Merge pull request #186 from padelsbach/wp_kmod_tests

ColtonWilley · web-flow · commit 65624f30ed73 · 2025-07-01T09:38:57.000-07:00
Add tests modeled after kmod usage
diff --git a/test/include.am b/test/include.am
@@ -25,6 +25,7 @@ test_unit_test_SOURCES = \
 	test/test_logging.c \
 	test/test_pbe.c \
 	test/test_pkey.c \
+	test/test_pkcs7_x509.c \
 	test/test_rand.c \
 	test/test_rsa.c \
 	test/test_tls1_prf.c \
diff --git a/test/test_pkcs7_x509.c b/test/test_pkcs7_x509.c
@@ -0,0 +1,283 @@
+/* test_pkcs7_x509.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfProvider.
+ *
+ * wolfProvider is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfProvider is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "unit.h"
+
+/* Test key generated with the following commands:
+ * openssl req -x509 -newkey rsa:2048 -outform der -out cert.der -days 365 -nodes -subj "/CN=Test User/O=Example Corp/C=US"
+ * xxd -i cert.der */
+
+static const unsigned char cert_der[] = {
+  0x30, 0x82, 0x03, 0x1f, 0x30, 0x82, 0x02, 0x07, 0xa0, 0x03, 0x02, 0x01,
+  0x02, 0x02, 0x14, 0x53, 0x95, 0x98, 0x04, 0xf5, 0x99, 0x2d, 0x64, 0x6b,
+  0xb9, 0x7e, 0xac, 0x3d, 0x80, 0x9d, 0xa4, 0xa4, 0x93, 0x59, 0x58, 0x30,
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+  0x05, 0x00, 0x30, 0x38, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
+  0x03, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x65, 0x72,
+  0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x45,
+  0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x31,
+  0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+  0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x30, 0x36, 0x32, 0x31, 0x30, 0x31,
+  0x31, 0x36, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x36, 0x32,
+  0x31, 0x30, 0x31, 0x31, 0x36, 0x34, 0x38, 0x5a, 0x30, 0x38, 0x31, 0x12,
+  0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x54, 0x65, 0x73,
+  0x74, 0x20, 0x55, 0x73, 0x65, 0x72, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
+  0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+  0x20, 0x43, 0x6f, 0x72, 0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+  0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+  0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
+  0x01, 0x01, 0x00, 0xce, 0xf0, 0x99, 0x44, 0x0a, 0xa9, 0xd2, 0x98, 0x07,
+  0xd5, 0xfb, 0x6b, 0x39, 0xe3, 0xf2, 0x2e, 0x14, 0x10, 0x1f, 0x95, 0x9c,
+  0xb8, 0x62, 0x52, 0x40, 0x6e, 0x69, 0x6e, 0x23, 0x8f, 0xb2, 0xcb, 0xfa,
+  0x74, 0xaf, 0xe3, 0xfd, 0x1a, 0x35, 0x86, 0x46, 0xb7, 0xc8, 0xf4, 0xf4,
+  0xec, 0x78, 0x38, 0x6b, 0xa4, 0x0b, 0xbb, 0x55, 0x61, 0x9e, 0xdc, 0xdb,
+  0x21, 0xdf, 0x30, 0x7d, 0x79, 0xfa, 0xba, 0xdd, 0x08, 0x5d, 0xd2, 0xed,
+  0xd0, 0x6e, 0xfb, 0x60, 0xfa, 0x32, 0x86, 0x4c, 0x87, 0xed, 0x7c, 0x39,
+  0xc5, 0x81, 0x3a, 0xad, 0xef, 0xd6, 0x8a, 0x16, 0x00, 0xd0, 0x0e, 0x8a,
+  0x61, 0x35, 0x6b, 0x90, 0x45, 0xa3, 0x62, 0x8a, 0xec, 0x4f, 0x95, 0xff,
+  0x91, 0x97, 0x43, 0x62, 0x5e, 0x79, 0x59, 0x1f, 0x13, 0x60, 0x98, 0x9d,
+  0x30, 0x23, 0x18, 0xd8, 0x06, 0xed, 0x9c, 0xbd, 0xb5, 0x3a, 0xac, 0xe5,
