x01 becomes 0x01^0xA5 = 0xA4 > blockSz).
1220     * Corrupting the last ciphertext block directly would randomize the
1221     * entire last plaintext block, giving ~1/256 chance of accidentally
1222     * valid padding and intermittent test failures. */
1223    savedContentByte = encrypted[encryptedSz - 17];
1224    encrypted[encryptedSz - 17] ^= 0xA5;
1225
1226    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1227    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, rsaCert, rsaCertSz), 0);
1228    if (pkcs7 != NULL) {
1229        pkcs7->privateKey   = rsaPrivKey;
1230        pkcs7->privateKeySz = rsaPrivKeySz;
1231    }
1232    badContentRet = wc_PKCS7_DecodeEnvelopedData(pkcs7, encrypted,
1233                    (word32)encryptedSz, decoded, decodedCap);
1234    wc_PKCS7_Free(pkcs7);
1235    pkcs7 = NULL;
1236    encrypted[encryptedSz - 17] = savedContentByte;
1237
1238    /* Case 2 must always fail: the CBC-chain corruption deterministically
1239     * invalidates the PKCS#7 padding. */
1240    ExpectIntLT(badContentRet, 0);
1241    /* Bad-key must NOT leak as an RSA- or recipient-level error. */
1242    ExpectIntNE(badKeyRet, WC_NO_ERR_TRACE(PKCS7_RECIP_E));
1243    ExpectIntNE(badKeyRet, WC_NO_ERR_TRACE(RSA_PAD_E));
1244    ExpectIntNE(badKeyRet, WC_NO_ERR_TRACE(RSA_BUFFER_E));
1245    ExpectIntNE(badKeyRet, WC_NO_ERR_TRACE(BAD_PADDING_E));
1246    /* Case 1 (bad RSA key) decrypts content with a random fake CEK,
1247     * producing fully random plaintext.  With ~1/256 probability the
1248     * PKCS#7 padding accidentally looks valid, causing a positive
1249     * garbage-length return instead of an error.  This does not leak
1250     * RSA key information, so it is acceptable.  When both cases do
1251     * fail, verify they fail at the same content-decryption layer. */
1252    if (badKeyRet < 0) {
1253        ExpectIntEQ(badKeyRet, badContentRet);
1254    }
1255
1256    return EXPECT_RESULT();
1257}
1258
1259int test_wc_PKCS7_EnvelopedData_KTRI_BadRsaPad(void)
1260{
1261    EXPECT_DECLS;
1262    byte   encrypted[FOURK_BUF];
1263    byte   decoded[FOURK_BUF];
1264    byte*  rsaCert = NULL;
1265    byte*  rsaPrivKey = NULL;
1266    word32 rsaCertSz = 0;
1267    word32 rsaPrivKeySz = 0;
1268#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
1269    !defined(NO_FILESYSTEM)
1270    XFILE f = XBADFILE;
1271#endif
1272
1273    /* Load RSA cert and key */
1274#if defined(USE_CERT_BUFFERS_1024)
1275    rsaCertSz = (word32)sizeof_client_cert_der_1024;
1276    ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
1277        DYNAMIC_TYPE_TMP_BUFFER));
1278    if (rsaCert != NULL)
1279        XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
1280    rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
1281    ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
1282        DYNAMIC_TYPE_TMP_BUFFER));
1283    if (rsaPrivKey != NULL)
1284        XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
1285#elif defined(USE_CERT_BUFFERS_2048)
1286    rsaCertSz = (word32)sizeof_client_cert_der_2048;
1287    ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
1288        DYNAMIC_TYPE_TMP_BUFFER));
1289    if (rsaCert != NULL)
1290        XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
1291    rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
1292    ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
1293        DYNAMIC_TYPE_TMP_BUFFER));
1294    if (rsaPrivKey != NULL)
1295        XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
1296#elif !defined(NO_FILESYSTEM)
1297    rsaCertSz = FOURK_BUF;
1298    ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
1299        DYNAMIC_TYPE_TMP_BUFFER));
1300    ExpectTrue((f = XFOPEN("./certs/client-cert.der", "rb")) != XBADFILE);
1301    ExpectTrue((rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, f)) > 0);
1302    if (f != XBADFILE) {
1303        XFCLOSE(f);
1304        f = XBADFILE;
1305    }
1306    rsaPrivKeySz = FOURK_BUF;
1307    ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
1308        DYNAMIC_TYPE_TMP_BUFFER));
1309    ExpectTrue((f = XFOPEN("./certs/client-key.der", "rb")) != XBADFILE);
1310    ExpectTrue((rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1,
1311        rsaPrivKeySz, f)) > 0);
1312    if (f != XBADFILE)
1313        XFCLOSE(f);
1314#endif
1315
1316    if (rsaCert == NULL || rsaPrivKey == NULL) {
1317        XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
1318        XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
1319        return TEST_SKIPPED;
1320    }
1321
1322    /* AES-128: 32-byte fake CEK larger than real CEK size (16 bytes). */
1323    ExpectIntEQ(pkcs7_ktri_bad_pad_case(AES128CBCb, rsaCert, rsaCertSz,
1324                rsaPrivKey, rsaPrivKeySz, encrypted, sizeof(encrypted),
1325                decoded, sizeof(decoded)), TEST_SUCCESS);
1326#ifdef WOLFSSL_AES_192
1327    /* AES-192: fake CEK (32) vs real CEK (24) - another size mismatch. */
1328    ExpectIntEQ(pkcs7_ktri_bad_pad_case(AES192CBCb, rsaCert, rsaCertSz,
1329                rsaPrivKey, rsaPrivKeySz, encrypted, sizeof(encrypted),
1330                decoded, sizeof(decoded)), TEST_SUCCESS);
1331#endif
1332    /* AES-256: fake CEK size matches real CEK size (32 bytes). */
1333    ExpectIntEQ(pkcs7_ktri_bad_pad_case(AES256CBCb, rsaCert, rsaCertSz,
1334                rsaPrivKey, rsaPrivKeySz, encrypted, sizeof(encrypted),
1335                decoded, sizeof(decoded)), TEST_SUCCESS);
1336
1337    XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
1338    XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
1339    return EXPECT_RESULT();
1340} /* END test_wc_PKCS7_EnvelopedData_KTRI_BadRsaPad */
1341#endif
1342
1343
1344/*
1345 * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
1346 */
1347int test_wc_PKCS7_EncodeSignedData_ex(void)
1348{
1349    EXPECT_DECLS;
1350#if defined(HAVE_PKCS7)
1351    int        i;
1352    PKCS7*     pkcs7 = NULL;
1353    WC_RNG     rng;
1354    byte       outputHead[FOURK_BUF/2];
1355    byte       outputFoot[FOURK_BUF/2];
1356    word32     outputHeadSz = (word32)sizeof(outputHead);
1357    word32     outputFootSz = (word32)sizeof(outputFoot);
1358    byte       data[FOURK_BUF];
1359    wc_HashAlg hash;
1360#ifdef NO_SHA
1361    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
1362#else
1363    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
1364#endif
1365    byte        hashBuf[WC_MAX_DIGEST_SIZE];
1366    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
1367
1368#ifndef NO_RSA
1369    #if defined(USE_CERT_BUFFERS_2048)
1370        byte        key[sizeof(client_key_der_2048)];
1371        byte        cert[sizeof(client_cert_der_2048)];
1372        word32      keySz = (word32)sizeof(key);
1373        word32      certSz = (word32)sizeof(cert);
1374        XMEMSET(key, 0, keySz);
1375        XMEMSET(cert, 0, certSz);
1376        XMEMCPY(key, client_key_der_2048, keySz);
1377        XMEMCPY(cert, client_cert_der_2048, certSz);
1378    #elif defined(USE_CERT_BUFFERS_1024)
1379        byte        key[sizeof_client_key_der_1024];
1380        byte        cert[sizeof(sizeof_client_cert_der_1024)];
1381        word32      keySz = (word32)sizeof(key);
1382        word32      certSz = (word32)sizeof(cert);
1383        XMEMSET(key, 0, keySz);
1384        XMEMSET(cert, 0, certSz);
1385        XMEMCPY(key, client_key_der_1024, keySz);
1386        XMEMCPY(cert, client_cert_der_1024, certSz);
1387    #else
1388        unsigned char  cert[ONEK_BUF];
1389        unsigned char  key[ONEK_BUF];
1390        XFILE          fp = XBADFILE;
1391        int            certSz;
1392        int            keySz;
1393
1394        ExpectTure((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
1395            XBADFILE);
1396        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
1397            fp), 0);
1398        if (fp != XBADFILE) {
1399            XFCLOSE(fp);
1400            fp = XBADFILE;
1401        }
1402
1403        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
1404            XBADFILE);
1405        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
1406            0);
1407        if (fp != XBADFILE)
1408            XFCLOSE(fp);
1409    #endif
1410#elif defined(HAVE_ECC)
1411    #if defined(USE_CERT_BUFFERS_256)
1412        unsigned char   cert[sizeof(cliecc_cert_der_256)];
1413        unsigned char   key[sizeof(ecc_clikey_der_256)];
1414        int             certSz = (int)sizeof(cert);
1415        int             keySz = (int)sizeof(key);
1416
1417        XMEMSET(cert, 0, certSz);
1418        XMEMSET(key, 0, keySz);
1419        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
1420        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
1421    #else
1422        unsigned char cert[ONEK_BUF];
1423        unsigned char key[ONEK_BUF];
1424        XFILE         fp = XBADFILE;
1425        int           certSz;
1426        int           keySz;
1427
1428        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
1429            XBADFILE);
1430        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
1431            fp), 0);
1432        if (fp != XBADFILE) {
1433            XFCLOSE(fp);
1434            fp = XBADFILE;
1435        }
1436
1437        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
1438            XBADFILE);
1439        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
1440            0);
1441        if (fp != XBADFILE)
1442            XFCLOSE(fp);
1443    #endif
1444#endif
1445
1446    XMEMSET(&rng, 0, sizeof(WC_RNG));
1447
1448    /* initialize large data with sequence */
1449    for (i=0; i<(int)sizeof(data); i++)
1450        data[i] = i & 0xff;
1451
1452    XMEMSET(outputHead, 0, outputHeadSz);
1453    XMEMSET(outputFoot, 0, outputFootSz);
1454    ExpectIntEQ(wc_InitRng(&rng), 0);
1455
1456    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1457    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
1458
1459    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
1460
1461    if (pkcs7 != NULL) {
1462        pkcs7->content = NULL; /* not used for ex */
1463        pkcs7->contentSz = (word32)sizeof(data);
1464        pkcs7->privateKey = key;
1465        pkcs7->privateKeySz = (word32)sizeof(key);
1466        pkcs7->encryptOID = RSAk;
1467    #ifdef NO_SHA
1468        pkcs7->hashOID = SHA256h;
1469    #else
1470        pkcs7->hashOID = SHAh;
1471    #endif
1472        pkcs7->rng = &rng;
1473    }
1474
1475    /* calculate hash for content */
1476    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
1477    ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
1478    ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
1479    ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
1480    DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
1481
1482    /* Perform PKCS7 sign using hash directly */
1483    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
1484        outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
1485    ExpectIntGT(outputHeadSz, 0);
1486    ExpectIntGT(outputFootSz, 0);
1487
1488    wc_PKCS7_Free(pkcs7);
1489    pkcs7 = NULL;
1490    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1491    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
1492
1493    /* required parameter even on verify when using _ex, if using outputHead
1494     * and outputFoot */
1495    if (pkcs7 != NULL) {
1496        pkcs7->contentSz = (word32)sizeof(data);
1497    }
1498    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
1499        outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
1500
1501    wc_PKCS7_Free(pkcs7);
1502    pkcs7 = NULL;
1503
1504    /* assembly complete PKCS7 sign and use normal verify */
1505    {
1506        byte* output = NULL;
1507        word32 outputSz = 0;
1508    #ifndef NO_PKCS7_STREAM
1509        word32 z;
1510        int ret;
1511    #endif /* !NO_PKCS7_STREAM */
1512
1513        ExpectNotNull(output = (byte*)XMALLOC(
1514            outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
1515            DYNAMIC_TYPE_TMP_BUFFER));
1516        if (output != NULL) {
1517            XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
1518            outputSz += outputHeadSz;
1519            XMEMCPY(&output[outputSz], data, sizeof(data));
1520            outputSz += sizeof(data);
1521            XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
1522            outputSz += outputFootSz;
1523        }
1524
1525        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1526        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
1527        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
1528
1529    #ifndef NO_PKCS7_STREAM
1530        wc_PKCS7_Free(pkcs7);
1531        pkcs7 = NULL;
1532
1533        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1534        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
1535
1536        /* test for streaming mode */
1537        ret = -1;
1538        for (z = 0; z < outputSz && ret != 0; z++) {
1539            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
1540            if (ret < 0){
1541                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
1542            }
1543        }
1544        ExpectIntEQ(ret, 0);
1545        ExpectIntNE(pkcs7->contentSz, 0);
1546        ExpectNotNull(pkcs7->contentDynamic);
1547
1548        wc_PKCS7_Free(pkcs7);
1549        pkcs7 = NULL;
1550        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1551        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
1552    #endif /* !NO_PKCS7_STREAM */
1553
1554        XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
1555    }
1556
1557    /* Pass in bad args. */
1558    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
1559        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1560    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
1561        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1562    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
1563        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1564    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
1565        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1566    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
1567        outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1568    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
1569        outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1570    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
1571        outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1572    if (pkcs7 != NULL) {
1573        pkcs7->hashOID = 0; /* bad hashOID */
1574    }
1575    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
1576        outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1577
1578    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
1579        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1580
1581    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
1582        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1583#ifndef NO_PKCS7_STREAM
1584    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
1585        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
1586#else
1587    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
1588        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E));
1589#endif
1590    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
1591        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1592#ifndef NO_PKCS7_STREAM
1593    /* can pass in 0 buffer length with streaming API */
1594    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
1595        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
1596#else
1597    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
1598        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1599#endif
1600    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
1601        outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1602#ifndef NO_PKCS7_STREAM
1603    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
1604        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
1605#else
1606    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
1607        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E));
1608#endif
1609
1610    wc_PKCS7_Free(pkcs7);
1611    DoExpectIntEQ(wc_FreeRng(&rng), 0);
1612#endif
1613    return EXPECT_RESULT();
1614} /* END test_wc_PKCS7_EncodeSignedData_ex */
1615
1616
1617#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
1618
1619/**
1620 * Loads certs/keys from files or buffers into the argument buffers,
1621 * helper function called by CreatePKCS7SignedData().
1622 *
1623 * Returns 0 on success, negative on error.
1624 */
1625static int LoadPKCS7SignedDataCerts(
1626        int useIntermediateCertChain, int pkAlgoType,
1627        byte* intCARoot, word32* intCARootSz,
1628        byte* intCA1, word32* intCA1Sz,
1629        byte* intCA2, word32* intCA2Sz,
1630        byte* cert, word32* certSz,
1631        byte* key, word32* keySz)
1632{
1633    EXPECT_DECLS;
1634    int ret = 0;
1635    XFILE fp = XBADFILE;
1636
1637#ifndef NO_RSA
1638    const char* intCARootRSA   = "./certs/ca-cert.der";
1639    const char* intCA1RSA      = "./certs/intermediate/ca-int-cert.der";
1640    const char* intCA2RSA      = "./certs/intermediate/ca-int2-cert.der";
1641    const char* intServCertRSA = "./certs/intermediate/server-int-cert.der";
1642    const char* intServKeyRSA  = "./certs/server-key.der";
1643
1644    #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)
1645        const char* cli1024Cert    = "./certs/1024/client-cert.der";
1646        const char* cli1024Key     = "./certs/1024/client-key.der";
1647    #endif
1648#endif
1649#ifdef HAVE_ECC
1650    const char* intCARootECC   = "./certs/ca-ecc-cert.der";
1651    const char* intCA1ECC      = "./certs/intermediate/ca-int-ecc-cert.der";
1652    const char* intCA2ECC      = "./certs/intermediate/ca-int2-ecc-cert.der";
1653    const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der";
1654    const char* intServKeyECC  = "./certs/ecc-key.der";
1655
1656    #ifndef USE_CERT_BUFFERS_256
1657        const char* cliEccCert     = "./certs/client-ecc-cert.der";
1658        const char* cliEccKey      = "./certs/client-ecc-key.der";
1659    #endif
1660#endif
1661
1662    if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL ||
1663        ((useIntermediateCertChain == 1) &&
1664        (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL ||
1665         intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) {
1666        return BAD_FUNC_ARG;
1667    }
1668
1669    /* Read/load certs and keys to use for signing based on PK type and chain */
1670    switch (pkAlgoType) {
1671#ifndef NO_RSA
1672        case RSA_TYPE:
1673            if (useIntermediateCertChain == 1) {
1674                ExpectTrue((fp = XFOPEN(intCARootRSA, "rb")) != XBADFILE);
1675                *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp);
1676                if (fp != XBADFILE) {
1677                    XFCLOSE(fp);
1678                    fp = XBADFILE;
1679                }
1680                ExpectIntGT(*intCARootSz, 0);
1681
1682                ExpectTrue((fp = XFOPEN(intCA1RSA, "rb")) != XBADFILE);
1683                if (fp != XBADFILE) {
1684                    *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
1685                    XFCLOSE(fp);
1686                    fp = XBADFILE;
1687                }
1688                ExpectIntGT(*intCA1Sz, 0);
1689
1690                ExpectTrue((fp = XFOPEN(intCA2RSA, "rb")) != XBADFILE);
1691                if (fp != XBADFILE) {
1692                    *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
1693                    XFCLOSE(fp);
1694                    fp = XBADFILE;
1695                }
1696                ExpectIntGT(*intCA2Sz, 0);
1697
1698                ExpectTrue((fp = XFOPEN(intServCertRSA, "rb")) != XBADFILE);
1699                if (fp != XBADFILE) {
1700                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
1701                    XFCLOSE(fp);
1702                    fp = XBADFILE;
1703                }
1704                ExpectIntGT(*certSz, 0);
1705
1706                ExpectTrue((fp = XFOPEN(intServKeyRSA, "rb")) != XBADFILE);
1707                if (fp != XBADFILE) {
1708                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
1709                    XFCLOSE(fp);
1710                    fp = XBADFILE;
1711                }
1712                ExpectIntGT(*keySz, 0);
1713            }
1714            else {
1715            #if defined(USE_CERT_BUFFERS_2048)
1716                *keySz  = sizeof_client_key_der_2048;
1717                *certSz = sizeof_client_cert_der_2048;
1718                XMEMCPY(key, client_key_der_2048, *keySz);
1719                XMEMCPY(cert, client_cert_der_2048, *certSz);
1720            #elif defined(USE_CERT_BUFFERS_1024)
1721                *keySz  = sizeof_client_key_der_1024;
1722                *certSz = sizeof_client_cert_der_1024;
1723                XMEMCPY(key, client_key_der_1024, *keySz);
1724                XMEMCPY(cert, client_cert_der_1024, *certSz);
1725            #else
1726                ExpectTrue((fp = XFOPEN(cli1024Key, "rb")) != XBADFILE);
1727                if (fp != XBADFILE) {
1728                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
1729                    XFCLOSE(fp);
1730                    fp = XBADFILE;
1731                }
1732                ExpectIntGT(*keySz, 0);
1733
1734                ExpectTrue((fp = XFOPEN(cli1024Cert, "rb")) != XBADFILE);
1735                if (fp != XBADFILE) {
1736                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
1737                    XFCLOSE(fp);
1738                    fp = XBADFILE;
1739                }
1740                ExpectIntGT(*certSz, 0);
1741            #endif /* USE_CERT_BUFFERS_2048 */
1742            }
1743            break;
1744#endif /* !NO_RSA */
1745#ifdef HAVE_ECC
1746        case ECC_TYPE:
1747            if (useIntermediateCertChain == 1) {
1748                ExpectTrue((fp = XFOPEN(intCARootECC, "rb")) != XBADFILE);
1749                if (fp != XBADFILE) {
1750                    *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz,
1751                                                  fp);
1752                    XFCLOSE(fp);
1753                    fp = XBADFILE;
1754                }
1755                ExpectIntGT(*intCARootSz, 0);
1756
1757                ExpectTrue((fp = XFOPEN(intCA1ECC, "rb")) != XBADFILE);
1758                if (fp != XBADFILE) {
1759                    *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
1760                    XFCLOSE(fp);
1761                    fp = XBADFILE;
1762                }
1763                ExpectIntGT(*intCA1Sz, 0);
1764
1765                ExpectTrue((fp = XFOPEN(intCA2ECC, "rb")) != XBADFILE);
1766                if (fp != XBADFILE) {
1767                    *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
1768                    XFCLOSE(fp);
1769                    fp = XBADFILE;
1770                }
1771                ExpectIntGT(*intCA2Sz, 0);
1772
1773                ExpectTrue((fp = XFOPEN(intServCertECC, "rb")) != XBADFILE);
1774                if (fp != XBADFILE) {
1775                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
1776                    XFCLOSE(fp);
1777                    fp = XBADFILE;
1778                }
1779                ExpectIntGT(*certSz, 0);
1780
1781                ExpectTrue((fp = XFOPEN(intServKeyECC, "rb")) != XBADFILE);
1782                if (fp != XBADFILE) {
1783                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
1784                    XFCLOSE(fp);
1785                    fp = XBADFILE;
1786                }
1787                ExpectIntGT(*keySz, 0);
1788            }
1789            else {
1790            #if defined(USE_CERT_BUFFERS_256)
1791                *keySz  = sizeof_ecc_clikey_der_256;
1792                *certSz = sizeof_cliecc_cert_der_256;
1793                XMEMCPY(key, ecc_clikey_der_256, *keySz);
1794                XMEMCPY(cert, cliecc_cert_der_256, *certSz);
1795            #else
1796                ExpectTrue((fp = XFOPEN(cliEccKey, "rb")) != XBADFILE);
1797                if (fp != XBADFILE) {
1798                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
1799                    XFCLOSE(fp);
1800                    fp = XBADFILE;
1801                }
1802                ExpectIntGT(*keySz, 0);
1803
1804                ExpectTrue((fp = XFOPEN(cliEccCert, "rb")) != XBADFILE);
1805                if (fp != XBADFILE) {
1806                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
1807                    XFCLOSE(fp);
1808                    fp = XBADFILE;
1809                }
1810                ExpectIntGT(*certSz, 0);
1811            #endif /* USE_CERT_BUFFERS_256 */
1812            }
1813            break;
1814#endif /* HAVE_ECC */
1815        default:
1816            WOLFSSL_MSG("Unsupported SignedData PK type");
1817            ret = BAD_FUNC_ARG;
1818            break;
1819    }
1820
1821    if (EXPECT_FAIL() && (ret == 0)) {
1822        ret = BAD_FUNC_ARG;
1823    }
1824    return ret;
1825}
1826
1827/**
1828 * Creates a PKCS7/CMS SignedData bundle to use for testing.