+  0x5a, 0x97, 0xdd, 0x29, 0x81, 0xde, 0x62, 0x88, 0x82, 0x1a, 0x00, 0x9c,
+  0xa4, 0x7d, 0x91, 0xe8, 0xe9, 0xd1, 0xae, 0x07, 0x94, 0xd3, 0x1d, 0x61,
+  0xfb, 0x87, 0xcc, 0xc7, 0x56, 0x9e, 0xac, 0xd5, 0x9d, 0x36, 0xeb, 0x2d,
+  0x62, 0x1f, 0xe0, 0xc8, 0x86, 0x79, 0xea, 0x21, 0x4d, 0xc9, 0xd2, 0xcb,
+  0xfb, 0x62, 0x2f, 0xc2, 0xc0, 0xa2, 0x3d, 0x2e, 0xad, 0xf2, 0xaf, 0xab,
+  0xac, 0x1e, 0x45, 0x39, 0x10, 0x55, 0x7b, 0x32, 0xf7, 0x95, 0x76, 0x11,
+  0xc7, 0xce, 0xc1, 0xba, 0x43, 0x39, 0x58, 0xc0, 0xc0, 0xb2, 0x9b, 0xd8,
+  0xec, 0x88, 0x3b, 0x48, 0x39, 0x82, 0xba, 0xcd, 0x92, 0x6f, 0x64, 0xcd,
+  0xd3, 0xbc, 0xff, 0x40, 0x0d, 0xef, 0xf5, 0x1e, 0xd7, 0x60, 0x4b, 0x23,
+  0x26, 0x86, 0x61, 0xfe, 0xd1, 0x85, 0x79, 0x00, 0x96, 0x84, 0x71, 0xba,
+  0xb2, 0x05, 0x8d, 0x0f, 0x75, 0x25, 0x0b, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0xa3, 0x21, 0x30, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
+  0x16, 0x04, 0x14, 0x78, 0x92, 0x53, 0x9c, 0x8b, 0x59, 0x13, 0x88, 0x7d,
+  0x5c, 0x8e, 0x12, 0x66, 0x4a, 0x9e, 0x07, 0x0b, 0x61, 0x77, 0xa1, 0x30,
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+  0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xba, 0xb6, 0x44, 0xf8, 0x72,
+  0xda, 0x34, 0x93, 0xf0, 0x61, 0x0d, 0x8d, 0xfa, 0x33, 0xd3, 0x08, 0x58,
+  0x1b, 0x87, 0xb5, 0xef, 0x7c, 0x46, 0x6e, 0x89, 0xfb, 0xa3, 0x05, 0x09,
+  0x96, 0x01, 0x4d, 0xc7, 0xe5, 0x9b, 0xee, 0xc9, 0x11, 0x3b, 0x51, 0x93,
+  0x16, 0x89, 0x8c, 0x09, 0xd2, 0xc4, 0x6c, 0xb2, 0xdc, 0xea, 0x3a, 0xee,
+  0x6c, 0x13, 0x7f, 0x0e, 0x2b, 0xde, 0xff, 0x88, 0xfa, 0xec, 0xc7, 0x69,
+  0xab, 0xd3, 0xbb, 0x80, 0x8e, 0x38, 0x73, 0x9b, 0xe1, 0x5a, 0x3b, 0xfc,
+  0xbd, 0xa5, 0x11, 0x76, 0x51, 0xb5, 0xb8, 0x45, 0x80, 0xa4, 0xf0, 0xd9,
+  0xcd, 0x55, 0xc9, 0x71, 0x9e, 0x00, 0x5e, 0x1f, 0xa6, 0x68, 0x62, 0x30,
+  0x2b, 0xbb, 0x76, 0x9e, 0x7b, 0x6d, 0x6e, 0x18, 0x0b, 0x62, 0x98, 0x58,
+  0x4a, 0x03, 0x9c, 0x10, 0x6d, 0x75, 0xe9, 0xc4, 0xad, 0x0f, 0x28, 0x56,
+  0xc6, 0xa4, 0xb1, 0x12, 0xd5, 0x20, 0x96, 0x14, 0xe5, 0xa0, 0x75, 0x45,
+  0x53, 0x50, 0x1f, 0x3c, 0x50, 0x17, 0x48, 0x0d, 0x3f, 0xde, 0x91, 0xa2,
+  0x0f, 0x68, 0xdf, 0x5b, 0x4c, 0x08, 0x09, 0xc3, 0x46, 0x78, 0x5a, 0xcd,
+  0x4d, 0xbb, 0xf2, 0x39, 0xf1, 0x08, 0x8f, 0xde, 0xf8, 0x84, 0xc6, 0xa5,
+  0x50, 0x5a, 0xa7, 0x0b, 0x53, 0x4d, 0x9b, 0xe7, 0xd8, 0x0c, 0x77, 0x2b,
+  0x26, 0xa6, 0x46, 0x86, 0xac, 0xfa, 0x68, 0x38, 0x6d, 0x4f, 0x7c, 0xb1,
+  0xba, 0x95, 0x1c, 0xf2, 0xb3, 0x57, 0xdb, 0x5c, 0x3d, 0xcc, 0x82, 0x55,
+  0xd1, 0xed, 0xf8, 0x25, 0x3e, 0x81, 0xbf, 0xe6, 0x1b, 0xf2, 0x3d, 0x58,
+  0x77, 0x7c, 0x0e, 0xf8, 0xfa, 0xd4, 0x1c, 0xff, 0xcb, 0xc4, 0x7f, 0x93,
+  0xff, 0x9a, 0x89, 0xe9, 0x35, 0x5d, 0xbc, 0x1e, 0x69, 0xc7, 0xca, 0x1c,
+  0xef, 0x75, 0x01, 0xed, 0x2c, 0x28, 0x7f, 0x2d, 0x57, 0x1b, 0x77
+};
+unsigned int cert_der_len = sizeof(cert_der); /* 803 */
+
+/*
+ * The following test case  adds tests which are modeled after the OSSL usage 
+ * by libkmod. https://github.com/kmod-project/kmod
+ * 
+ * The make check in kmod source code does not test crypto operations. 