1829 *
1830 * output          output buffer to place SignedData
1831 * outputSz        size of output buffer
1832 * data            data buffer to be signed
1833 * dataSz          size of data buffer
1834 * withAttribs     [1/0] include attributes in SignedData message
1835 * detachedSig     [1/0] create detached signature, no content
1836 * useIntCertChain [1/0] use certificate chain and include intermediate and
1837 *                 root CAs in bundle
1838 * pkAlgoType      RSA_TYPE or ECC_TYPE, choose what key/cert type to use
1839 *
1840 * Return size of bundle created on success, negative on error */
1841int CreatePKCS7SignedData(unsigned char* output, int outputSz,
1842                          byte* data, word32 dataSz,
1843                          int withAttribs, int detachedSig,
1844                          int useIntermediateCertChain,
1845                          int pkAlgoType)
1846{
1847    EXPECT_DECLS;
1848    int ret = 0;
1849    WC_RNG rng;
1850    PKCS7* pkcs7 = NULL;
1851
1852    static byte messageTypeOid[] =
1853               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
1854                 0x09, 0x02 };
1855    static byte messageType[] = { 0x13, 2, '1', '9' };
1856
1857    PKCS7Attrib attribs[] =
1858    {
1859        { messageTypeOid, sizeof(messageTypeOid), messageType,
1860                                       sizeof(messageType) }
1861    };
1862
1863    byte intCARoot[TWOK_BUF];
1864    byte intCA1[TWOK_BUF];
1865    byte intCA2[TWOK_BUF];
1866    byte cert[TWOK_BUF];
1867    byte key[TWOK_BUF];
1868
1869    word32 intCARootSz = sizeof(intCARoot);
1870    word32 intCA1Sz    = sizeof(intCA1);
1871    word32 intCA2Sz    = sizeof(intCA2);
1872    word32 certSz      = sizeof(cert);
1873    word32 keySz       = sizeof(key);
1874
1875    XMEMSET(intCARoot, 0, intCARootSz);
1876    XMEMSET(intCA1, 0, intCA1Sz);
1877    XMEMSET(intCA2, 0, intCA2Sz);
1878    XMEMSET(cert, 0, certSz);
1879    XMEMSET(key, 0, keySz);
1880
1881    ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType,
1882                intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz,
1883                cert, &certSz, key, &keySz);
1884    ExpectIntEQ(ret, 0);
1885
1886    XMEMSET(output, 0, outputSz);
1887    ExpectIntEQ(wc_InitRng(&rng), 0);
1888
1889    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1890    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
1891    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
1892
1893    if (useIntermediateCertChain == 1) {
1894        /* Add intermediate and root CA certs into SignedData Certs SET */
1895        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0);
1896        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0);
1897        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0);
1898    }
1899
1900    if (pkcs7 != NULL) {
1901        pkcs7->content = data;
1902        pkcs7->contentSz = dataSz;
1903        pkcs7->privateKey = key;
1904        pkcs7->privateKeySz = (word32)sizeof(key);
1905        if (pkAlgoType == RSA_TYPE) {
1906            pkcs7->encryptOID = RSAk;
1907        }
1908        else {
1909            pkcs7->encryptOID = ECDSAk;
1910        }
1911    #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
1912        pkcs7->hashOID = SHA256h;
1913    #else
1914        pkcs7->hashOID = SHAh;
1915    #endif
1916        pkcs7->rng = &rng;
1917        if (withAttribs) {
1918            /* include a signed attribute */
1919            pkcs7->signedAttribs   = attribs;
1920            pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
1921        }
1922    }
1923
1924    if (detachedSig) {
1925        ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
1926    }
1927
1928    outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, (word32)outputSz);
1929    ExpectIntGT(outputSz, 0);
1930    wc_PKCS7_Free(pkcs7);
1931    pkcs7 = NULL;
1932    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1933    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
1934    if (detachedSig && (pkcs7 != NULL)) {
1935        pkcs7->content = data;
1936        pkcs7->contentSz = dataSz;
1937    }
1938    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0);
1939
1940    wc_PKCS7_Free(pkcs7);
1941    wc_FreeRng(&rng);
1942
1943    if (EXPECT_FAIL()) {
1944        outputSz = 0;
1945    }
1946    return outputSz;
1947}
1948#endif
1949
1950/*
1951 * Testing wc_PKCS_VerifySignedData()
1952 */
1953int test_wc_PKCS7_VerifySignedData_RSA(void)
1954{
1955    EXPECT_DECLS;
1956#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
1957    PKCS7* pkcs7 = NULL;
1958    byte   output[6000]; /* Large size needed for bundles with int CA certs */
1959    word32 outputSz = sizeof(output);
1960    byte   data[] = "Test data to encode.";
1961    byte   badOut[1];
1962    word32 badOutSz = 0;
1963    byte   badContent[] = "This is different content than was signed";
1964    wc_HashAlg hash;
1965#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
1966    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
1967#else
1968    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
1969#endif
1970    byte        hashBuf[WC_MAX_DIGEST_SIZE];
1971    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
1972#ifndef NO_RSA
1973    PKCS7DecodedAttrib* decodedAttrib = NULL;
1974    /* contentType OID (1.2.840.113549.1.9.3) */
1975    static const byte contentTypeOid[] =
1976        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 };
1977
1978    /* PKCS#7 DATA content type (contentType defaults to DATA) */
1979    static const byte dataType[] =
1980        { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 };
1981
1982    /* messageDigest OID (1.2.840.113549.1.9.4) */
1983    static const byte messageDigestOid[] =
1984        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 };
1985#ifndef NO_ASN_TIME
1986    /* signingTime OID () */
1987    static const byte signingTimeOid[] =
1988        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05};
1989#endif
1990#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
1991    int dateLength = 0;
1992    byte dateFormat;
1993    const byte* datePart = NULL;
1994    struct tm timearg;
1995    time_t now;
1996    struct tm* nowTm = NULL;
1997#ifdef NEED_TMP_TIME
1998    struct tm tmpTimeStorage;
1999    struct tm* tmpTime = &tmpTimeStorage;
2000#endif
2001#endif /* !NO_ASN && !NO_ASN_TIME */
2002#ifndef NO_PKCS7_STREAM
2003    word32 z;
2004    int ret;
2005#endif /* !NO_PKCS7_STREAM */
2006
2007    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
2008
2009    /* Success test with RSA certs/key */
2010    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
2011        (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0);
2012
2013    /* calculate hash for content, used later */
2014    ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
2015    ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
2016    ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
2017    DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
2018
2019    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2020    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
2021    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2022    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
2023
2024#ifndef NO_PKCS7_STREAM
2025    wc_PKCS7_Free(pkcs7);
2026    pkcs7 = NULL;
2027
2028    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2029    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2030
2031    /* test for streaming */
2032    ret = -1;
2033    for (z = 0; z < outputSz && ret != 0; z++) {
2034        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2035        if (ret < 0){
2036            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2037        }
2038    }
2039    ExpectIntEQ(ret, 0);
2040    ExpectIntNE(pkcs7->contentSz, 0);
2041    ExpectNotNull(pkcs7->contentDynamic);
2042#endif /* !NO_PKCS7_STREAM */
2043
2044    /* Check that decoded signed attributes are correct */
2045
2046    /* messageDigest should be first */
2047    if (pkcs7 != NULL) {
2048        decodedAttrib = pkcs7->decodedAttrib;
2049    }
2050    ExpectNotNull(decodedAttrib);
2051    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(messageDigestOid));
2052    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, messageDigestOid,
2053        decodedAttrib->oidSz), 0);
2054    /* + 2 for OCTET STRING and length bytes */
2055    ExpectIntEQ(decodedAttrib->valueSz, hashSz + 2);
2056    ExpectNotNull(decodedAttrib->value);
2057    ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, hashBuf, hashSz), 0);
2058
2059#ifndef NO_ASN_TIME
2060    /* signingTime should be second */
2061    if (decodedAttrib != NULL) {
2062        decodedAttrib = decodedAttrib->next;
2063    }
2064    ExpectNotNull(decodedAttrib);
2065    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(signingTimeOid));
2066    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, signingTimeOid,
2067        decodedAttrib->oidSz), 0);
2068
2069    ExpectIntGT(decodedAttrib->valueSz, 0);
2070    ExpectNotNull(decodedAttrib->value);
2071#endif
2072
2073    /* Verify signingTime if ASN and time are available */
2074#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
2075    ExpectIntEQ(wc_GetDateInfo(decodedAttrib->value, decodedAttrib->valueSz,
2076        &datePart, &dateFormat, &dateLength), 0);
2077    ExpectNotNull(datePart);
2078    ExpectIntGT(dateLength, 0);
2079    XMEMSET(&timearg, 0, sizeof(timearg));
2080    ExpectIntEQ(wc_GetDateAsCalendarTime(datePart, dateLength, dateFormat,
2081         &timearg), 0);
2082
2083    /* Get current time and compare year/month/day against attribute value */
2084    ExpectIntEQ(wc_GetTime(&now, sizeof(now)), 0);
2085    nowTm = (struct tm*)XGMTIME((time_t*)&now, tmpTime);
2086    ExpectNotNull(nowTm);
2087
2088    ExpectIntEQ(timearg.tm_year, nowTm->tm_year);
2089    ExpectIntEQ(timearg.tm_mon, nowTm->tm_mon);
2090    ExpectIntEQ(timearg.tm_mday, nowTm->tm_mday);
2091#endif /* !NO_ASN && !NO_ASN_TIME */
2092
2093    /* contentType should be third */
2094    if (decodedAttrib != NULL) {
2095        decodedAttrib = decodedAttrib->next;
2096    }
2097    ExpectNotNull(decodedAttrib);
2098    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(contentTypeOid));
2099    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, contentTypeOid,
2100        decodedAttrib->oidSz), 0);
2101    ExpectIntEQ(decodedAttrib->valueSz, (int)sizeof(dataType) + 2);
2102    ExpectNotNull(decodedAttrib->value);
2103    ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, dataType, sizeof(dataType)),
2104        0);
2105#endif /* !NO_RSA */
2106
2107    /* Test bad args. */
2108    ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
2109                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
2110    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
2111                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
2112    #ifndef NO_PKCS7_STREAM
2113        /* can pass in 0 buffer length with streaming API */
2114        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
2115                                    badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2116    #else
2117        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
2118                                    badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
2119    #endif
2120    wc_PKCS7_Free(pkcs7);
2121    pkcs7 = NULL;
2122
2123#ifndef NO_RSA
2124    /* Try RSA certs/key/sig first */
2125    outputSz = sizeof(output);
2126    XMEMSET(output, 0, outputSz);
2127    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
2128                                                  (word32)sizeof(data),
2129                                                  1, 1, 0, RSA_TYPE)), 0);
2130    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2131    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2132    if (pkcs7 != NULL) {
2133        pkcs7->content = badContent;
2134        pkcs7->contentSz = sizeof(badContent);
2135    }
2136    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
2137                WC_NO_ERR_TRACE(SIG_VERIFY_E));
2138
2139    wc_PKCS7_Free(pkcs7);
2140    pkcs7 = NULL;
2141
2142#ifndef NO_PKCS7_STREAM
2143    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2144    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2145    if (pkcs7 != NULL) {
2146        pkcs7->content = badContent;
2147        pkcs7->contentSz = sizeof(badContent);
2148    }
2149    /* test for streaming */
2150    ret = -1;
2151    for (z = 0; z < outputSz && ret != 0; z++) {
2152        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2153        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
2154            continue;
2155        }
2156        else if (ret < 0) {
2157            break;
2158        }
2159    }
2160    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
2161    ExpectIntNE(pkcs7->contentSz, 0);
2162    ExpectNotNull(pkcs7->contentDynamic);
2163    wc_PKCS7_Free(pkcs7);
2164    pkcs7 = NULL;
2165#endif /* !NO_PKCS7_STREAM */
2166
2167
2168    /* Test success case with detached signature and valid content */
2169    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2170    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2171    if (pkcs7 != NULL) {
2172        pkcs7->content = data;
2173        pkcs7->contentSz = sizeof(data);
2174    }
2175    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
2176    wc_PKCS7_Free(pkcs7);
2177    pkcs7 = NULL;
2178
2179#ifndef NO_PKCS7_STREAM
2180    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2181    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2182    if (pkcs7 != NULL) {
2183        pkcs7->content = data;
2184        pkcs7->contentSz = sizeof(data);
2185    }
2186
2187    /* test for streaming */
2188    ret = -1;
2189    for (z = 0; z < outputSz && ret != 0; z++) {
2190        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2191        if (ret < 0){
2192            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2193        }
2194    }
2195    ExpectIntEQ(ret, 0);
2196    ExpectIntNE(pkcs7->contentSz, 0);
2197    ExpectNotNull(pkcs7->contentDynamic);
2198
2199    wc_PKCS7_Free(pkcs7);
2200    pkcs7 = NULL;
2201#endif /* !NO_PKCS7_STREAM */
2202
2203    /* verify using pre-computed content digest only (no content) */
2204    {
2205        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2206        ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, testDevId), 0);
2207        ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
2208            output, outputSz, NULL, 0), 0);
2209        wc_PKCS7_Free(pkcs7);
2210        pkcs7 = NULL;
2211    }
2212#endif /* !NO_RSA */
2213
2214    /* Test verify on signedData containing intermediate/root CA certs */
2215#ifndef NO_RSA
2216    outputSz = sizeof(output);
2217    XMEMSET(output, 0, outputSz);
2218    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
2219                                                  (word32)sizeof(data),
2220                                                  0, 0, 1, RSA_TYPE)), 0);
2221    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2222    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2223    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
2224    wc_PKCS7_Free(pkcs7);
2225    pkcs7 = NULL;
2226
2227#ifndef NO_PKCS7_STREAM
2228    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2229    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2230
2231    /* test for streaming */
2232    ret = -1;
2233    for (z = 0; z < outputSz && ret != 0; z++) {
2234        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2235        if (ret < 0){
2236            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2237        }
2238    }
2239    ExpectIntEQ(ret, 0);
2240    ExpectIntNE(pkcs7->contentSz, 0);
2241    ExpectNotNull(pkcs7->contentDynamic);
2242
2243    wc_PKCS7_Free(pkcs7);
2244    pkcs7 = NULL;
2245#endif /* !NO_PKCS7_STREAM */
2246
2247#endif /* !NO_RSA */
2248#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
2249        !defined(NO_FILESYSTEM)
2250    {
2251        XFILE signedBundle = XBADFILE;
2252        int   signedBundleSz = 0;
2253        int   chunkSz = 1;
2254        int   i, rc = 0;
2255        byte* buf = NULL;
2256
2257        ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
2258            "rb")) != XBADFILE);
2259        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
2260        ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
2261        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
2262        ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
2263            DYNAMIC_TYPE_FILE));
2264        if (buf != NULL) {
2265            ExpectIntEQ(XFREAD(buf, 1, (size_t)signedBundleSz, signedBundle),
2266                signedBundleSz);
2267        }
2268        if (signedBundle != XBADFILE) {
2269            XFCLOSE(signedBundle);
2270            signedBundle = XBADFILE;
2271        }
2272
2273        if (buf != NULL) {
2274            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2275            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2276            for (i = 0; i < signedBundleSz;) {
2277                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
2278                    chunkSz;
2279                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
2280                if (rc < 0 ) {
2281                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
2282                        i += sz;
2283                        continue;
2284                    }
2285                    break;
2286                }
2287                else {
2288                    break;
2289                }
2290            }
2291            ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
2292            wc_PKCS7_Free(pkcs7);
2293            pkcs7 = NULL;
2294        }
2295
2296        /* now try with malformed bundle */
2297        if (buf != NULL) {
2298            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2299            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2300            buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
2301            for (i = 0; i < signedBundleSz;) {
2302                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
2303                    chunkSz;
2304                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
2305                if (rc < 0 ) {
2306                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
2307                        i += sz;
2308                        continue;
2309                    }
2310                    break;
2311                }
2312                else {
2313                    break;
2314                }
2315            }
2316            ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E));
2317            wc_PKCS7_Free(pkcs7);
2318            pkcs7 = NULL;
2319        }
2320
2321        if (buf != NULL)
2322            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
2323    }
2324#endif /* BER and stream */
2325#endif
2326    return EXPECT_RESULT();
2327} /* END test_wc_PKCS7_VerifySignedData()_RSA */
2328
2329int test_wc_PKCS7_VerifySignedData_TamperedAttribs(void)
2330{
2331    EXPECT_DECLS;
2332#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
2333    PKCS7* pkcs7 = NULL;
2334    byte   output[6000];
2335    word32 outputSz = sizeof(output);
2336    byte   data[] = "Test data to encode.";
2337    /* SCEP messageType OID + SET { PrintableString "19" } */
2338    const byte pattern[] = {
2339        0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8,
2340        0x45, 0x01, 0x09, 0x02,
2341        0x31, 0x04, 0x13, 0x02, 0x31, 0x39
2342    };
2343    word32 i;
2344    int    found = -1;
2345    int    matches = 0;
2346
2347    XMEMSET(output, 0, outputSz);
2348    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz,
2349        data, (word32)sizeof(data),
2350        1 /* withAttribs */, 0 /* detached */, 0, RSA_TYPE)), 0);
2351
2352    if (outputSz > 0 && outputSz <= sizeof(output)) {
2353        for (i = 0; i + sizeof(pattern) <= outputSz; i++) {
2354            if (XMEMCMP(output + i, pattern, sizeof(pattern)) == 0) {
2355                if (matches == 0)
2356                    found = (int)i;
2357                matches++;
2358            }
2359        }
2360        ExpectIntEQ(matches, 1);
2361    }
2362
2363    if (matches == 1 && found >= 0) {
2364        output[found + (int)sizeof(pattern) - 1] ^= 0x01;
2365
2366        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2367        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2368        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
2369            WC_NO_ERR_TRACE(SIG_VERIFY_E));
2370        wc_PKCS7_Free(pkcs7);
2371        pkcs7 = NULL;
2372    }
2373#endif
2374    return EXPECT_RESULT();
2375}
2376
2377/*
2378 * Testing wc_PKCS_VerifySignedData()
2379 */
2380int test_wc_PKCS7_VerifySignedData_ECC(void)
2381{
2382    EXPECT_DECLS;
2383#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
2384    PKCS7* pkcs7 = NULL;
2385    byte   output[6000]; /* Large size needed for bundles with int CA certs */
2386    word32 outputSz = sizeof(output);
2387    byte   data[] = "Test data to encode.";
2388    byte   badContent[] = "This is different content than was signed";
2389    wc_HashAlg hash;
2390#ifndef NO_PKCS7_STREAM
2391    word32 z;
2392    int ret;
2393#endif /* !NO_PKCS7_STREAM */
2394#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS)
2395    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
2396#else
2397    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
2398#endif
2399    byte        hashBuf[WC_MAX_DIGEST_SIZE];
2400    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
2401
2402    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
2403
2404    /* Success test with ECC certs/key */
2405    outputSz = sizeof(output);
2406    XMEMSET(output, 0, outputSz);
2407    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
2408        (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0);
2409
2410    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2411    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
2412    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2413    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
2414    wc_PKCS7_Free(pkcs7);
2415    pkcs7 = NULL;
2416
2417#ifndef NO_PKCS7_STREAM
2418    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2419    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2420
2421    /* test for streaming */
2422    ret = -1;
2423    for (z = 0; z < outputSz && ret != 0; z++) {
2424        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2425        if (ret < 0){
2426            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2427        }
2428    }
2429    ExpectIntEQ(ret, 0);
2430    ExpectIntNE(pkcs7->contentSz, 0);
2431    ExpectNotNull(pkcs7->contentDynamic);
2432    wc_PKCS7_Free(pkcs7);
2433    pkcs7 = NULL;
2434#endif /* !NO_PKCS7_STREAM */
2435
2436    /* Invalid content should error, use detached signature so we can
2437     * easily change content */
2438    outputSz = sizeof(output);
2439    XMEMSET(output, 0, outputSz);
2440    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
2441        (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0);
2442    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2443    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2444    if (pkcs7 != NULL) {
2445        pkcs7->content = badContent;
2446        pkcs7->contentSz = sizeof(badContent);
2447    }
2448    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
2449        WC_NO_ERR_TRACE(SIG_VERIFY_E));
2450    wc_PKCS7_Free(pkcs7);
2451    pkcs7 = NULL;
2452
2453#ifndef NO_PKCS7_STREAM
2454    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2455    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2456    if (pkcs7 != NULL) {
2457        pkcs7->content = badContent;
2458        pkcs7->contentSz = sizeof(badContent);
2459    }
2460
2461    /* test for streaming */
2462    ret = -1;
2463    for (z = 0; z < outputSz && ret != 0; z++) {
2464        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2465        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
2466            continue;
2467        }
2468        else if (ret < 0) {
2469            break;
2470        }
2471    }
2472    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
2473    ExpectIntNE(pkcs7->contentSz, 0);
2474    ExpectNotNull(pkcs7->contentDynamic);
2475    wc_PKCS7_Free(pkcs7);
2476    pkcs7 = NULL;
2477#endif /* !NO_PKCS7_STREAM */
2478
2479
2480    /* Test success case with detached signature and valid content */
2481    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2482    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2483    if (pkcs7 != NULL) {
2484        pkcs7->content = data;
2485        pkcs7->contentSz = sizeof(data);
2486    }
2487    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
2488    wc_PKCS7_Free(pkcs7);
2489    pkcs7 = NULL;
2490
2491#ifndef NO_PKCS7_STREAM
2492    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2493    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2494    if (pkcs7 != NULL) {
2495        pkcs7->content = data;
2496        pkcs7->contentSz = sizeof(data);
2497    }
2498
2499    /* test for streaming */
2500    ret = -1;
2501    for (z = 0; z < outputSz && ret != 0; z++) {
2502        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2503        if (ret < 0){
2504            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2505        }
2506    }
2507    ExpectIntEQ(ret, 0);
2508    ExpectIntNE(pkcs7->contentSz, 0);
2509    ExpectNotNull(pkcs7->contentDynamic);
2510
2511    wc_PKCS7_Free(pkcs7);
2512    pkcs7 = NULL;
2513#endif /* !NO_PKCS7_STREAM */
2514
2515    /* verify using pre-computed content digest only (no content) */
2516    {
2517        /* calculate hash for content */
2518        ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
2519        ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
2520        ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
2521        ExpectIntEQ(wc_HashFree(&hash, hashType), 0);
2522
2523        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2524        ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, testDevId), 0);
2525        ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
2526            output, outputSz, NULL, 0), 0);
2527        wc_PKCS7_Free(pkcs7);
2528        pkcs7 = NULL;
2529    }
2530
2531    /* Test verify on signedData containing intermediate/root CA certs */
2532    outputSz = sizeof(output);
2533    XMEMSET(output, 0, outputSz);
2534    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
2535        (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0);
2536    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2537    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2538    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
2539    wc_PKCS7_Free(pkcs7);
2540    pkcs7 = NULL;
2541
2542#ifndef NO_PKCS7_STREAM
2543    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2544    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2545
2546    /* test for streaming */
2547    ret = -1;
2548    for (z = 0; z < outputSz && ret != 0; z++) {
2549        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
2550        if (ret < 0){
2551            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2552        }
2553    }
2554    ExpectIntEQ(ret, 0);
2555    ExpectIntNE(pkcs7->contentSz, 0);
2556    ExpectNotNull(pkcs7->contentDynamic);
2557
2558    wc_PKCS7_Free(pkcs7);
2559    pkcs7 = NULL;
2560#endif /* !NO_PKCS7_STREAM */
2561
2562#endif
2563    return EXPECT_RESULT();
2564} /* END test_wc_PKCS7_VerifySignedData_ECC() */
2565
2566int test_wc_PKCS7_VerifySignedData_ECC_TamperedAttribs(void)
2567{
2568    EXPECT_DECLS;
2569#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
2570    PKCS7* pkcs7 = NULL;
2571    byte   output[6000];
2572    word32 outputSz = sizeof(output);
2573    byte   data[] = "Test data to encode.";
2574    /* SCEP messageType OID + SET { PrintableString "19" } */
2575    const byte pattern[] = {
2576        0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8,
2577        0x45, 0x01, 0x09, 0x02,
2578        0x31, 0x04, 0x13, 0x02, 0x31, 0x39
2579    };
2580    word32 i;
2581    int    found = -1;
2582    int    matches = 0;
2583
2584    XMEMSET(output, 0, outputSz);
2585    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz,
2586        data, (word32)sizeof(data),
2587        1 /* withAttribs */, 0 /* detached */, 0, ECC_TYPE)), 0);
2588
2589    if (outputSz > 0 && outputSz <= sizeof(output)) {
2590        for (i = 0; i + sizeof(pattern) <= outputSz; i++) {
2591            if (XMEMCMP(output + i, pattern, sizeof(pattern)) == 0) {
2592                if (matches == 0)
2593                    found = (int)i;
2594                matches++;
2595            }
2596        }
2597        ExpectIntEQ(matches, 1);
2598    }
2599
2600    if (matches == 1 && found >= 0) {
2601        output[found + (int)sizeof(pattern) - 1] ^= 0x01;
2602
2603        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2604        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
2605        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
2606            WC_NO_ERR_TRACE(SIG_VERIFY_E));
2607        wc_PKCS7_Free(pkcs7);
2608        pkcs7 = NULL;
2609    }
2610#endif
2611    return EXPECT_RESULT();
2612}
2613
2614
2615#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
2616    defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP)
2617static const byte defKey[] = {
2618    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
2619    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
2620    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
2621    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
2622};
2623static byte aesHandle[32]; /* simulated hardware key handle */
2624
2625
2626/* return 0 on success */
2627static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
2628        byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
2629        byte* in, int inSz, byte* out, void* usrCtx)
2630{
2631    int ret;
2632    Aes aes;
2633
2634    if (usrCtx == NULL) {
2635        /* no simulated handle passed in */
2636        return -1;
2637    }
2638
2639    switch (encryptOID) {
2640        case AES256CBCb:
2641            if (ivSz  != AES_BLOCK_SIZE)
2642                return BAD_FUNC_ARG;
2643            break;
2644
2645        default:
2646            WOLFSSL_MSG("Unsupported content cipher type for test");
2647            return ALGO_ID_E;
2648    };
2649
2650    /* simulate using handle to get key */
2651    ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
2652    if (ret == 0) {
2653        ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
2654        if (ret == 0)
2655            ret = wc_AesCbcDecrypt(&aes, out, in, (word32)inSz);
2656        wc_AesFree(&aes);
2657    }
2658
2659    (void)aad;
2660    (void)aadSz;
2661    (void)authTag;
2662    (void)authTagSz;
2663    (void)pkcs7;
2664    return ret;
2665}
2666
2667
2668/* returns key size on success */
2669static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
2670        word32 keyIdSz, byte* orginKey, word32 orginKeySz,
2671        byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
2672{
2673    int ret = -1;
2674
2675    (void)cekSz;
2676    (void)cek;
2677    (void)outSz;
2678    (void)keyIdSz;
2679    (void)direction;
2680    (void)orginKey; /* used with KAKRI */
2681    (void)orginKeySz;
2682
2683    if (out == NULL)
2684        return BAD_FUNC_ARG;
2685
2686    if (keyId[0] != 0x00) {
2687        return -1;
2688    }
2689
2690    if (type != (int)PKCS7_KEKRI) {
2691        return -1;
2692    }
2693
2694    switch (keyWrapAlgo) {
2695        case AES256_WRAP:
2696            /* simulate setting a handle for later decryption but use key
2697             * as handle in the test case here */
2698            ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
2699                                      aesHandle, sizeof(aesHandle), NULL);
2700            if (ret < 0)
2701                return ret;
2702
2703            ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
2704            if (ret < 0)
2705                return ret;
2706
2707            /* return key size on success */
2708            return sizeof(defKey);
2709
2710        default:
2711            WOLFSSL_MSG("Unsupported key wrap algorithm in example");
2712            return BAD_KEYWRAP_ALG_E;
2713    };
2714}
2715#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 &&
2716          HAVE_AES_KEYWRAP */
2717
2718
2719#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) && !defined(NO_RSA) && \
2720    !defined(NO_PKCS7_STREAM)
2721#define MAX_TEST_DECODE_SIZE 6000
2722static int test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb(wc_PKCS7* pkcs7,
2723    const byte* output, word32 outputSz, void* ctx) {
2724     WOLFSSL_BUFFER_INFO* out = (WOLFSSL_BUFFER_INFO*)ctx;
2725
2726    if (out == NULL) {
2727        return -1;
2728    }
2729
2730    if (outputSz + out->length > MAX_TEST_DECODE_SIZE) {
2731        printf("Example buffer size needs increased");
2732    }
2733
2734    /* printf("Decoded in %d bytes\n", outputSz);
2735     * for (word32 z = 0; z < outputSz; z++) printf("%02X", output[z]);
2736     * printf("\n");
2737    */
2738
2739    XMEMCPY(out->buffer + out->length, output, outputSz);
2740    out->length += outputSz;
2741
2742    (void)pkcs7;
2743    return 0;
2744}
2745#endif /* HAVE_PKCS7 && ASN_BER_TO_DER */
2746
2747/*
2748 * Testing wc_PKCS7_DecodeEnvelopedData with streaming
2749 */
2750int test_wc_PKCS7_DecodeEnvelopedData_stream(void)
2751{
2752    EXPECT_DECLS;
2753#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) && !defined(NO_RSA) && \
2754    !defined(NO_PKCS7_STREAM)
2755    PKCS7*      pkcs7 = NULL;
2756    int ret = 0;
2757    XFILE f = XBADFILE;
2758    const char* testStream = "./certs/test-stream-dec.p7b";
2759    byte testStreamBuffer[100];
2760    size_t testStreamBufferSz = 0;
2761    byte decodedData[MAX_TEST_DECODE_SIZE]; /* large enough to hold result of decode, which is ca-cert.pem */
2762    WOLFSSL_BUFFER_INFO out;
2763
2764    out.length = 0;
2765    out.buffer = decodedData;
2766
2767    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2768    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
2769        sizeof_client_cert_der_2048), 0);
2770
2771    ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
2772        sizeof_client_key_der_2048), 0);
2773    ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL,
2774        test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb, (void*)&out), 0);
2775
2776    ExpectTrue((f = XFOPEN(testStream, "rb")) != XBADFILE);
2777    if (EXPECT_SUCCESS()) {
2778        do {
2779            testStreamBufferSz = XFREAD(testStreamBuffer, 1,
2780                sizeof(testStreamBuffer), f);
2781            if (testStreamBufferSz == 0) {
2782                break;
2783            }
2784
2785            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testStreamBuffer,
2786                (word32)testStreamBufferSz, NULL, 0);
2787            if (testStreamBufferSz < sizeof(testStreamBuffer)) {
2788                break;
2789            }
2790        } while (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
2791    #ifdef NO_DES3
2792        ExpectIntEQ(ret, ALGO_ID_E);
2793    #else
2794        /* expecting the size of ca-cert.pem */
2795        ExpectIntEQ(ret, 5512);
2796    #endif
2797    }
2798
2799    if (f != XBADFILE) {
2800        XFCLOSE(f);
2801        f = XBADFILE;
2802    }
2803
2804    wc_PKCS7_Free(pkcs7);
2805#endif
2806    return EXPECT_RESULT();
2807} /* END test_wc_PKCS7_DecodeEnvelopedData_stream() */
2808
2809
2810/*
2811 * Regression test: a PKCS#7 EnvelopedData with a forged RecipientInfo SET
2812 * length (parsed via GetSet_ex with NO_USER_CHECK) must not drive an
2813 * uncapped heap allocation through wc_PKCS7_GrowStream(). The decoder
2814 * must reject the oversized allocation rather than attempting it.
2815 */
2816int test_wc_PKCS7_DecodeEnvelopedData_forgedRecipientSetLen(void)
2817{
2818    EXPECT_DECLS;
2819#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_PKCS7_STREAM)
2820    /* Crafted ContentInfo/EnvelopedData header. All lengths use the
2821     * 4-byte long form for clarity. The RecipientInfo SET length is
2822     * forged to 0x01000001 (16 MB + 1), which exceeds the default
2823     * WOLFSSL_PKCS7_MAX_STREAM_ALLOC cap and should be rejected before
2824     * any allocation succeeds. The body after the SET header is never
2825     * consumed because the decoder fails at the GrowStream() cap. */
2826    static const byte forged[] = {
2827        /* ContentInfo SEQUENCE, body length 0x01000021 */
2828        0x30, 0x84, 0x01, 0x00, 0x00, 0x21,
2829        /* OID 1.2.840.113549.1.7.3 (id-envelopedData) */
2830        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
2831        0x01, 0x07, 0x03,
2832        /* [0] EXPLICIT content, body length 0x01000016 */
2833        0xA0, 0x84, 0x01, 0x00, 0x00, 0x16,
2834        /* EnvelopedData SEQUENCE, body length 0x01000010 */
2835        0x30, 0x84, 0x01, 0x00, 0x00, 0x10,
2836        /* version INTEGER 0 */
2837        0x02, 0x01, 0x00,
2838        /* Forged RecipientInfo SET header: length = 0x01000001 */
2839        0x31, 0x84, 0x01, 0x00, 0x00, 0x01,
2840        /* Padding so that header-parsing states can buffer their
2841         * required lookahead without returning WC_PKCS7_WANT_READ_E.
2842         * These bytes are never interpreted. */
2843        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2844        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2845        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2846        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2847        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2848        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2849        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2850        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
2851    };
2852    PKCS7* pkcs7 = NULL;
2853    byte   out[32];
2854    int    ret;
2855
2856    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2857    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
2858        sizeof_client_cert_der_2048), 0);
2859    ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
2860        sizeof_client_key_der_2048), 0);
2861
2862    ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, (byte*)forged,
2863        (word32)sizeof(forged), out, (word32)sizeof(out));
2864    /* Must NOT return WC_PKCS7_WANT_READ_E (which would imply the
2865     * oversized allocation succeeded and the decoder is waiting for
2866     * the around 16 MB of SET body). Must NOT return 0 / positive length.
2867     * Expected: BUFFER_E from the GrowStream cap. */
2868    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BUFFER_E));
2869
2870    wc_PKCS7_Free(pkcs7);
2871#endif
2872    return EXPECT_RESULT();
2873} /* END test_wc_PKCS7_DecodeEnvelopedData_forgedRecipientSetLen() */
2874
2875
2876/*
2877 * Testing wc_PKCS7_DecodeEnvelopedData with streaming
2878 */
2879int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void)
2880{
2881    EXPECT_DECLS;
2882#if defined(HAVE_PKCS7) && !defined(NO_RSA)
2883    PKCS7*      pkcs7 = NULL;
2884    int ret = 0;
2885    XFILE f = XBADFILE;
2886    const char* testFile = "./certs/test-multiple-recipients.p7b";
2887    byte testDerBuffer[8192]; /* test-multiple-recipients is currently 6433
2888                                 bytes */
2889    size_t testDerBufferSz = 0;
2890    byte decodedData[8192];
2891    byte serverDecodedData[8192];
2892    int  serverRet = 0;
2893
2894    ExpectTrue((f = XFOPEN(testFile, "rb")) != XBADFILE);
2895    if (f != XBADFILE) {
2896        testDerBufferSz = XFREAD(testDerBuffer, 1,
2897                    sizeof(testDerBuffer), f);
2898        ExpectIntGT(testDerBufferSz, 0);
2899        XFCLOSE(f);
2900        f = XBADFILE;
2901    }
2902
2903    /* test with server cert recipient */
2904    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2905    if (pkcs7) {
2906        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)server_cert_der_2048,
2907            sizeof_server_cert_der_2048), 0);
2908
2909        ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)server_key_der_2048,
2910            sizeof_server_key_der_2048), 0);
2911
2912        serverRet = wc_PKCS7_DecodeEnvelopedData(pkcs7, testDerBuffer,
2913            (word32)testDerBufferSz, serverDecodedData,
2914            sizeof(serverDecodedData));
2915    #if defined(NO_AES) || defined(NO_AES_256)
2916        ExpectIntEQ(serverRet, ALGO_ID_E);
2917    #else
2918        ExpectIntGT(serverRet, 0);
2919    #endif
2920        wc_PKCS7_Free(pkcs7);
2921        pkcs7 = NULL;
2922    }
2923
2924    /* test with client cert recipient */
2925    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2926    if (pkcs7) {
2927        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
2928            sizeof_client_cert_der_2048), 0);
2929
2930        ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
2931            sizeof_client_key_der_2048), 0);
2932
2933        ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testDerBuffer,
2934            (word32)testDerBufferSz, decodedData, sizeof(decodedData));
2935    #if defined(NO_AES) || defined(NO_AES_256)
2936        ExpectIntEQ(ret, ALGO_ID_E);
2937    #else
2938        ExpectIntGT(ret, 0);
2939    #endif
2940        wc_PKCS7_Free(pkcs7);
2941        pkcs7 = NULL;
2942    }
2943
2944    /* Test with ca cert recipient. The ca cert is not a listed recipient,
2945     * so RSA unwrap fails. The Bleichenbacher mitigation substitutes a
2946     * pseudo-random fake CEK on unwrap failure, so the call normally
2947     * returns a negative error when content decryption rejects the
2948     * resulting garbage padding - but around 1/256 of the time the random
2949     * CEK yields plaintext with accidentally-valid PKCS#7 padding and the
2950     * call returns a non-negative "decrypted" size. That case must not
2951     * produce the real plaintext. */
2952    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
2953    if (pkcs7) {
2954        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)ca_cert_der_2048,
2955            sizeof_ca_cert_der_2048), 0);
2956
2957        ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)ca_key_der_2048,
2958            sizeof_ca_key_der_2048), 0);
2959
2960        XMEMSET(decodedData, 0, sizeof(decodedData));
2961        ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testDerBuffer,
2962            (word32)testDerBufferSz, decodedData, sizeof(decodedData));
2963    #if defined(NO_AES) || defined(NO_AES_256)
2964        ExpectIntEQ(ret, ALGO_ID_E);
2965    #else
2966        ExpectTrue(ret < 0 || ret != serverRet ||
2967                   XMEMCMP(decodedData, serverDecodedData, (size_t)ret) != 0);
2968    #endif
2969        wc_PKCS7_Free(pkcs7);
2970        pkcs7 = NULL;
2971    }
2972
2973#endif
2974    return EXPECT_RESULT();
2975} /* END test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients() */
2976
2977/*
2978 * Testing wc_PKCS7_EncodeEnvelopedData(), wc_PKCS7_DecodeEnvelopedData()
2979 */
2980int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
2981{
2982    EXPECT_DECLS;
2983#if defined(HAVE_PKCS7)
2984    PKCS7*      pkcs7 = NULL;
2985#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM)
2986    int encodedSz = 0;
2987#endif
2988#ifdef ECC_TIMING_RESISTANT
2989    WC_RNG      rng;
2990#endif
2991#ifdef HAVE_AES_KEYWRAP
2992    word32      tempWrd32   = 0;
2993    byte*       tmpBytePtr = NULL;
2994#endif
2995    const char  input[] = "Test data to encode.";
2996    int         i;
2997    int         testSz = 0;
2998    #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
2999        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
3000        byte*   rsaCert     = NULL;
3001        byte*   rsaPrivKey  = NULL;
3002        word32  rsaCertSz;
3003        word32  rsaPrivKeySz;
3004        #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
3005                                           !defined(USE_CERT_BUFFERS_2048) )
3006            static const char* rsaClientCert = "./certs/client-cert.der";
3007            static const char* rsaClientKey = "./certs/client-key.der";
3008            rsaCertSz = (word32)sizeof(rsaClientCert);
3009            rsaPrivKeySz = (word32)sizeof(rsaClientKey);
3010        #endif
3011    #endif
3012    #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
3013            !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
3014        byte*   eccCert     = NULL;
3015        byte*   eccPrivKey  = NULL;
3016        word32  eccCertSz;
3017        word32  eccPrivKeySz;
3018        #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
3019            static const char* eccClientCert = "./certs/client-ecc-cert.der";
3020            static const char* eccClientKey = "./certs/ecc-client-key.der";
3021        #endif
3022    #endif
3023    /* Generic buffer size. */
3024    byte    output[ONEK_BUF];
3025    byte    decoded[sizeof(input)/sizeof(char)];
3026    int     decodedSz = 0;
3027#ifndef NO_FILESYSTEM
3028    XFILE certFile = XBADFILE;
3029    XFILE keyFile = XBADFILE;
3030#endif
3031
3032#ifdef ECC_TIMING_RESISTANT
3033    XMEMSET(&rng, 0, sizeof(WC_RNG));
3034#endif
3035
3036#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
3037    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
3038    /* RSA certs and keys. */
3039    #if defined(USE_CERT_BUFFERS_1024)
3040        rsaCertSz = (word32)sizeof_client_cert_der_1024;
3041        /* Allocate buffer space. */
3042        ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
3043            DYNAMIC_TYPE_TMP_BUFFER));
3044        /* Init buffer. */
3045        if (rsaCert != NULL) {
3046            XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
3047        }
3048        rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
3049        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
3050            DYNAMIC_TYPE_TMP_BUFFER));
3051        if (rsaPrivKey != NULL) {
3052            XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
3053        }
3054    #elif defined(USE_CERT_BUFFERS_2048)
3055        rsaCertSz = (word32)sizeof_client_cert_der_2048;
3056        /* Allocate buffer */
3057        ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
3058            DYNAMIC_TYPE_TMP_BUFFER));
3059        /* Init buffer. */
3060        if (rsaCert != NULL) {
3061            XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
3062        }
3063        rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
3064        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
3065            DYNAMIC_TYPE_TMP_BUFFER));
3066        if (rsaPrivKey != NULL) {
3067            XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
3068        }
3069    #else
3070        /* File system. */
3071        ExpectTrue((certFile = XFOPEN(rsaClientCert, "rb")) != XBADFILE);
3072        rsaCertSz = (word32)FOURK_BUF;
3073        ExpectNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3074            DYNAMIC_TYPE_TMP_BUFFER));
3075        ExpectTrue((rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz,
3076            certFile)) > 0);
3077        if (certFile != XBADFILE)
3078            XFCLOSE(certFile);
3079        ExpectTrue((keyFile = XFOPEN(rsaClientKey, "rb")) != XBADFILE);
3080        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3081            DYNAMIC_TYPE_TMP_BUFFER));
3082        rsaPrivKeySz = (word32)FOURK_BUF;
3083        ExpectTrue((rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz,
3084            keyFile)) > 0);
3085        if (keyFile != XBADFILE)
3086            XFCLOSE(keyFile);
3087    #endif /* USE_CERT_BUFFERS */
3088#endif /* NO_RSA */
3089
3090/* ECC */
3091#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
3092        !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
3093
3094    #ifdef USE_CERT_BUFFERS_256
3095        ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
3096            DYNAMIC_TYPE_TMP_BUFFER));
3097        /* Init buffer. */
3098        eccCertSz = (word32)sizeof_cliecc_cert_der_256;
3099        if (eccCert != NULL) {
3100            XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
3101        }
3102        ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
3103            DYNAMIC_TYPE_TMP_BUFFER));
3104        eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
3105        if (eccPrivKey != NULL) {
3106            XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
3107        }
3108    #else /* File system. */
3109        ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE);
3110        eccCertSz = (word32)FOURK_BUF;
3111        ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3112            DYNAMIC_TYPE_TMP_BUFFER));
3113        ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz,
3114            certFile)) > 0);
3115        if (certFile != XBADFILE) {
3116            XFCLOSE(certFile);
3117        }
3118        ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE);
3119        eccPrivKeySz = (word32)FOURK_BUF;
3120        ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3121            DYNAMIC_TYPE_TMP_BUFFER));
3122        ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz,
3123            keyFile)) > 0);
3124        if (keyFile != XBADFILE) {
3125            XFCLOSE(keyFile);
3126        }
3127    #endif /* USE_CERT_BUFFERS_256 */
3128#endif /* END HAVE_ECC */
3129
3130#ifndef NO_FILESYSTEM
3131    /* Silence. */
3132    (void)keyFile;
3133    (void)certFile;
3134#endif
3135
3136    {
3137    const pkcs7EnvelopedVector testVectors[] = {
3138    /* DATA is a global variable defined in the makefile. */
3139#if !defined(NO_RSA)
3140    #ifndef NO_DES3
3141        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
3142            rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
3143    #endif /* NO_DES3 */
3144    #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
3145        #ifdef WOLFSSL_AES_128
3146        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
3147            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
3148        #endif
3149        #ifdef WOLFSSL_AES_192
3150        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
3151            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
3152        #endif
3153        #ifdef WOLFSSL_AES_256
3154        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
3155            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
3156        #endif
3157    #endif /* NO_AES && HAVE_AES_CBC */
3158
3159#endif /* NO_RSA */
3160#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
3161    #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
3162        #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
3163            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
3164                AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme,
3165                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
3166        #endif
3167        #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_AES_128)
3168            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
3169                AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha224kdf_scheme,
3170                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
3171        #endif
3172        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
3173            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
3174                AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme,
3175                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
3176        #endif
3177        #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
3178            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
3179                AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme,
3180                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
3181        #endif
3182    #endif /* NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
3183#endif /* END HAVE_ECC */
3184    }; /* END pkcs7EnvelopedVector */
3185
3186#ifdef ECC_TIMING_RESISTANT
3187    ExpectIntEQ(wc_InitRng(&rng), 0);
3188#endif
3189
3190    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3191    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
3192
3193    testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
3194    for (i = 0; i < testSz; i++) {
3195    #if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM)
3196        encodeSignedDataStream strm;
3197
3198        /* test setting stream mode, the first one using IO callbacks */
3199        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
3200                                    (word32)(testVectors + i)->certSz), 0);
3201        if (pkcs7 != NULL) {
3202        #ifdef ECC_TIMING_RESISTANT
3203            pkcs7->rng = &rng;
3204        #endif
3205
3206            if (i != 0)
3207                pkcs7->content       = (byte*)(testVectors + i)->content;
3208            pkcs7->contentSz     = (testVectors + i)->contentSz;
3209            pkcs7->contentOID    = (testVectors + i)->contentOID;
3210            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
3211            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
3212            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
3213            pkcs7->privateKey    = (testVectors + i)->privateKey;
3214            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
3215        }
3216
3217        if (i == 0) {
3218            XMEMSET(&strm, 0, sizeof(strm));
3219            strm.chunkSz = FOURK_BUF;
3220            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
3221                StreamOutputCB, (void*)&strm), 0);
3222            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
3223        }
3224        else {
3225            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
3226            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
3227                (word32)sizeof(output));
3228        }
3229
3230        switch ((testVectors + i)->encryptOID) {
3231        #ifndef NO_DES3
3232            case DES3b:
3233            case DESb:
3234                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3235                break;
3236        #endif
3237        #ifdef HAVE_AESCCM
3238        #ifdef WOLFSSL_AES_128
3239            case AES128CCMb:
3240                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3241                break;
3242        #endif
3243        #ifdef WOLFSSL_AES_192
3244            case AES192CCMb:
3245                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3246                break;
3247        #endif
3248        #ifdef WOLFSSL_AES_256
3249            case AES256CCMb:
3250                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3251                break;
3252        #endif
3253        #endif
3254            default:
3255                ExpectIntGE(encodedSz, 0);
3256        }
3257
3258        if (encodedSz > 0) {
3259            if (i == 0) {
3260                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
3261                    strm.out, (word32)encodedSz, decoded,
3262                    (word32)sizeof(decoded));
3263            }
3264            else {
3265                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3266                    (word32)encodedSz, decoded, (word32)sizeof(decoded));
3267            }
3268            ExpectIntGE(decodedSz, 0);
3269            /* Verify the size of each buffer. */
3270            ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
3271        }
3272        wc_PKCS7_Free(pkcs7);
3273        pkcs7 = NULL;
3274        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3275    #endif
3276
3277        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
3278                                    (word32)(testVectors + i)->certSz), 0);
3279        if (pkcs7 != NULL) {
3280#ifdef ECC_TIMING_RESISTANT
3281            pkcs7->rng = &rng;
3282#endif
3283
3284            pkcs7->content       = (byte*)(testVectors + i)->content;
3285            pkcs7->contentSz     = (testVectors + i)->contentSz;
3286            pkcs7->contentOID    = (testVectors + i)->contentOID;
3287            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
3288            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
3289            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
3290            pkcs7->privateKey    = (testVectors + i)->privateKey;
3291            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
3292        }
3293
3294    #ifdef ASN_BER_TO_DER
3295        /* test without setting stream mode */
3296        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
3297    #endif
3298
3299        ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
3300            (word32)sizeof(output)), 0);
3301
3302        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3303            (word32)sizeof(output), decoded, (word32)sizeof(decoded));
3304        ExpectIntGE(decodedSz, 0);
3305        /* Verify the size of each buffer. */
3306        ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
3307
3308        /* Don't free the last time through the loop. */
3309        if (i < testSz - 1) {
3310            wc_PKCS7_Free(pkcs7);
3311            pkcs7 = NULL;
3312            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3313        }
3314    }  /* END test loop. */
3315    }
3316
3317    /* Test bad args. */
3318    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
3319                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3320    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
3321                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3322    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3323
3324    /* Decode.  */
3325    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
3326        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3327        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3328    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3329        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3330    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3331        (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3332    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
3333        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3334        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3335    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
3336        (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3337    /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
3338#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
3339    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
3340    /* only a failure for KARI test cases */
3341    if (pkcs7 != NULL) {
3342        tempWrd32 = pkcs7->singleCertSz;
3343        pkcs7->singleCertSz = 0;
3344    }
3345    #if defined(WOLFSSL_ASN_TEMPLATE)
3346    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3347        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3348        WC_NO_ERR_TRACE(BUFFER_E));
3349    #else
3350    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3351        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3352        WC_NO_ERR_TRACE(ASN_PARSE_E));
3353    #endif
3354    if (pkcs7 != NULL) {
3355        pkcs7->singleCertSz = tempWrd32;
3356
3357        tmpBytePtr = pkcs7->singleCert;
3358        pkcs7->singleCert = NULL;
3359    }
3360  #ifndef NO_RSA
3361    /* With corrupted singleCert, decode should fail with a parse error.
3362     * State is properly reset on error so re-decode starts from scratch. */
3363    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3364        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3365        WC_NO_ERR_TRACE(ASN_PARSE_E));
3366  #endif /* !NO_RSA */
3367    if (pkcs7 != NULL) {
3368        pkcs7->singleCert = tmpBytePtr;
3369    }
3370#endif
3371#ifdef HAVE_AES_KEYWRAP
3372    if (pkcs7 != NULL) {
3373        tempWrd32 = pkcs7->privateKeySz;
3374        pkcs7->privateKeySz = 0;
3375    }
3376    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3377        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3378        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3379    if (pkcs7 != NULL) {
3380        pkcs7->privateKeySz = tempWrd32;
3381
3382        tmpBytePtr = pkcs7->privateKey;
3383        pkcs7->privateKey = NULL;
3384    }
3385    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3386        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
3387        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3388    if (pkcs7 != NULL) {
3389        pkcs7->privateKey = tmpBytePtr;
3390    }
3391#endif
3392
3393    wc_PKCS7_Free(pkcs7);
3394    pkcs7 = NULL;
3395
3396#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
3397    defined(HAVE_AES_KEYWRAP)
3398    /* test of decrypt callback with KEKRI enveloped data */
3399    {
3400        int envelopedSz = 0;
3401        const byte keyId[] = { 0x00 };
3402
3403        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3404        if (pkcs7 != NULL) {
3405            pkcs7->content      = (byte*)input;
3406            pkcs7->contentSz    = (word32)(sizeof(input)/sizeof(char));
3407            pkcs7->contentOID   = DATA;
3408            pkcs7->encryptOID   = AES256CBCb;
3409        }
3410        ExpectIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
3411                    (byte*)defKey, sizeof(defKey), (byte*)keyId,
3412                    sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
3413        ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
3414        ExpectIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
3415                        (word32)sizeof(output))), 0);
3416        wc_PKCS7_Free(pkcs7);
3417        pkcs7 = NULL;
3418
3419        /* decode envelopedData */
3420        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3421        ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
3422        ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
3423        ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3424                        (word32)envelopedSz, decoded, sizeof(decoded))), 0);
3425        wc_PKCS7_Free(pkcs7);
3426        pkcs7 = NULL;
3427    }
3428#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */
3429
3430#ifndef NO_RSA
3431    XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3432    XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3433#endif /* NO_RSA */
3434#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
3435    XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3436    XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3437#endif /* HAVE_ECC */
3438
3439#ifdef ECC_TIMING_RESISTANT
3440    DoExpectIntEQ(wc_FreeRng(&rng), 0);
3441#endif
3442
3443#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
3444    !defined(NO_RSA) && !defined(NO_SHA)
3445    {
3446        byte   out[7];
3447        byte   *cms = NULL;
3448        word32 cmsSz;
3449        XFILE  cmsFile = XBADFILE;
3450
3451        XMEMSET(out, 0, sizeof(out));
3452        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3453        ExpectTrue((cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb"))
3454            != XBADFILE);
3455        cmsSz = (word32)FOURK_BUF;
3456        ExpectNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3457            DYNAMIC_TYPE_TMP_BUFFER));
3458        ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile)) > 0);
3459        if (cmsFile != XBADFILE)
3460            XFCLOSE(cmsFile);
3461
3462        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
3463            sizeof_client_cert_der_2048), 0);
3464        if (pkcs7 != NULL) {
3465            pkcs7->privateKey   = (byte*)client_key_der_2048;
3466            pkcs7->privateKeySz = sizeof_client_key_der_2048;
3467        }
3468        ExpectIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
3469            2), 0);
3470        ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
3471            sizeof(out)), 0);
3472        XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3473        ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
3474        wc_PKCS7_Free(pkcs7);
3475        pkcs7 = NULL;
3476    }
3477#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
3478#endif /* HAVE_PKCS7 */
3479    return EXPECT_RESULT();
3480} /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
3481
3482
3483#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
3484    !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
3485static int wasAESKeyWrapCbCalled = 0;
3486static int wasAESKeyUnwrapCbCalled = 0;
3487
3488static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz,
3489        const byte* in, word32 inSz, int wrap, byte* out, word32 outSz)
3490{
3491    (void)key;
3492    (void)keySz;
3493    (void)wrap;
3494    if (wrap)
3495        wasAESKeyWrapCbCalled = 1;
3496    else
3497        wasAESKeyUnwrapCbCalled = 1;
3498    XMEMSET(out, 0xEE, outSz);
3499    if (inSz <= outSz) {
3500        XMEMCPY(out, in, inSz);
3501    }
3502    return inSz;
3503}
3504#endif
3505
3506
3507/*
3508 * Test custom AES key wrap/unwrap callback
3509 */
3510int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void)
3511{
3512    EXPECT_DECLS;
3513#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
3514    !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
3515    static const char input[] = "Test input for AES key wrapping";
3516    PKCS7 * pkcs7 = NULL;
3517    byte * eccCert = NULL;
3518    byte * eccPrivKey = NULL;
3519    word32 eccCertSz = 0;
3520    word32 eccPrivKeySz = 0;
3521    byte output[ONEK_BUF];
3522    byte decoded[sizeof(input)/sizeof(char)];
3523    int decodedSz = 0;
3524#ifdef ECC_TIMING_RESISTANT
3525    WC_RNG rng;
3526#endif
3527
3528#ifdef ECC_TIMING_RESISTANT
3529    XMEMSET(&rng, 0, sizeof(WC_RNG));
3530    ExpectIntEQ(wc_InitRng(&rng), 0);
3531#endif
3532
3533/* Load test certs */
3534#ifdef USE_CERT_BUFFERS_256
3535    ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
3536        DYNAMIC_TYPE_TMP_BUFFER));
3537    /* Init buffer. */
3538    eccCertSz = (word32)sizeof_cliecc_cert_der_256;
3539    if (eccCert != NULL) {
3540        XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
3541    }
3542    ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
3543        DYNAMIC_TYPE_TMP_BUFFER));
3544    eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
3545    if (eccPrivKey != NULL) {
3546        XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
3547    }
3548#else /* File system. */
3549    ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE);
3550    eccCertSz = (word32)FOURK_BUF;
3551    ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3552        DYNAMIC_TYPE_TMP_BUFFER));
3553    ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz,
3554        certFile)) > 0);
3555    if (certFile != XBADFILE) {
3556        XFCLOSE(certFile);
3557    }
3558    ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE);
3559    eccPrivKeySz = (word32)FOURK_BUF;
3560    ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
3561        DYNAMIC_TYPE_TMP_BUFFER));
3562    ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz,
3563        keyFile)) > 0);
3564    if (keyFile != XBADFILE) {
3565        XFCLOSE(keyFile);
3566    }
3567#endif /* USE_CERT_BUFFERS_256 */
3568
3569    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3570    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, eccCertSz), 0);
3571    if (pkcs7 != NULL) {
3572        pkcs7->content = (byte*)input;
3573        pkcs7->contentSz = sizeof(input);
3574        pkcs7->contentOID = DATA;
3575        pkcs7->encryptOID = AES256CBCb;
3576        pkcs7->keyWrapOID = AES256_WRAP;
3577        pkcs7->keyAgreeOID = dhSinglePass_stdDH_sha256kdf_scheme;
3578        pkcs7->privateKey = eccPrivKey;
3579        pkcs7->privateKeySz = eccPrivKeySz;
3580        pkcs7->singleCert = eccCert;
3581        pkcs7->singleCertSz = (word32)eccCertSz;
3582#ifdef ECC_TIMING_RESISTANT
3583        pkcs7->rng = &rng;
3584#endif
3585    }
3586
3587    /* Test custom AES key wrap/unwrap callback */
3588    ExpectIntEQ(wc_PKCS7_SetAESKeyWrapUnwrapCb(pkcs7, testAESKeyWrapUnwrapCb), 0);
3589
3590    ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
3591        (word32)sizeof(output)), 0);
3592
3593    decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
3594        (word32)sizeof(output), decoded, (word32)sizeof(decoded));
3595    ExpectIntGE(decodedSz, 0);
3596    /* Verify the size of each buffer. */
3597    ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
3598
3599    ExpectIntEQ(wasAESKeyWrapCbCalled, 1);
3600    ExpectIntEQ(wasAESKeyUnwrapCbCalled, 1);
3601
3602    wc_PKCS7_Free(pkcs7);
3603    pkcs7 = NULL;
3604    XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3605    XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
3606#ifdef ECC_TIMING_RESISTANT
3607    DoExpectIntEQ(wc_FreeRng(&rng), 0);
3608#endif
3609#endif
3610    return EXPECT_RESULT();
3611}
3612
3613/*
3614 * Testing wc_PKCS7_GetEnvelopedDataKariRid().
3615 */
3616int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
3617{
3618    EXPECT_DECLS;
3619#if defined(HAVE_PKCS7)
3620#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
3621        !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
3622    /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure.
3623     * Reserve a bit more than that in case it might grow. */
3624    byte rid[256];
3625    byte cms[1024];
3626    XFILE cmsFile = XBADFILE;
3627    int ret = -1;
3628    word32 ridSz = sizeof(rid);
3629    XFILE skiHexFile = XBADFILE;
3630    byte skiHex[256];
3631    word32 cmsSz = 0;
3632    word32 skiHexSz = 0;
3633    size_t i = 0;
3634    const word32 ridKeyIdentifierOffset = 4;
3635
3636    ExpectTrue((cmsFile = XFOPEN("./certs/test/kari-keyid-cms.msg", "rb"))
3637            != XBADFILE);
3638    ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, sizeof(cms), cmsFile)) > 0);
3639    if (cmsFile != XBADFILE)
3640        XFCLOSE(cmsFile);
3641
3642    ExpectTrue((skiHexFile = XFOPEN("./certs/test/client-ecc-cert-ski.hex",
3643                    "rb")) != XBADFILE);
3644    ExpectTrue((skiHexSz = (word32)XFREAD(skiHex, 1, sizeof(skiHex),
3645                    skiHexFile)) > 0);
3646    if (skiHexFile != XBADFILE)
3647        XFCLOSE(skiHexFile);
3648
3649    if (EXPECT_SUCCESS()) {
3650        ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz);
3651    }
3652    ExpectIntEQ(ret, 0);
3653    ExpectIntLT(ridSz, sizeof(rid));
3654    ExpectIntGT(ridSz, ridKeyIdentifierOffset);
3655    /* The Subject Key Identifier hex file should have 2 hex characters for each
3656     * byte of the key identifier in the returned recipient ID (rid), plus a
3657     * terminating new line character. */
3658    ExpectIntGE(skiHexSz, ((ridSz - ridKeyIdentifierOffset) * 2) + 1);
3659    if (EXPECT_SUCCESS()) {
3660        for (i = 0; i < (ridSz - ridKeyIdentifierOffset); i++)
3661        {
3662            size_t j;
3663            byte ridKeyIdByte = rid[ridKeyIdentifierOffset + i];
3664            byte skiByte = 0;
3665            for (j = 0; j <= 1; j++)
3666            {
3667                byte hexChar = skiHex[i * 2 + j];
3668                skiByte = skiByte << 4;
3669                if ('0' <= hexChar && hexChar <= '9')
3670                    skiByte |= (hexChar - '0');
3671                else if ('A' <= hexChar && hexChar <= 'F')
3672                    skiByte |= (hexChar - 'A' + 10);
3673                else
3674                    ExpectTrue(0);
3675            }
3676            ExpectIntEQ(ridKeyIdByte, skiByte);
3677        }
3678    }
3679#endif
3680#endif /* HAVE_PKCS7 */
3681    return EXPECT_RESULT();
3682} /* END test_wc_PKCS7_GetEnvelopedDataKariRid() */
3683
3684
3685/*
3686 * Testing wc_PKCS7_EncodeEncryptedData()
3687 */
3688int test_wc_PKCS7_EncodeEncryptedData(void)
3689{
3690    EXPECT_DECLS;
3691#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
3692    PKCS7*      pkcs7 = NULL;
3693    byte*       tmpBytePtr = NULL;
3694    byte        encrypted[TWOK_BUF];
3695    byte        decoded[TWOK_BUF];
3696    word32      tmpWrd32 = 0;
3697    int         tmpInt = 0;
3698    int         decodedSz = 0;
3699    int         encryptedSz = 0;
3700    int         testSz = 0;
3701    int         i = 0;
3702    const byte data[] = { /* Hello World */
3703        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
3704        0x72,0x6c,0x64
3705    };
3706    #ifndef NO_DES3
3707        byte desKey[] = {
3708            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
3709        };
3710        byte des3Key[] = {
3711            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
3712            0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
3713            0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
3714        };
3715    #endif
3716    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
3717        #ifdef WOLFSSL_AES_128
3718        byte aes128Key[] = {
3719            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
3720            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
3721        };
3722        #endif
3723        #ifdef WOLFSSL_AES_192
3724        byte aes192Key[] = {
3725            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
3726            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
3727            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
3728        };
3729        #endif
3730        #ifdef WOLFSSL_AES_256
3731        byte aes256Key[] = {
3732            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
3733            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
3734            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
3735            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
3736        };
3737        #endif
3738    #endif /* !NO_AES && HAVE_AES_CBC */
3739    const pkcs7EncryptedVector testVectors[] =
3740    {
3741    #ifndef NO_DES3
3742        {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
3743
3744        {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
3745    #endif /* !NO_DES3 */
3746    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
3747        #ifdef WOLFSSL_AES_128
3748        {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
3749         sizeof(aes128Key)},
3750        #endif
3751
3752        #ifdef WOLFSSL_AES_192
3753        {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
3754         sizeof(aes192Key)},
3755        #endif
3756
3757        #ifdef WOLFSSL_AES_256
3758        {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
3759         sizeof(aes256Key)},
3760        #endif
3761
3762    #endif /* !NO_AES && HAVE_AES_CBC */
3763    };
3764
3765    testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
3766
3767    for (i = 0; i < testSz; i++) {
3768        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3769        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
3770        if (pkcs7 != NULL) {
3771            pkcs7->content              = (byte*)testVectors[i].content;
3772            pkcs7->contentSz            = testVectors[i].contentSz;
3773            pkcs7->contentOID           = testVectors[i].contentOID;
3774            pkcs7->encryptOID           = testVectors[i].encryptOID;
3775            pkcs7->encryptionKey        = testVectors[i].encryptionKey;
3776            pkcs7->encryptionKeySz      = testVectors[i].encryptionKeySz;
3777            pkcs7->heap                 = HEAP_HINT;
3778        }
3779
3780        /* encode encryptedData */
3781        ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3782            sizeof(encrypted)), 0);
3783
3784        /* Decode encryptedData */
3785        ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted,
3786            (word32)encryptedSz, decoded, sizeof(decoded)), 0);
3787
3788        ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
3789        /* Keep values for last itr. */
3790        if (i < testSz - 1) {
3791            wc_PKCS7_Free(pkcs7);
3792            pkcs7 = NULL;
3793        }
3794    }
3795    if (pkcs7 == NULL || testSz == 0) {
3796        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
3797        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
3798    }
3799
3800    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
3801        sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3802    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
3803        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3804    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3805        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3806    /* Testing the struct. */
3807    if (pkcs7 != NULL) {
3808        tmpBytePtr = pkcs7->content;
3809        pkcs7->content = NULL;
3810    }
3811    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3812        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3813    if (pkcs7 != NULL) {
3814        pkcs7->content = tmpBytePtr;
3815        tmpWrd32 = pkcs7->contentSz;
3816        pkcs7->contentSz = 0;
3817    }
3818    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3819        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3820    if (pkcs7 != NULL) {
3821        pkcs7->contentSz = tmpWrd32;
3822        tmpInt = pkcs7->encryptOID;
3823        pkcs7->encryptOID = 0;
3824    }
3825    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3826        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3827    if (pkcs7 != NULL) {
3828        pkcs7->encryptOID = tmpInt;
3829        tmpBytePtr = pkcs7->encryptionKey;
3830        pkcs7->encryptionKey = NULL;
3831    }
3832    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3833        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3834    if (pkcs7 != NULL) {
3835        pkcs7->encryptionKey = tmpBytePtr;
3836        tmpWrd32 = pkcs7->encryptionKeySz;
3837        pkcs7->encryptionKeySz = 0;
3838    }
3839    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
3840        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3841    if (pkcs7 != NULL) {
3842        pkcs7->encryptionKeySz = tmpWrd32;
3843    }
3844
3845    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz,
3846        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3847    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz,
3848        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3849    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
3850        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3851    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
3852        NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3853    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
3854        decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3855    /* Test struct fields */
3856
3857    if (pkcs7 != NULL) {
3858        tmpBytePtr = pkcs7->encryptionKey;
3859        pkcs7->encryptionKey = NULL;
3860    }
3861    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
3862        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3863    if (pkcs7 != NULL) {
3864        pkcs7->encryptionKey = tmpBytePtr;
3865        pkcs7->encryptionKeySz = 0;
3866    }
3867    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
3868        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
3869
3870    wc_PKCS7_Free(pkcs7);
3871#endif
3872    return EXPECT_RESULT();
3873} /* END test_wc_PKCS7_EncodeEncryptedData() */
3874
3875
3876#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA)
3877static void build_test_EncryptedKeyPackage(byte * out, word32 * out_size, byte * in_data, word32 in_size, size_t in_content_type, size_t test_vector)
3878{
3879    /* EncryptedKeyPackage ContentType TLV DER */
3880    static const byte ekp_oid_tlv[] = {0x06U, 10U,
3881        0X60U, 0X86U, 0X48U, 0X01U, 0X65U, 0X02U, 0X01U, 0X02U, 0X4EU, 0X02U};
3882    if (in_content_type == ENCRYPTED_DATA) {
3883        /* EncryptedData subtype */
3884        size_t ekp_content_der_size = 2U + in_size;
3885        size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size;
3886        /* EncryptedKeyPackage ContentType */
3887        out[0] = 0x30U;
3888        out[1] = ekp_content_info_size & 0x7FU;
3889        /* EncryptedKeyPackage ContentInfo */
3890        XMEMCPY(&out[2], ekp_oid_tlv, sizeof(ekp_oid_tlv));
3891        /* EncryptedKeyPackage content [0] */
3892        out[14] = 0xA0U;
3893        out[15] = in_size & 0x7FU;
3894        XMEMCPY(&out[16], in_data, in_size);
3895        *out_size = 16U + in_size;
3896        switch (test_vector)
3897        {
3898        case 1: out[0] = 0x20U; break;
3899        case 2: out[2] = 0x01U; break;
3900        case 3: out[7] = 0x42U; break;
3901        case 4: out[14] = 0xA2U; break;
3902        }
3903    }
3904    else if (in_content_type == ENVELOPED_DATA) {
3905        /* EnvelopedData subtype */
3906        size_t ekp_choice_der_size = 4U + in_size;
3907        size_t ekp_content_der_size = 4U + ekp_choice_der_size;
3908        size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size;
3909        /* EncryptedKeyPackage ContentType */
3910        out[0] = 0x30U;
3911        out[1] = 0x82U;
3912        out[2] = ekp_content_info_size >> 8U;
3913        out[3] = ekp_content_info_size & 0xFFU;
3914        /* EncryptedKeyPackage ContentInfo */
3915        XMEMCPY(&out[4], ekp_oid_tlv, sizeof(ekp_oid_tlv));
3916        /* EncryptedKeyPackage content [0] */
3917        out[16] = 0xA0U;
3918        out[17] = 0x82U;
3919        out[18] = ekp_choice_der_size >> 8U;
3920        out[19] = ekp_choice_der_size & 0xFFU;
3921        /* EncryptedKeyPackage CHOICE [0] EnvelopedData */
3922        out[20] = 0xA0U;
3923        out[21] = 0x82U;
3924        out[22] = in_size >> 8U;
3925        out[23] = in_size & 0xFFU;
3926        XMEMCPY(&out[24], in_data, in_size);
3927        *out_size = 24U + in_size;
3928        switch (test_vector)
3929        {
3930        case 1: out[0] = 0x20U; break;
3931        case 2: out[4] = 0x01U; break;
3932        case 3: out[9] = 0x42U; break;
3933        case 4: out[16] = 0xA2U; break;
3934        }
3935    }
3936}
3937#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
3938
3939/*
3940 * Test wc_PKCS7_DecodeEncryptedKeyPackage().
3941 */
3942int test_wc_PKCS7_DecodeEncryptedKeyPackage(void)
3943{
3944    EXPECT_DECLS;
3945#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA)
3946    static const struct {
3947        const char * msg_file_name;
3948        word32 msg_content_type;
3949    } test_messages[] = {
3950        {"./certs/test/ktri-keyid-cms.msg", ENVELOPED_DATA},
3951        {"./certs/test/encrypteddata.msg", ENCRYPTED_DATA},
3952    };
3953    static const int test_vectors[] = {
3954        0,
3955        WC_NO_ERR_TRACE(ASN_PARSE_E),
3956        WC_NO_ERR_TRACE(ASN_PARSE_E),
3957        WC_NO_ERR_TRACE(PKCS7_OID_E),
3958        WC_NO_ERR_TRACE(ASN_PARSE_E),
3959    };
3960    static const byte key[] = {
3961        0x01U, 0x23U, 0x45U, 0x67U, 0x89U, 0xABU, 0xCDU, 0xEFU,
3962        0x00U, 0x11U, 0x22U, 0x33U, 0x44U, 0x55U, 0x66U, 0x77U,
3963    };
3964    size_t test_msg = 0U;
3965    size_t test_vector = 0U;
3966
3967    for (test_msg = 0U; test_msg < (sizeof(test_messages)/sizeof(test_messages[0])); test_msg++)
3968    {
3969        for (test_vector = 0U; test_vector < (sizeof(test_vectors)/sizeof(test_vectors[0])); test_vector++)
3970        {
3971            byte * ekp_cms_der = NULL;
3972            word32 ekp_cms_der_size = 0U;
3973            byte * inner_cms_der = NULL;
3974            word32 inner_cms_der_size = (word32)FOURK_BUF;
3975            XFILE inner_cms_file = XBADFILE;
3976            PKCS7 * pkcs7 = NULL;
3977            byte out[15] = {0};
3978            int result = 0;
3979
3980            ExpectNotNull(ekp_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
3981            /* Check for possible previous test failure. */
3982            if (ekp_cms_der == NULL) {
3983                break;
3984            }
3985
3986            ExpectNotNull(inner_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
3987            ExpectTrue((inner_cms_file = XFOPEN(test_messages[test_msg].msg_file_name, "rb")) != XBADFILE);
3988            ExpectTrue((inner_cms_der_size = (word32)XFREAD(inner_cms_der, 1, inner_cms_der_size, inner_cms_file)) > 0);
3989            if (inner_cms_file != XBADFILE) {
3990                XFCLOSE(inner_cms_file);
3991            }
3992            if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
3993                /* Verify that the build_test_EncryptedKeyPackage can format as expected. */
3994                ExpectIntGT(inner_cms_der_size, 127);
3995            }
3996            if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
3997                /* Verify that the build_test_EncryptedKeyPackage can format as expected. */
3998                ExpectIntLT(inner_cms_der_size, 124);
3999            }
4000            build_test_EncryptedKeyPackage(ekp_cms_der, &ekp_cms_der_size, inner_cms_der, inner_cms_der_size, test_messages[test_msg].msg_content_type, test_vector);
4001            XFREE(inner_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
4002
4003            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4004            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte *)client_cert_der_2048, sizeof_client_cert_der_2048), 0);
4005            if (pkcs7 != NULL) {
4006                if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
4007                    /* To test EnvelopedData, set private key. */
4008                    pkcs7->privateKey = (byte *)client_key_der_2048;
4009                    pkcs7->privateKeySz = sizeof_client_key_der_2048;
4010                }
4011                if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
4012                    /* To test EncryptedData, set symmetric encryption key. */
4013                    pkcs7->encryptionKey = (byte *)key;
4014                    pkcs7->encryptionKeySz = sizeof(key);
4015                }
4016            }
4017            ExpectIntEQ(wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, NULL, ekp_cms_der_size, out, sizeof(out)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4018            result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out));
4019            if (result == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
4020                result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out));
4021            }
4022            if (test_vectors[test_vector] == 0U) {
4023                if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
4024                    ExpectIntGT(result, 0);
4025                    ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
4026                }
4027                if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
4028#ifndef NO_PKCS7_ENCRYPTED_DATA
4029                    ExpectIntGT(result, 0);
4030                    ExpectIntEQ(XMEMCMP(out, "testencrypt", 11), 0);
4031#else
4032                    ExpectIntEQ(result, WC_NO_ERR_TRACE(ASN_PARSE_E));
4033#endif
4034                }
4035            }
4036            else {
4037                ExpectIntEQ(result, test_vectors[test_vector]);
4038            }
4039            XFREE(ekp_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
4040            wc_PKCS7_Free(pkcs7);
4041        }
4042    }
4043#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
4044    return EXPECT_RESULT();
4045} /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */
4046
4047
4048/*
4049 * Test wc_PKCS7_DecodeSymmetricKeyPackage().
4050 */
4051int test_wc_PKCS7_DecodeSymmetricKeyPackage(void)
4052{
4053    EXPECT_DECLS;
4054#if defined(HAVE_PKCS7)
4055    const byte * item;
4056    word32 itemSz;
4057    int ret;
4058
4059    {
4060        const byte one_key[] = {
4061            0x30, 0x08,             /* SymmetricKeyPackage SEQUENCE header  */
4062              0x02, 0x01, 0x01,     /* version v1 */
4063              0x30, 0x03,           /* sKeys SEQUENCE OF */
4064                0x02, 0x01, 0x01,   /* INTEGER standin for OneSymmetricKey */
4065        };
4066        /* NULL input data pointer */
4067        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4068                NULL, sizeof(one_key), 0, &item, &itemSz);
4069        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4070
4071        /* NULL output item pointer */
4072        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4073                one_key, sizeof(one_key), 0, NULL, &itemSz);
4074        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4075
4076        /* NULL output size pointer */
4077        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4078                one_key, sizeof(one_key), 0, &item, NULL);
4079        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4080
4081        /* Valid key index 0 extraction */
4082        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4083                one_key, sizeof(one_key), 0, &item, &itemSz);
4084        ExpectIntEQ(ret, 0);
4085        ExpectPtrEq(item, &one_key[7]);
4086        ExpectIntEQ(itemSz, 3);
4087
4088        /* Key index 1 out of range */
4089        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4090                one_key, sizeof(one_key), 1, &item, &itemSz);
4091        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4092
4093        /* Attribute index 0 out of range */
4094        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
4095                one_key, sizeof(one_key), 0, &item, &itemSz);
4096        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4097
4098        /* Attribute index 1 out of range */
4099        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
4100                one_key, sizeof(one_key), 1, &item, &itemSz);
4101        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4102    }
4103
4104    /* Invalid SKP SEQUENCE header. */
4105    {
4106        const byte bad_seq_header[] = {
4107            0x02, 0x01, 0x42, /* Invalid SymmetricKeyPackage SEQUENCE header */
4108        };
4109        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4110                bad_seq_header, sizeof(bad_seq_header), 0, &item, &itemSz);
4111        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
4112    }
4113
4114    /* Missing version object */
4115    {
4116        const byte missing_version[] = {
4117            0x30, 0x05, /* SymmetricKeyPackage SEQUENCE header */
4118              0x30, 0x03, /* sKeys SEQUENCE OF */
4119                0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
4120        };
4121        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4122                missing_version, sizeof(missing_version), 0, &item, &itemSz);
4123        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
4124    }
4125
4126    /* Invalid version number */
4127    {
4128        const byte bad_version[] = {
4129            0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */
4130              0x02, 0x01, 0x00, /* version 0 (invalid) */
4131              0x30, 0x03, /* sKeys SEQUENCE OF */
4132                0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
4133        };
4134        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4135                bad_version, sizeof(bad_version), 0, &item, &itemSz);
4136        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
4137    }
4138
4139    {
4140        const byte key3_attr2[] = {
4141            0x30, 0x18, /* SymmetricKeyPackage SEQUENCE header */
4142              0x02, 0x01, 0x01, /* version v1 */
4143              0xA0, 0x08, /* sKeyPkgAttrs EXPLICIT [0] header */
4144                0x30, 0x06, /* sKeyPkgAttrs SEQUENCE OF header */
4145                  0x02, 0x01, 0x40, /* INTEGER standin for Attribute 0 */
4146                  0x02, 0x01, 0x41, /* INTEGER standin for Attribute 1 */
4147              0x30, 0x09, /* sKeys SEQUENCE OF header */
4148                0x02, 0x01, 0x0A, /* INTEGER standin for OneSymmetricKey 0 */
4149                0x02, 0x01, 0x0B, /* INTEGER standin for OneSymmetricKey 1 */
4150                0x02, 0x01, 0x0C, /* INTEGER standin for OneSymmetricKey 2 */
4151        };
4152
4153        /* Valid attribute index 0 extraction */
4154        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
4155                key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz);
4156        ExpectIntEQ(ret, 0);
4157        ExpectPtrEq(item, &key3_attr2[9]);
4158        ExpectIntEQ(itemSz, 3);
4159
4160        /* Valid attribute index 1 extraction */
4161        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
4162                key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz);
4163        ExpectIntEQ(ret, 0);
4164        ExpectPtrEq(item, &key3_attr2[12]);
4165        ExpectIntEQ(itemSz, 3);
4166
4167        /* Attribute index 2 out of range */
4168        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
4169                key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz);
4170        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4171
4172        /* Valid key index 0 extraction */
4173        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4174                key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz);
4175        ExpectIntEQ(ret, 0);
4176        ExpectPtrEq(item, &key3_attr2[17]);
4177        ExpectIntEQ(itemSz, 3);
4178
4179        /* Valid key index 1 extraction */
4180        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4181                key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz);
4182        ExpectIntEQ(ret, 0);
4183        ExpectPtrEq(item, &key3_attr2[20]);
4184        ExpectIntEQ(itemSz, 3);
4185
4186        /* Valid key index 2 extraction */
4187        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4188                key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz);
4189        ExpectIntEQ(ret, 0);
4190        ExpectPtrEq(item, &key3_attr2[23]);
4191        ExpectIntEQ(itemSz, 3);
4192
4193        /* Key index 3 out of range */
4194        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
4195                key3_attr2, sizeof(key3_attr2), 3, &item, &itemSz);
4196        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4197    }
4198#endif
4199    return EXPECT_RESULT();
4200} /* END test_wc_PKCS7_DecodeSymmetricKeyPackage() */
4201
4202
4203/*
4204 * Test wc_PKCS7_DecodeOneSymmetricKey().
4205 */
4206int test_wc_PKCS7_DecodeOneSymmetricKey(void)
4207{
4208    EXPECT_DECLS;
4209#if defined(HAVE_PKCS7)
4210    const byte * item;
4211    word32 itemSz;
4212    int ret;
4213
4214    {
4215        const byte key1_attr2[] = {
4216            0x30, 0x0E, /* OneSymmetricKey SEQUENCE header */
4217              0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */
4218                0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */
4219                0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */
4220              0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */
4221        };
4222
4223        /* NULL input data pointer */
4224        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4225                NULL, sizeof(key1_attr2), 0, &item, &itemSz);
4226        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4227
4228        /* NULL output pointer */
4229        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4230                key1_attr2, sizeof(key1_attr2), 0, NULL, &itemSz);
4231        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4232
4233        /* NULL output size pointer */
4234        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4235                key1_attr2, sizeof(key1_attr2), 0, &item, NULL);
4236        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4237
4238        /* Valid attribute 0 access */
4239        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4240                key1_attr2, sizeof(key1_attr2), 0, &item, &itemSz);
4241        ExpectIntEQ(ret, 0);
4242        ExpectPtrEq(item, &key1_attr2[4]);
4243        ExpectIntEQ(itemSz, 3);
4244
4245        /* Valid attribute 1 access */
4246        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4247                key1_attr2, sizeof(key1_attr2), 1, &item, &itemSz);
4248        ExpectIntEQ(ret, 0);
4249        ExpectPtrEq(item, &key1_attr2[7]);
4250        ExpectIntEQ(itemSz, 3);
4251
4252        /* Attribute index 2 out of range */
4253        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4254                key1_attr2, sizeof(key1_attr2), 2, &item, &itemSz);
4255        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4256
4257        /* Valid key access */
4258        ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
4259                key1_attr2, sizeof(key1_attr2), &item, &itemSz);
4260        ExpectIntEQ(ret, 0);
4261        ExpectPtrEq(item, &key1_attr2[12]);
4262        ExpectIntEQ(itemSz, 4);
4263    }
4264
4265    {
4266        const byte no_attrs[] = {
4267            0x30, 0x06, /* OneSymmetricKey SEQUENCE header */
4268              0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */
4269        };
4270
4271        /* Attribute index 0 out of range */
4272        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4273                no_attrs, sizeof(no_attrs), 0, &item, &itemSz);
4274        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
4275
4276        /* Valid key access */
4277        ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
4278                no_attrs, sizeof(no_attrs), &item, &itemSz);
4279        ExpectIntEQ(ret, 0);
4280        ExpectPtrEq(item, &no_attrs[4]);
4281        ExpectIntEQ(itemSz, 4);
4282    }
4283
4284    {
4285        const byte key0_attr2[] = {
4286            0x30, 0x08, /* OneSymmetricKey SEQUENCE header */
4287              0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */
4288                0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */
4289                0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */
4290        };
4291
4292        /* Valid attribute 0 access */
4293        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
4294                key0_attr2, sizeof(key0_attr2), 0, &item, &itemSz);
4295        ExpectIntEQ(ret, 0);
4296        ExpectPtrEq(item, &key0_attr2[4]);
4297        ExpectIntEQ(itemSz, 3);
4298
4299        /* Invalid key access */
4300        ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
4301                key0_attr2, sizeof(key0_attr2), &item, &itemSz);
4302        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
4303    }
4304
4305#endif
4306    return EXPECT_RESULT();
4307} /* END test_wc_PKCS7_DecodeOneSymmetricKey() */
4308
4309
4310/*
4311 * Testing wc_PKCS7_Degenerate()
4312 */
4313int test_wc_PKCS7_Degenerate(void)
4314{
4315    EXPECT_DECLS;
4316#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
4317    PKCS7* pkcs7 = NULL;
4318    char   fName[] = "./certs/test-degenerate.p7b";
4319    XFILE  f = XBADFILE;
4320    byte   der[4096];
4321    word32 derSz = 0;
4322#ifndef NO_PKCS7_STREAM
4323    word32 z;
4324    int ret;
4325#endif /* !NO_PKCS7_STREAM */
4326    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
4327    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
4328    if (f != XBADFILE)
4329        XFCLOSE(f);
4330
4331    /* test degenerate success */
4332    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4333    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
4334    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4335#ifndef NO_RSA
4336    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
4337
4338    #ifndef NO_PKCS7_STREAM
4339    wc_PKCS7_Free(pkcs7);
4340    pkcs7 = NULL;
4341    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4342    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
4343    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4344
4345    /* test for streaming */
4346    ret = -1;
4347    for (z = 0; z < derSz && ret != 0; z++) {
4348        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
4349        if (ret < 0){
4350            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
4351        }
4352    }
4353    ExpectIntEQ(ret, 0);
4354    #endif /* !NO_PKCS7_STREAM */
4355#else
4356    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
4357#endif /* NO_RSA */
4358    wc_PKCS7_Free(pkcs7);
4359    pkcs7 = NULL;
4360
4361    /* test with turning off degenerate cases */
4362    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4363    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
4364    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4365    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
4366    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
4367        WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
4368
4369    #ifndef NO_PKCS7_STREAM
4370    wc_PKCS7_Free(pkcs7);
4371    pkcs7 = NULL;
4372    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4373    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
4374    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4375    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
4376
4377    /* test for streaming */
4378    ret = -1;
4379    for (z = 0; z < derSz && ret != 0; z++) {
4380        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
4381        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
4382            continue;
4383        }
4384        else
4385            break;
4386    }
4387    ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
4388    #endif /* !NO_PKCS7_STREAM */
4389
4390    wc_PKCS7_Free(pkcs7);
4391#endif
4392    return EXPECT_RESULT();
4393} /* END test_wc_PKCS7_Degenerate() */
4394
4395#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
4396    defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA) && \
4397    !defined(NO_PKCS7_STREAM)
4398static byte berContent[] = {
4399    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
4400    0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
4401    0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
4402    0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
4403    0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
4404    0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
4405    0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
4406    0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
4407    0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
4408    0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
4409    0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
4410    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
4411    0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
4412    0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
4413    0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
4414    0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
4415    0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
4416    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
4417    0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
4418    0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
4419    0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
4420    0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
4421    0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
4422    0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
4423    0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
4424    0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
4425    0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
4426    0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
4427    0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
4428    0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
4429    0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
4430    0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
4431    0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
4432    0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
4433    0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
4434    0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
4435    0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
4436    0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
4437    0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
4438    0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
4439    0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
4440    0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
4441    0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
4442    0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
4443    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
4444    0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
4445    0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
4446    0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
4447    0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
4448    0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
4449    0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
4450    0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
4451    0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
4452    0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
4453    0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
4454    0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
4455    0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
4456    0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
4457    0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
4458    0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
4459    0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
4460    0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
4461    0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
4462    0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
4463    0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
4464    0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
4465    0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
4466    0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
4467    0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
4468    0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
4469    0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
4470    0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
4471    0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
4472    0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
4473    0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
4474    0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
4475    0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
4476    0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
4477    0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
4478    0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
4479    0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
4480    0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
4481    0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
4482    0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
4483    0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
4484    0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
4485    0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
4486    0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
4487    0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
4488    0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
4489    0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
4490    0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
4491    0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
4492    0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
4493    0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
4494    0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
4495    0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
4496    0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
4497    0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
4498    0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
4499    0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
4500    0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
4501    0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
4502    0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
4503    0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
4504    0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
4505    0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
4506    0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
4507    0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
4508    0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
4509    0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
4510    0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
4511    0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
4512    0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
4513    0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
4514    0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
4515    0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
4516    0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
4517    0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
4518    0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
4519    0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
4520    0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
4521    0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
4522    0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
4523    0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
4524    0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
4525    0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
4526    0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
4527    0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
4528    0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
4529    0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
4530    0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
4531    0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
4532    0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
4533    0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
4534    0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
4535    0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
4536    0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
4537    0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
4538    0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
4539    0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
4540    0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
4541    0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
4542    0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
4543    0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
4544    0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
4545    0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
4546    0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
4547    0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
4548    0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
4549    0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
4550    0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
4551    0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
4552    0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
4553    0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
4554    0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
4555    0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
4556    0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
4557    0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
4558    0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
4559    0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
4560    0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
4561    0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
4562    0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
4563    0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
4564    0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
4565    0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
4566    0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
4567    0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
4568    0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
4569    0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
4570    0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
4571    0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
4572    0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
4573    0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
4574    0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
4575    0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
4576    0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
4577    0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
4578    0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
4579    0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
4580    0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
4581    0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
4582    0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
4583    0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
4584    0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
4585    0x00, 0x00, 0x00, 0x00, 0x00
4586};
4587#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
4588        * !NO_DES3 && !NO_SHA && !NO_PKCS7_STREAM
4589        */
4590
4591/*
4592 * Testing wc_PKCS7_BER()
4593 */
4594int test_wc_PKCS7_BER(void)
4595{
4596    EXPECT_DECLS;
4597#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
4598    !defined(NO_SHA) && defined(ASN_BER_TO_DER)
4599    PKCS7* pkcs7 = NULL;
4600    char   fName[] = "./certs/test-ber-exp02-05-2022.p7b";
4601    XFILE  f = XBADFILE;
4602    byte   der[4096];
4603#if !defined(NO_DES3) && !defined(NO_PKCS7_STREAM)
4604    byte   decoded[2048];
4605#endif
4606    word32 derSz = 0;
4607#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
4608    word32 z;
4609    int ret;
4610#endif /* !NO_PKCS7_STREAM && !NO_RSA */
4611
4612    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
4613    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
4614    if (f != XBADFILE) {
4615        XFCLOSE(f);
4616        f = XBADFILE;
4617    }
4618
4619    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4620    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
4621    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4622#ifndef NO_RSA
4623    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
4624
4625    #ifndef NO_PKCS7_STREAM
4626    wc_PKCS7_Free(pkcs7);
4627    pkcs7 = NULL;
4628    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4629    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
4630    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4631
4632    /* test for streaming */
4633    ret = -1;
4634    for (z = 0; z < derSz && ret != 0; z++) {
4635        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
4636        if (ret < 0){
4637            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
4638        }
4639    }
4640    ExpectIntEQ(ret, 0);
4641    #endif /* !NO_PKCS7_STREAM */
4642#else
4643    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
4644#endif
4645    wc_PKCS7_Free(pkcs7);
4646    pkcs7 = NULL;
4647
4648#if !defined(NO_DES3) && !defined(NO_PKCS7_STREAM)
4649    /* decode BER content - requires PKCS7 streaming to handle indefinite
4650     * length encoding in the EnvelopedData structure */
4651    ExpectTrue((f = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE);
4652    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
4653    if (f != XBADFILE) {
4654        XFCLOSE(f);
4655        f = XBADFILE;
4656    }
4657    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4658#ifndef NO_RSA
4659    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
4660#else
4661    ExpectIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
4662#endif
4663
4664    ExpectTrue((f = XFOPEN("./certs/1024/client-key.der", "rb")) != XBADFILE);
4665    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
4666    if (f != XBADFILE) {
4667        XFCLOSE(f);
4668        f = XBADFILE;
4669    }
4670    if (pkcs7 != NULL) {
4671        pkcs7->privateKey   = der;
4672        pkcs7->privateKeySz = derSz;
4673    }
4674#ifndef NO_RSA
4675#ifdef WOLFSSL_SP_MATH
4676    if (EXPECT_SUCCESS()) {
4677        ret = wc_PKCS7_DecodeEnvelopedData(
4678            pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded));
4679        ExpectTrue((ret == WC_NO_ERR_TRACE(WC_KEY_SIZE_E)) ||
4680                   (ret == WC_NO_ERR_TRACE(BUFFER_E)));
4681    }
4682#else
4683    ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
4684        sizeof(berContent), decoded, sizeof(decoded)), 0);
4685#endif
4686#else
4687    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
4688        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
4689#endif
4690    wc_PKCS7_Free(pkcs7);
4691#endif /* !NO_DES3 && !NO_PKCS7_STREAM */
4692#endif
4693    return EXPECT_RESULT();
4694} /* END test_wc_PKCS7_BER() */
4695
4696int test_wc_PKCS7_signed_enveloped(void)
4697{
4698    EXPECT_DECLS;
4699#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
4700    defined(WOLFSSL_AES_256) && !defined(NO_FILESYSTEM)
4701    XFILE  f = XBADFILE;
4702    PKCS7* pkcs7 = NULL;
4703#ifdef HAVE_AES_CBC
4704    PKCS7* inner = NULL;
4705#endif
4706    WC_RNG rng;
4707    unsigned char key[FOURK_BUF/2];
4708    unsigned char cert[FOURK_BUF/2];
4709    unsigned char env[FOURK_BUF];
4710    int envSz  = FOURK_BUF;
4711    int keySz = 0;
4712    int certSz = 0;
4713    unsigned char sig[FOURK_BUF * 2];
4714    int sigSz = FOURK_BUF * 2;
4715#ifdef HAVE_AES_CBC
4716    unsigned char decoded[FOURK_BUF];
4717    int decodedSz = FOURK_BUF;
4718#endif
4719#ifndef NO_PKCS7_STREAM
4720    int z;
4721    int ret;
4722#endif /* !NO_PKCS7_STREAM */
4723
4724    XMEMSET(&rng, 0, sizeof(WC_RNG));
4725
4726    /* load cert */
4727    ExpectTrue((f = XFOPEN(cliCertDerFile, "rb")) != XBADFILE);
4728    ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
4729    if (f != XBADFILE) {
4730        XFCLOSE(f);
4731        f = XBADFILE;
4732    }
4733
4734    /* load key */
4735    ExpectTrue((f = XFOPEN(cliKeyFile, "rb")) != XBADFILE);
4736    ExpectIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
4737    if (f != XBADFILE) {
4738        XFCLOSE(f);
4739        f = XBADFILE;
4740    }
4741    ExpectIntGT(keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL), 0);
4742
4743    /* sign cert for envelope */
4744    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4745    ExpectIntEQ(wc_InitRng(&rng), 0);
4746    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
4747    if (pkcs7 != NULL) {
4748        pkcs7->content    = cert;
4749        pkcs7->contentSz  = (word32)certSz;
4750        pkcs7->contentOID = DATA;
4751        pkcs7->privateKey   = key;
4752        pkcs7->privateKeySz = (word32)keySz;
4753        pkcs7->encryptOID   = RSAk;
4754        pkcs7->hashOID      = SHA256h;
4755        pkcs7->rng          = &rng;
4756    }
4757    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
4758    wc_PKCS7_Free(pkcs7);
4759    pkcs7 = NULL;
4760    DoExpectIntEQ(wc_FreeRng(&rng), 0);
4761
4762#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
4763    /* create envelope */
4764    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4765    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
4766    if (pkcs7 != NULL) {
4767        pkcs7->content   = sig;
4768        pkcs7->contentSz = (word32)sigSz;
4769        pkcs7->contentOID = DATA;
4770        pkcs7->encryptOID = AES256CBCb;
4771        pkcs7->privateKey   = key;
4772        pkcs7->privateKeySz = (word32)keySz;
4773    }
4774    ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, (word32)envSz)), 0);
4775    ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0);
4776    wc_PKCS7_Free(pkcs7);
4777    pkcs7 = NULL;
4778#endif
4779
4780    /* create bad signed enveloped data */
4781    sigSz = FOURK_BUF * 2;
4782    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4783    ExpectIntEQ(wc_InitRng(&rng), 0);
4784    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
4785    if (pkcs7 != NULL) {
4786        pkcs7->content    = env;
4787        pkcs7->contentSz  = (word32)envSz;
4788        pkcs7->contentOID = DATA;
4789        pkcs7->privateKey   = key;
4790        pkcs7->privateKeySz = (word32)keySz;
4791        pkcs7->encryptOID   = RSAk;
4792        pkcs7->hashOID      = SHA256h;
4793        pkcs7->rng = &rng;
4794    }
4795
4796    /* Set no certs in bundle for this test. */
4797    if (pkcs7 != NULL) {
4798        ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
4799        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
4800        ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
4801    }
4802    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
4803    wc_PKCS7_Free(pkcs7);
4804    pkcs7 = NULL;
4805
4806    /* check verify fails */
4807    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4808    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4809    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz),
4810            WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
4811
4812    /* try verifying the signature manually */
4813    {
4814        RsaKey rKey;
4815        word32 idx = 0;
4816        byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
4817            WC_MAX_DIGEST_SIZE];
4818        int  digestSz = 0;
4819
4820        ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
4821        ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, (word32)keySz), 0);
4822        ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature,
4823            pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0);
4824        ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz);
4825        ExpectIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
4826        ExpectIntEQ(wc_FreeRsaKey(&rKey), 0);
4827        /* verify was success */
4828    }
4829
4830    wc_PKCS7_Free(pkcs7);
4831    pkcs7 = NULL;
4832
4833    /* initializing the PKCS7 struct with the signing certificate should pass */
4834    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4835    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
4836    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
4837
4838#ifndef NO_PKCS7_STREAM
4839    wc_PKCS7_Free(pkcs7);
4840    pkcs7 = NULL;
4841    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4842    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
4843
4844    /* test for streaming */
4845    ret = -1;
4846    for (z = 0; z < sigSz && ret != 0; z++) {
4847        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
4848        if (ret < 0){
4849            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
4850        }
4851    }
4852    ExpectIntEQ(ret, 0);
4853#endif /* !NO_PKCS7_STREAM */
4854
4855    wc_PKCS7_Free(pkcs7);
4856    pkcs7 = NULL;
4857
4858    /* create valid degenerate bundle */
4859    sigSz = FOURK_BUF * 2;
4860    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4861    if (pkcs7 != NULL) {
4862        pkcs7->content    = env;
4863        pkcs7->contentSz  = (word32)envSz;
4864        pkcs7->contentOID = DATA;
4865        pkcs7->privateKey   = key;
4866        pkcs7->privateKeySz = (word32)keySz;
4867        pkcs7->encryptOID   = RSAk;
4868        pkcs7->hashOID      = SHA256h;
4869        pkcs7->rng = &rng;
4870    }
4871    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
4872    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
4873    wc_PKCS7_Free(pkcs7);
4874    pkcs7 = NULL;
4875    wc_FreeRng(&rng);
4876
4877    /* check verify */
4878    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4879    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
4880    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
4881    ExpectNotNull(pkcs7->content);
4882
4883#ifndef NO_PKCS7_STREAM
4884    wc_PKCS7_Free(pkcs7);
4885    pkcs7 = NULL;
4886
4887    /* create valid degenerate bundle */
4888    sigSz = FOURK_BUF * 2;
4889    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4890    if (pkcs7 != NULL) {
4891        pkcs7->content    = env;
4892        pkcs7->contentSz  = (word32)envSz;
4893        pkcs7->contentOID = DATA;
4894        pkcs7->privateKey   = key;
4895        pkcs7->privateKeySz = (word32)keySz;
4896        pkcs7->encryptOID   = RSAk;
4897        pkcs7->hashOID      = SHA256h;
4898        pkcs7->rng = &rng;
4899    }
4900    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
4901    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
4902    wc_PKCS7_Free(pkcs7);
4903    pkcs7 = NULL;
4904    wc_FreeRng(&rng);
4905
4906    /* check verify */
4907    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4908    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
4909    /* test for streaming */
4910    ret = -1;
4911    for (z = 0; z < sigSz && ret != 0; z++) {
4912        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
4913        if (ret < 0){
4914            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
4915        }
4916    }
4917    ExpectIntEQ(ret, 0);
4918#endif /* !NO_PKCS7_STREAM */
4919
4920#ifdef HAVE_AES_CBC
4921    /* check decode */
4922    ExpectNotNull(inner = wc_PKCS7_New(NULL, testDevId));
4923    ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, (word32)certSz), 0);
4924    if (inner != NULL) {
4925        inner->privateKey   = key;
4926        inner->privateKeySz = (word32)keySz;
4927    }
4928    ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
4929                   pkcs7->contentSz, decoded, (word32)decodedSz)), 0);
4930    wc_PKCS7_Free(inner);
4931    inner = NULL;
4932#endif
4933    wc_PKCS7_Free(pkcs7);
4934    pkcs7 = NULL;
4935
4936#ifdef HAVE_AES_CBC
4937    /* check cert set */
4938    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4939    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4940    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, (word32)decodedSz), 0);
4941    ExpectNotNull(pkcs7->singleCert);
4942    ExpectIntNE(pkcs7->singleCertSz, 0);
4943    wc_PKCS7_Free(pkcs7);
4944    pkcs7 = NULL;
4945
4946#ifndef NO_PKCS7_STREAM
4947    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
4948    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
4949    /* test for streaming */
4950    ret = -1;
4951    for (z = 0; z < decodedSz && ret != 0; z++) {
4952        ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
4953        if (ret < 0){
4954            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
4955        }
4956    }
4957    ExpectIntEQ(ret, 0);
4958    ExpectNotNull(pkcs7->singleCert);
4959    ExpectIntNE(pkcs7->singleCertSz, 0);
4960    wc_PKCS7_Free(pkcs7);
4961    pkcs7 = NULL;
4962#endif /* !NO_PKCS7_STREAM */
4963#endif
4964
4965    {
4966        /* arbitrary custom SKID */
4967        const byte customSKID[] = {
4968            0x40, 0x25, 0x77, 0x56
4969        };
4970
4971        ExpectIntEQ(wc_InitRng(&rng), 0);
4972        sigSz = FOURK_BUF * 2;
4973        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
4974        if (pkcs7 != NULL) {
4975            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
4976            pkcs7->content    = cert;
4977            pkcs7->contentSz  = (word32)certSz;
4978            pkcs7->contentOID = DATA;
4979            pkcs7->privateKey   = key;
4980            pkcs7->privateKeySz = (word32)keySz;
4981            pkcs7->encryptOID   = RSAk;
4982            pkcs7->hashOID      = SHA256h;
4983            pkcs7->rng          = &rng;
4984            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
4985            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
4986                        sizeof(customSKID)), 0);
4987            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
4988                (word32)sigSz)), 0);
4989        }
4990        wc_PKCS7_Free(pkcs7);
4991        pkcs7 = NULL;
4992        wc_FreeRng(&rng);
4993    }
4994#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
4995    return EXPECT_RESULT();
4996}
4997
4998int test_wc_PKCS7_NoDefaultSignedAttribs(void)
4999{
5000    EXPECT_DECLS;
5001#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
5002    && !defined(NO_AES)
5003    PKCS7* pkcs7 = NULL;
5004    void*  heap = NULL;
5005
5006    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
5007    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
5008
5009    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
5010    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
5011
5012    wc_PKCS7_Free(pkcs7);
5013#endif
5014    return EXPECT_RESULT();
5015}
5016
5017int test_wc_PKCS7_SetOriEncryptCtx(void)
5018{
5019    EXPECT_DECLS;
5020#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
5021    && !defined(NO_AES)
5022    PKCS7*       pkcs7 = NULL;
5023    void*        heap = NULL;
5024    WOLFSSL_CTX* ctx = NULL;
5025
5026    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
5027    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
5028
5029    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
5030    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
5031
5032    wc_PKCS7_Free(pkcs7);
5033#endif
5034    return EXPECT_RESULT();
5035}
5036
5037int test_wc_PKCS7_SetOriDecryptCtx(void)
5038{
5039    EXPECT_DECLS;
5040#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
5041    && !defined(NO_AES)
5042    PKCS7*       pkcs7 = NULL;
5043    void*        heap = NULL;
5044    WOLFSSL_CTX* ctx = NULL;
5045
5046    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
5047    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
5048
5049    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
5050    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
5051
5052    wc_PKCS7_Free(pkcs7);
5053#endif
5054    return EXPECT_RESULT();
5055}
5056
5057int test_wc_PKCS7_DecodeCompressedData(void)
5058{
5059    EXPECT_DECLS;
5060#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
5061    && !defined(NO_AES) && defined(HAVE_LIBZ)
5062    PKCS7* pkcs7 = NULL;
5063    void*  heap = NULL;
5064    byte   out[4096];
5065    byte*  decompressed = NULL;
5066    int    outSz;
5067    int    decompressedSz;
5068    const char* cert = "./certs/client-cert.pem";
5069    byte*  cert_buf = NULL;
5070    size_t cert_sz = 0;
5071
5072    ExpectIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
5073    ExpectNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap,
5074        DYNAMIC_TYPE_TMP_BUFFER)));
5075    decompressedSz = (int)cert_sz;
5076    ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
5077
5078    if (pkcs7 != NULL) {
5079        pkcs7->content    = (byte*)cert_buf;
5080        pkcs7->contentSz  = (word32)cert_sz;
5081        pkcs7->contentOID = DATA;
5082    }
5083
5084    ExpectIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
5085        sizeof(out))), 0);
5086    wc_PKCS7_Free(pkcs7);
5087    pkcs7 = NULL;
5088
5089    /* compressed key should be smaller than when started */
5090    ExpectIntLT(outSz, cert_sz);
5091
5092    /* test decompression */
5093    ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
5094    ExpectIntEQ(pkcs7->contentOID, 0);
5095
5096    /* fail case with out buffer too small */
5097    ExpectIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
5098        decompressed, outSz), 0);
5099
5100    /* success case */
5101    ExpectIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
5102        decompressed, decompressedSz), cert_sz);
5103    ExpectIntEQ(pkcs7->contentOID, DATA);
5104    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
5105    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
5106    decompressed = NULL;
5107
5108    /* test decompression function with different 'max' inputs */
5109    outSz = sizeof(out);
5110    ExpectIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
5111        0);
5112    ExpectIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
5113        out, outSz, 0, heap), 0);
5114    ExpectNull(decompressed);
5115    ExpectIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
5116        out, outSz, 0, heap), 0);
5117    ExpectNotNull(decompressed);
5118    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
5119    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
5120    decompressed = NULL;
5121
5122    ExpectIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
5123        out, outSz, 0, heap), 0);
5124    ExpectNotNull(decompressed);
5125    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
5126    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
5127    decompressed = NULL;
5128
5129    /* inSz that would overflow on the initial 'tmpSz = inSz * 2' must be
5130     * rejected up front rather than handed to XMALLOC. */
5131    ExpectIntEQ(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
5132        out, ((word32)INT_MAX / 2) + 1, 0, heap),
5133        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
5134    ExpectNull(decompressed);
5135
5136    if (cert_buf != NULL)
5137        XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
5138    wc_PKCS7_Free(pkcs7);
5139#endif
5140    return EXPECT_RESULT();
5141}
5142
5143/*
5144 * Test for PKCS#7 SignedData with non-OCTET_STRING content
5145 * (PKCS#7 style vs CMS)
5146 *
5147 * Tests parsing PKCS#7 SignedData where the encapsulated content
5148 * is a SEQUENCE (as allowed by original PKCS#7 spec "ANY DEFINED BY
5149 * contentType") rather than an OCTET STRING (as mandated by CMS). This showed
5150 * up in use case of Authenticode signatures.
5151 */
5152int test_wc_PKCS7_VerifySignedData_PKCS7ContentSeq(void)
5153{
5154    EXPECT_DECLS;
5155#if defined(HAVE_PKCS7)
5156    PKCS7* pkcs7 = NULL;
5157#ifndef NO_PKCS7_STREAM
5158    word32 idx;
5159    int ret;
5160#endif
5161
5162    /*
5163     * Hand-crafted PKCS#7 SignedData (degenerate, no signers) with:
5164     * - Content type OID (1.3.6.1.4.1.311.2.1.4 = SPC_INDIRECT_DATA)
5165     * - Content is a SEQUENCE, NOT an OCTET STRING
5166     * - eContent is encoded as "ANY" type per original PKCS#7 spec.
5167     *
5168     * This test ensures wolfSSL's PKCS7 streaming code can correctly
5169     * parse SignedData types when the encapsulated content is not an OCTET
5170     * STRING (as CMS requires) but rather a SEQUENCE or other type
5171     * (as PKCS#7's "ANY" type allows). Microsoft Authenticode signatures
5172     * use this format with SPC_INDIRECT_DATA content.
5173     *
5174     * Structure:
5175     *   ContentInfo SEQUENCE
5176     *     contentType OID signedData
5177     *     [0] SignedData SEQUENCE
5178     *       version INTEGER 1
5179     *       digestAlgorithms SET { sha256 }
5180     *       encapContentInfo SEQUENCE
5181     *         eContentType OID 1.3.6.1.4.1.311.2.1.4
5182     *         [0] eContent
5183     *           SEQUENCE { OID, OCTET STRING } - SEQUENCE not OCTET STRING
5184     *       signerInfos SET {} (empty = degenerate)
5185     */
5186    static const byte pkcs7Content[] = {
5187        /* ContentInfo SEQUENCE */
5188        0x30, 0x56,
5189        /* contentType OID: 1.2.840.113549.1.7.2 (signedData) */
5190        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02,
5191        /* [0] EXPLICIT - content */
5192        0xA0, 0x49,
5193        /* SignedData SEQUENCE */
5194        0x30, 0x47,
5195        /* version INTEGER 1 */
5196        0x02, 0x01, 0x01,
5197        /* digestAlgorithms SET */
5198        0x31, 0x0F,
5199        /* AlgorithmIdentifier SEQUENCE */
5200        0x30, 0x0D,
5201        /* OID sha256: 2.16.840.1.101.3.4.2.1 */
5202        0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
5203        0x04, 0x02, 0x01,
5204        /* NULL */
5205        0x05, 0x00,
5206        /* encapContentInfo SEQUENCE */
5207        0x30, 0x2F,
5208        /* eContentType OID: 1.3.6.1.4.1.311.2.1.4 (SPC_INDIRECT_DATA) */
5209        0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82,
5210        0x37, 0x02, 0x01, 0x04,
5211        /* [0] EXPLICIT - eContent */
5212        0xA0, 0x21,
5213        /* Content SEQUENCE (0x30), not OCTET STRING (0x04)
5214         * Following PKCS#7 "ANY" type, not CMS OCTET STRING */
5215        0x30, 0x1F,
5216        /* Content: SEQUENCE { OID, OCTET STRING with 24 bytes } */
5217        0x06, 0x03, 0x55, 0x04, 0x03,  /* OID 2.5.4.3 (5 bytes) */
5218        0x04, 0x18,                    /* OCTET STRING length 24 */
5219        0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,  /* "This is " */
5220        0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x6F, 0x6E,  /* "test con" */
5221        0x74, 0x65, 0x6E, 0x74, 0x20, 0x64, 0x61, 0x74,  /* "tent dat" */
5222        /* signerInfos SET - empty for degenerate */
5223        0x31, 0x00
5224    };
5225
5226    /* Test non-streaming verification */
5227    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
5228    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
5229    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
5230    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, (byte*)pkcs7Content,
5231                (word32)sizeof(pkcs7Content)), 0);
5232
5233    /* Verify content was parsed correctly */
5234    if (pkcs7 != NULL) {
5235        /* contentIsPkcs7Type should be set */
5236        ExpectIntEQ(pkcs7->contentIsPkcs7Type, 1);
5237        /* Content should have been parsed (33 bytes) */
5238        ExpectIntEQ(pkcs7->contentSz, 33);
5239        ExpectNotNull(pkcs7->content);
5240    }
5241    wc_PKCS7_Free(pkcs7);
5242    pkcs7 = NULL;
5243
5244#ifndef NO_PKCS7_STREAM
5245    /* Test streaming verification - feed data byte by byte */
5246    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
5247    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
5248    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
5249
5250    /* Feed data byte by byte to exercise streaming path */
5251    ret = WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E);
5252    for (idx = 0; idx < (word32)sizeof(pkcs7Content) && ret != 0; idx++) {
5253        ret = wc_PKCS7_VerifySignedData(pkcs7,
5254                  (byte*)pkcs7Content + idx, 1);
5255        if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
5256            /* Unexpected error */
5257            break;
5258        }
5259    }
5260
5261    /* Expecting ret = 0, not ASN_PARSE_E or other negative error */
5262    ExpectIntEQ(ret, 0);
5263
5264    if (pkcs7 != NULL) {
5265        ExpectIntEQ(pkcs7->contentIsPkcs7Type, 1);
5266        ExpectIntEQ(pkcs7->contentSz, 33);
5267        ExpectNotNull(pkcs7->content);
5268    }
5269    wc_PKCS7_Free(pkcs7);
5270#endif /* !NO_PKCS7_STREAM */
5271#endif /* HAVE_PKCS7 */
5272    return EXPECT_RESULT();
5273}
5274
5275/*
5276 * Test PKCS7 VerifySignedData with indefinite-length BER-encoded SignedData
5277 * containing mismatched nesting depth. Verifies bounds checking in the
5278 * end-of-content octet verification loop in streaming mode.
5279 */
5280int test_wc_PKCS7_VerifySignedData_IndefLenOOB(void)
5281{
5282    EXPECT_DECLS;
5283#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_STREAM)
5284    PKCS7* pkcs7 = NULL;
5285
5286    /* PKCS#7 SignedData with indefinite-length BER encoding where the
5287     * nesting depth exceeds the available end-of-content octets. */
5288    WOLFSSL_SMALL_STACK_STATIC byte der[] = {
5289        0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x80, 0x30,
5290        0x80, 0x02, 0x01, 0x01, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
5291        0x00, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80,
5292        0x24, 0x80, 0x04, 0x82, 0x03, 0xba, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
5293        0x01, 0x07, 0x03, 0xa0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x00, 0x31, 0x81, 0xc0, 0x30, 0x81, 0xbd,
5294        0x02, 0x01, 0x00, 0x30, 0x26, 0x30, 0x12, 0x32, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03,
5295        0x0c, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x10, 0x00, 0xa1, 0xe4, 0x1e, 0x56,
5296        0xff, 0x4d, 0x65, 0xe1, 0x1b, 0x00, 0x3a, 0xc5, 0xc2, 0x6e, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a,
5297        0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0x80, 0x06, 0xfd,
5298        0xe1, 0x4e, 0xa8, 0x69, 0x67, 0x1a, 0xee, 0x50, 0xe5, 0x51, 0xbb, 0x5d, 0xde, 0x51, 0xe7, 0x9b,
5299        0xef, 0xa5, 0x34, 0x5b, 0x74, 0x6a, 0xad, 0x8b, 0xf1, 0xd5, 0x99, 0x05, 0x3b, 0xb6, 0x78, 0xb6,
5300        0x51, 0x5b, 0x49, 0xa2, 0x0c, 0x8c, 0x79, 0x99, 0x77, 0x85, 0x0f, 0xa9, 0x91, 0x2a, 0x1a, 0xb5,
5301        0xdb, 0x9d, 0x7e, 0x16, 0x94, 0x8f, 0x56, 0x87, 0x69, 0xdd, 0x8f, 0x9d, 0x83, 0xf5, 0x05, 0xf2,
5302        0x58, 0x78, 0x80, 0x74, 0xd9, 0x17, 0x90, 0xcd, 0xcf, 0xcd, 0xac, 0x81, 0x71, 0x5d, 0x80, 0xbb,
5303        0x72, 0x33, 0x9d, 0x93, 0x00, 0xdb, 0x09, 0x04, 0xe2, 0x00, 0x8d, 0x2f, 0xad, 0x38, 0x6f, 0xfa,
5304        0x00, 0x7b, 0xee, 0x79, 0xee, 0xdf, 0x50, 0x4c, 0xfb, 0x98, 0xa9, 0x34, 0x54, 0x49, 0x0e, 0x4b,
5305        0xbe, 0x63, 0xb7, 0xa7, 0x77, 0xc2, 0x15, 0x35, 0x54, 0x0b, 0x33, 0x8d, 0xc7, 0x30, 0x80, 0x06,
5306        0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, 0x08, 0x2a, 0x86,
5307        0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x0b, 0x1a, 0x1f, 0x4d, 0xbe, 0x2d, 0x9a, 0xf2,
5308        0xa0, 0x80, 0x04, 0x82, 0x02, 0xb0, 0x94, 0x92, 0x38, 0x98, 0x6a, 0x96, 0x52, 0x1f, 0x50, 0xd9,
5309        0xc5, 0x89, 0x10, 0x3d, 0xa4, 0xa8, 0xf0, 0xe7, 0x4b, 0xe8, 0x40, 0x7a, 0x3e, 0xdb, 0xf0, 0x91,
5310        0x31, 0x57, 0x1e, 0xae, 0x0f, 0x68, 0x24, 0x54, 0xfe, 0xe9, 0x34, 0xf4, 0xaf, 0x52, 0x07, 0xe6,
5311        0xaa, 0x7e, 0x38, 0x3c, 0xc3, 0x9a, 0x7a, 0x88, 0x25, 0xce, 0x10, 0x5d, 0xcf, 0x8e, 0x30, 0x22,
5312        0xde, 0xb1, 0x48, 0x18, 0xf3, 0x10, 0x1e, 0xf2, 0x78, 0x1e, 0x9e, 0xf7, 0x92, 0x4d, 0xec, 0xd0,
5313        0xdd, 0x3e, 0x2e, 0x34, 0x65, 0x5c, 0xc4, 0x2f, 0x0b, 0xfc, 0xc5, 0x30, 0xc8, 0x36, 0xe3, 0x52,
5314        0x11, 0xd8, 0xfa, 0x89, 0x27, 0x02, 0xce, 0x28, 0x68, 0x1e, 0x73, 0x5c, 0xc7, 0xc2, 0x92, 0x9e,
5315        0xa2, 0xa5, 0xe9, 0x73, 0xb5, 0xe7, 0x13, 0xe3, 0x77, 0x11, 0xfa, 0x05, 0xf0, 0xa1, 0x69, 0x1f,
5316        0x7d, 0x3d, 0xad, 0x30, 0xe4, 0xef, 0x59, 0xa1, 0xfa, 0xc6, 0xb0, 0xff, 0x14, 0x47, 0x8f, 0xab,
5317        0xcf, 0x9d, 0x7c, 0xe8, 0x58, 0xed, 0xa3, 0xdb, 0x14, 0xea, 0xda, 0x7c, 0xcc, 0x18, 0x11, 0xcd,
5318        0x0b, 0xff, 0xb7, 0x36, 0x88, 0xa9, 0x2f, 0xc0, 0x02, 0xb3, 0xe8, 0x5f, 0xa2, 0xe9, 0xbd, 0x3b,
5319        0x6e, 0xb5, 0x14, 0x7d, 0xea, 0x53, 0x2b, 0x84, 0xce, 0x6a, 0x81, 0x4d, 0x96, 0xb4, 0x05, 0x82,
5320        0xd7, 0xef, 0x1a, 0x54, 0xf2, 0x12, 0xef, 0x4d, 0x7d, 0x1f, 0x1a, 0xec, 0xd4, 0x36, 0x34, 0x3e,
5321        0xa0, 0x2e, 0x1d, 0x23, 0xa3, 0x37, 0x7f, 0x83, 0xe1, 0x60, 0x77, 0xb5, 0x31, 0x0d, 0xeb, 0x47,
5322        0xdc, 0x2a, 0x3d, 0xf2, 0x7b, 0x30, 0x47, 0xfd, 0x6a, 0x81, 0x20, 0x9a, 0x0b, 0x2c, 0x3b, 0x9a,
5323        0x0e, 0x5e, 0xee, 0x33, 0xde, 0x80, 0x35, 0x9d, 0xd3, 0xc0, 0x6e, 0xe0, 0x3a, 0x02, 0x9c, 0x01,
5324        0x05, 0xeb, 0x25, 0x29, 0x68, 0xdd, 0x4b, 0x49, 0xc8, 0x58, 0xab, 0x13, 0x51, 0x1d, 0xf3, 0x95,
5325        0xe0, 0xc8, 0x88, 0x59, 0x6a, 0xa6, 0x5d, 0xb2, 0x18, 0xe4, 0xfd, 0x95, 0x8e, 0x20, 0x34, 0xd7,
5326        0x06, 0x82, 0x3b, 0x1e, 0xfb, 0xcb, 0xaf, 0x53, 0x37, 0xbf, 0x82, 0xe6, 0xab, 0xf6, 0x38, 0xe0,
5327        0x9b, 0x66, 0xd4, 0x65, 0xc8, 0x45, 0x3d, 0xb7, 0xb6, 0x17, 0x2b, 0xed, 0x4f, 0xe7, 0xe4, 0x45,
5328        0x0d, 0xa2, 0xc7, 0x17, 0x2a, 0x6d, 0xc5, 0x8a, 0x3d, 0xc6, 0x38, 0xa0, 0x0c, 0xa9, 0x2e, 0xdc,
5329        0xd8, 0x9d, 0x1f, 0x9b, 0x03, 0xc8, 0x51, 0x3f, 0xa6, 0x66, 0x5b, 0x76, 0x32, 0xa5, 0x65, 0x17,
5330        0xaf, 0xfb, 0x34, 0x53, 0x77, 0x0b, 0x67, 0x2b, 0x7c, 0x77, 0x53, 0x93, 0xac, 0xeb, 0x0b, 0xf1,
5331        0xf5, 0x40, 0x1f, 0x40, 0x2f, 0x7b, 0x01, 0x53, 0x95, 0x1f, 0xca, 0xfd, 0x98, 0x18, 0xbd, 0xa6,
5332        0xf0, 0x13, 0x1c, 0x6d, 0x8d, 0x67, 0x83, 0xbc, 0x13, 0x86, 0xdd, 0xb4, 0xe2, 0x6a, 0xd6, 0x9e,
5333        0x79, 0x50, 0xde, 0xa0, 0x03, 0x7e, 0xe6, 0x7f, 0xe6, 0xc9, 0x8c, 0x03, 0x1c, 0x5b, 0xc1, 0x3e,
5334        0xe6, 0x8c, 0x2e, 0x09, 0xbd, 0x43, 0xdd, 0x66, 0xde, 0xcf, 0xc4, 0xcd, 0xe4, 0xa0, 0x37, 0xa8,
5335        0x3a, 0x8d, 0x63, 0x0c, 0x13, 0x0e, 0xd7, 0x03, 0x8d, 0xa1, 0x59, 0x81, 0xe5, 0x5d, 0x73, 0xb3,
5336        0xe6, 0x8f, 0x06, 0x2a, 0x3f, 0x1d, 0xd7, 0x0b, 0xc4, 0x21, 0xcc, 0x6f, 0x0e, 0x43, 0x34, 0xc0,
5337        0x9f, 0x8d, 0x70, 0x64, 0x24, 0x5e, 0xcf, 0x14, 0x98, 0x22, 0xa4, 0xf4, 0x2e, 0x8b, 0x95, 0x6c,
5338        0xf7, 0x68, 0xee, 0x60, 0xee, 0xba, 0x8a, 0x0c, 0x60, 0x18, 0x2b, 0x5c, 0x6f, 0x77, 0x48, 0x95,
5339        0xb2, 0xb5, 0xcb, 0xb0, 0xf7, 0xd3, 0x5b, 0xc8, 0xea, 0x52, 0x09, 0x30, 0x61, 0x1c, 0x6e, 0xbb,
5340        0x57, 0xa1, 0x48, 0x52, 0x3d, 0xd6, 0x67, 0xa3, 0x6d, 0x1b, 0x92, 0x31, 0xea, 0x56, 0xfb, 0x24,
5341        0x5e, 0x99, 0x92, 0xff, 0x3e, 0x22, 0xba, 0x06, 0x56, 0x1e, 0xed, 0x98, 0xb0, 0x4a, 0x52, 0x49,
5342        0x61, 0xf9, 0x48, 0x7d, 0xb4, 0xb6, 0xb3, 0xb5, 0xed, 0x01, 0x27, 0xc0, 0xcc, 0xde, 0x06, 0x19,
5343        0x6b, 0x3b, 0x0b, 0xf6, 0x2a, 0x18, 0xe9, 0xdc, 0x52, 0xa6, 0xb6, 0xd4, 0xbe, 0x52, 0x95, 0x05,
5344        0x2e, 0x88, 0x0e, 0x88, 0x11, 0x6e, 0x52, 0x86, 0x63, 0x38, 0x0c, 0xcc, 0x19, 0x2d, 0x88, 0x0b,
5345        0xd1, 0x05, 0x4b, 0xe3, 0xfe, 0x3b, 0xf1, 0xc6, 0x82, 0x22, 0x7f, 0x4a, 0xe2, 0x30, 0x84, 0x06,
5346        0x00, 0x37, 0x0a, 0x6f, 0xa0, 0x2b, 0xe1, 0xf0, 0x21, 0xdc, 0x97, 0x31, 0xda, 0x8a, 0x6c, 0xab,
5347        0xfd, 0x60, 0xcd, 0x1b, 0xdb, 0x81, 0x18, 0x3d, 0x63, 0x43, 0x77, 0xe5, 0x52, 0x92, 0x8e, 0xcf,
5348        0x8b, 0xf2, 0x1d, 0x02, 0x90, 0x85, 0xbf, 0x83, 0xbd, 0x07, 0xb4, 0x0f, 0x27, 0x1c, 0x72, 0x04,
5349        0xb8, 0x14, 0x7e, 0x06, 0x6d, 0xab, 0x44, 0xd7, 0x1c, 0x2c, 0x47, 0x53, 0x09, 0xd5, 0x64, 0x92,
5350        0xb8, 0xac, 0xd1, 0x78, 0xe2, 0xbb, 0xc9, 0x59, 0xc8, 0xc9, 0x0a, 0x93, 0x31, 0xd2, 0x1e, 0xc0,
5351        0xe6, 0x31, 0xb8, 0x5a, 0xfa, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5352        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x80, 0x30, 0x82, 0x03, 0x4d, 0x30, 0x82, 0x02, 0x35,
5353        0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
5354        0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
5355        0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
5356        0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
5357        0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
5358        0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x43, 0x45,
5359        0x50, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x17, 0x43, 0x65, 0x72, 0x74,
5360        0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
5361        0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x32, 0x30, 0x35, 0x32, 0x32, 0x34,
5362        0x30, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x32, 0x30, 0x35, 0x32, 0x32, 0x34, 0x30,
5363        0x30, 0x37, 0x5a, 0x30, 0x6a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
5364        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
5365        0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
5366        0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
5367        0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x43, 0x45, 0x50, 0x31, 0x20, 0x30,
5368        0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x17, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
5369        0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30,
5370        0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
5371        0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
5372        0xc9, 0x94, 0x88, 0x48, 0x59, 0xe8, 0x0f, 0x34, 0x83, 0xf0, 0xf2, 0x42, 0x2c, 0x58, 0x6c, 0xb9,
5373        0xa1, 0x60, 0xed, 0xa9, 0xcd, 0x5e, 0xb9, 0x33, 0x74, 0x2a, 0x94, 0x30, 0xa2, 0x18, 0x82, 0x90,
5374        0xa3, 0xf5, 0x64, 0x40, 0xee, 0x6d, 0x64, 0xbc, 0x15, 0x18, 0x65, 0x48, 0xfe, 0xe4, 0x19, 0xa7,
5375        0xd4, 0x5d, 0x67, 0x2f, 0xf5, 0x5b, 0x75, 0x65, 0xda, 0x30, 0x01, 0x33, 0x79, 0x80, 0xd8, 0x84,
5376        0xc9, 0xa3, 0x49, 0xf4, 0xab, 0x1b, 0x54, 0xa1, 0x87, 0x38, 0x0a, 0x5f, 0xd5, 0x7c, 0xd5, 0x73,
5377        0xe3, 0xaa, 0x43, 0xe9, 0x1c, 0x32, 0x52, 0xdd, 0x05, 0x5f, 0x75, 0xf8, 0x61, 0x15, 0x6d, 0xc7,
5378        0x19, 0xb3, 0x52, 0xb3, 0xa3, 0xba, 0x6c, 0x5c, 0xfe, 0xd2, 0xb9, 0x72, 0x71, 0xc5, 0xac, 0xd2,
5379        0x9e, 0x47, 0x37, 0x2c, 0x84, 0xf8, 0x17, 0x55, 0xb3, 0x35, 0x55, 0x5a, 0x35, 0xcb, 0x92, 0x35,
5380        0xee, 0xca, 0xca, 0xb2, 0xf1, 0xc9, 0x0a, 0xee, 0xc9, 0xfe, 0xec, 0x48, 0x02, 0x57, 0x24, 0xbe,
5381        0x99, 0xe1, 0x80, 0x60, 0x68, 0xf1, 0x92, 0xc3, 0x51, 0x2e, 0x33, 0x7f, 0xd0, 0x54, 0x8f, 0x19,
5382        0x6f, 0x24, 0xd7, 0xb4, 0xce, 0xd8, 0xa8, 0xec, 0xe3, 0xf1, 0xb3, 0x8e, 0x35, 0xcf, 0x97, 0x0d,
5383        0x29, 0x26, 0xdf, 0x6e, 0xc3, 0x33, 0x4f, 0x55, 0x52, 0x73, 0x65, 0x94, 0xf4, 0x88, 0xca, 0xa6,
5384        0xd7, 0x04, 0xc0, 0xf2, 0xad, 0x8e, 0x73, 0x27, 0xc6, 0xce, 0xb1, 0x72, 0x83, 0xfa, 0x4a, 0x92,
5385        0x4c, 0x8a, 0x58, 0x4c, 0xf6, 0xf8, 0xd2, 0xcb, 0x12, 0xda, 0xad, 0x73, 0x40, 0x50, 0xef, 0x07,
5386        0x59, 0x5d, 0x46, 0x39, 0xea, 0x40, 0x9d, 0x10, 0xed, 0x00, 0x09, 0xd0, 0x01, 0x02, 0x39, 0xc5,
5387        0x73, 0xf3, 0x34, 0xf9, 0x6b, 0x42, 0x5d, 0x00, 0x54, 0xc7, 0x53, 0x0f, 0x80, 0xfa, 0x2b, 0x27,
5388        0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
5389        0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3e, 0x83, 0xab, 0x3d, 0x75, 0xe1, 0xcd,
5390        0x50, 0x02, 0x49, 0xf2, 0x71, 0x7c, 0xfe, 0x66, 0x92, 0x10, 0xdb, 0x02, 0xd1, 0x8b, 0xd6, 0xa8,
5391        0xd2, 0x16, 0xfb, 0xa3, 0xdd, 0xc6, 0x74, 0xf8, 0x70, 0x48, 0xd9, 0x57, 0x9e, 0x81, 0x2a, 0x0c,
5392        0x2c, 0x56, 0xfd, 0x61, 0x96, 0xd0, 0x05, 0x84, 0xd0, 0xeb, 0x47, 0xe6, 0xcd, 0x70, 0xba, 0xab,
5393        0x1a, 0x37, 0xba, 0xed, 0x6a, 0x0a, 0xa0, 0x07, 0xb6, 0x57, 0xfd, 0xe3, 0xd5, 0x58, 0x4c, 0x2c,
5394        0xac, 0xa6, 0x1b, 0x2e, 0x32, 0xd9, 0x31, 0x45, 0x3c, 0x17, 0xa7, 0x6c, 0xda, 0xe3, 0xb6, 0xc1,
5395        0x8d, 0xd7, 0xc5, 0xda, 0x24, 0xbb, 0x49, 0x35, 0x60, 0xf2, 0x01, 0x8f, 0x95, 0xa7, 0xea, 0x2d,
5396        0xdc, 0x3f, 0x69, 0xe5, 0x36, 0x03, 0x2f, 0x7a, 0xdd, 0xeb, 0x82, 0x59, 0xdf, 0x9a, 0xd8, 0x21,
5397        0x38, 0x14, 0x56, 0x07, 0xa2, 0x45, 0x76, 0x11, 0xa0, 0x84, 0xdc, 0x2f, 0xee, 0x95, 0x35, 0x82,
5398        0x1b, 0xfa, 0xc4, 0xbc, 0xc4, 0x50, 0xa6, 0x0e, 0x4d, 0x1a, 0x5b, 0xd4, 0x71, 0xb3, 0x66, 0x9b,
5399        0x4e, 0x70, 0x90, 0x18, 0xa7, 0x21, 0xa6, 0x57, 0xfe, 0x88, 0x69, 0x05, 0x6c, 0x23, 0x30, 0x35,
5400        0x0f, 0xb9, 0x0f, 0x07, 0xe1, 0x78, 0xc3, 0xa3, 0x67, 0x80, 0x83, 0xb8, 0x3a, 0x74, 0x80, 0x1b,
5401        0xee, 0xc5, 0x2d, 0xa5, 0x79, 0xa8, 0xb3, 0x58, 0x03, 0x2a, 0x19, 0x42, 0x15, 0x0a, 0x97, 0x82,
5402        0xf8, 0x22, 0xb0, 0x89, 0xc3, 0x58, 0x8a, 0xa1, 0xc8, 0x16, 0x2d, 0x8e, 0x4d, 0x7f, 0xa4, 0x70,
5403        0xb7, 0x5b, 0x40, 0x8b, 0x81, 0xc1, 0x5a, 0x81, 0x56, 0xf8, 0x0e, 0x2c, 0x4c, 0x50, 0xc6, 0x5d,
5404        0x93, 0x6c, 0x7a, 0xde, 0x21, 0x31, 0xf6, 0x14, 0x4e, 0x44, 0xb5, 0xdc, 0xaf, 0x66, 0xb1, 0xab,
5405        0x1c, 0x3b, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5406    };
5407    word32 derSz = (word32)sizeof(der);
5408
5409    /* Should return a parse error for malformed input */
5410    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
5411    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
5412    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
5413    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
5414    wc_PKCS7_Free(pkcs7);
5415
5416#endif /* HAVE_PKCS7 && !NO_PKCS7_STREAM */
5417    return EXPECT_RESULT();
5418}
5419
5420/*
5421 * SignedData bundle truncated at the eContent [0] EXPLICIT tag in
5422 * encapContentInfo. Verifies that the parser rejects the malformed
5423 * input rather than dereferencing past the end of the buffer.
5424 */
5425int test_wc_PKCS7_VerifySignedData_TruncEContentTag(void)
5426{
5427    EXPECT_DECLS;
5428#if defined(HAVE_PKCS7)
5429    PKCS7* pkcs7 = NULL;
5430
5431    WOLFSSL_SMALL_STACK_STATIC byte der[] = {
5432        /* outer ContentInfo SEQUENCE (75 bytes content) */
5433        0x30, 0x4B,
5434        /* contentType OID 1.2.840.113549.1.7.2 (signedData) */
5435        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02,
5436        /* [0] EXPLICIT (62 bytes content) */
5437        0xA0, 0x3E,
5438        /* SignedData SEQUENCE (60 bytes content) */
5439        0x30, 0x3C,
5440        /* version INTEGER 1 */
5441        0x02, 0x01, 0x01,
5442        /* digestAlgorithms SET (empty - degenerate) */
5443        0x31, 0x00,
5444        /* encapContentInfo SEQUENCE (53 bytes content) */
5445        0x30, 0x35,
5446        /* eContentType OID with 50 bytes of arbitrary payload */
5447        0x06, 0x32,
5448        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x00,
5449        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5450        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5451        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5452        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5453        /* eContent [0] EXPLICIT - buffer ends here, no length, no content */
5454        0xA0
5455    };
5456    word32 derSz = (word32)sizeof(der);
5457
5458    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
5459    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
5460    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
5461    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
5462    wc_PKCS7_Free(pkcs7);
5463
5464#endif /* HAVE_PKCS7 */
5465    return EXPECT_RESULT();
5466}
5467
5468/*
5469 * SignedData bundle truncated at the certificates [0] IMPLICIT tag.
5470 * Verifies that the parser rejects the malformed input rather than
5471 * dereferencing past the end of the buffer.
5472 *
5473 * TODO: limited to NO_PKCS7_STREAM because the streaming parser's stage 3
5474 * early-exit check (pkcs7.c near line 6594) accepts any bundle
5475 * whose remaining footer is < 6 bytes as a successful degenerate end,
5476 * so the bounds check at line 6765 is unreachable in streaming mode.
5477 * Drop the NO_PKCS7_STREAM gate if/when the early-exit check becomes
5478 * more accurate.
5479 */
5480int test_wc_PKCS7_VerifySignedData_TruncCertSetTag(void)
5481{
5482    EXPECT_DECLS;
5483#if defined(HAVE_PKCS7) && defined(NO_PKCS7_STREAM)
5484    PKCS7* pkcs7 = NULL;
5485
5486    WOLFSSL_SMALL_STACK_STATIC byte der[] = {
5487        /* outer ContentInfo SEQUENCE (78 bytes content) */
5488        0x30, 0x4E,
5489        /* contentType OID signedData */
5490        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02,
5491        /* [0] EXPLICIT (65 bytes content) */
5492        0xA0, 0x41,
5493        /* SignedData SEQUENCE (63 bytes content) */
5494        0x30, 0x3F,
5495        /* version INTEGER 1 */
5496        0x02, 0x01, 0x01,
5497        /* digestAlgorithms SET (empty) */
5498        0x31, 0x00,
5499        /* encapContentInfo SEQUENCE (55 bytes content) */
5500        0x30, 0x37,
5501        /* eContentType OID 1.2.840.113549.1.7.1 (data) */
5502        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01,
5503        /* eContent [0] EXPLICIT (42 bytes content) */
5504        0xA0, 0x2A,
5505        /* OCTET STRING (40 bytes content) */
5506        0x04, 0x28,
5507        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5508        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5509        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5510        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5511        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5512        /* certificates [0] IMPLICIT - buffer ends here, no length */
5513        0xA0
5514    };
5515    word32 derSz = (word32)sizeof(der);
5516
5517    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
5518    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
5519    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
5520    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
5521    wc_PKCS7_Free(pkcs7);
5522
5523#endif /* HAVE_PKCS7 && NO_PKCS7_STREAM */
5524    return EXPECT_RESULT();
5525}
5526