+ * These tests don't add a lot of new coverage beyond what we already have.
+*/
+int test_pkcs7_x509_sign_verify(void* data) 
+{
+    (void)data; /* Unused parameter */
+    /* === Step 1: Generate keypair === */
+    EVP_PKEY *pkey = EVP_RSA_gen(2048);
+    if (!pkey) {
+        PRINT_MSG("Key generation failed");
+        return -1;
+    }
+
+    PRINT_MSG("Keypair generated successfully");
+
+    /* === Step 2: Create self-signed cert === */
+    X509 *cert = X509_new();
+    ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
+    X509_gmtime_adj(X509_get_notBefore(cert), 0);
+    X509_gmtime_adj(X509_get_notAfter(cert), 31536000L);
+    X509_set_pubkey(cert, pkey);
+
+    X509_NAME *name = X509_get_subject_name(cert);
+    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"Test Signer", -1, -1, 0);
+    X509_set_issuer_name(cert, name);
+    X509_sign(cert, pkey, EVP_sha256());
+
+    /* === Step 3: Create the data to be signed === */
+    const char *msg = "this is a signed message";
+    BIO *data_bio = BIO_new_mem_buf(msg, (int)strlen(msg));
+
+    /* === Step 4: Sign the message === */
+    PKCS7 *p7 = PKCS7_sign(cert, pkey, NULL, data_bio, PKCS7_BINARY | PKCS7_DETACHED);
+    if (!p7) {
+        PRINT_MSG("PKCS7_sign failed");
+        return -1;
+    }
+
+    /* === Step 5: Write and read back the DER (simulate disk round trip) === */
+    BIO *p7_mem = BIO_new(BIO_s_mem());
+    i2d_PKCS7_bio(p7_mem, p7);
+
+    char *p7_buf = NULL;
+    long p7_len = BIO_get_mem_data(p7_mem, &p7_buf);
+    BIO *p7_in = BIO_new_mem_buf(p7_buf, (int)p7_len);
+    PKCS7 *p7_read = d2i_PKCS7_bio(p7_in, NULL);
+
+    /* === Step 6: Set up trust store with our self-signed cert === */
+    X509_STORE *store = X509_STORE_new();
+    X509_STORE_add_cert(store, cert);
+
+    BIO *out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    (void)BIO_reset(data_bio); /* rewind input message */
+
+    int ok = PKCS7_verify(p7_read, NULL, store, data_bio, out, 0);
+    if (!ok) {
+        PRINT_MSG("PKCS7 verification failed");
+        return -1;
+    }
+
+    PRINT_MSG("PKCS7 verification succeeded");
+
+    /* === Step 7: Examine signer info === */
+    STACK_OF(PKCS7_SIGNER_INFO) *signers = PKCS7_get_signer_info(p7_read);
+    if (!signers || sk_PKCS7_SIGNER_INFO_num(signers) <= 0) {
+        PRINT_MSG("No signers found");
+        return -1;
+    }
+
+    for (int i = 0; i < sk_PKCS7_SIGNER_INFO_num(signers); i++) {
+        PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(signers, i);
+        EVP_PKEY *pkey_tmp;
+        X509_ALGOR *digest_alg, *sig_alg;
+
+        PKCS7_SIGNER_INFO_get0_algs(si, &pkey_tmp, &digest_alg, &sig_alg);
+
+        PRINT_MSG("Signer %d:", i);
+        PRINT_MSG("  Digest Algorithm: ");
+        i2a_ASN1_OBJECT(out, digest_alg->algorithm);
+        PRINT_MSG("  Signature Algorithm: ");
+        i2a_ASN1_OBJECT(out, sig_alg->algorithm);
+        PRINT_MSG("");
+    }
+
+    /* === Cleanup === */
+    EVP_PKEY_free(pkey);
+    X509_free(cert);
+    PKCS7_free(p7);
+    PKCS7_free(p7_read);
+    X509_STORE_free(store);
+    BIO_free(data_bio);
+    BIO_free(p7_mem);
+    BIO_free(p7_in);
+    BIO_free(out);
+
+    return 0; /* Success */
+}
+
+static int test_x509_name(X509_NAME *name) {
+    int count = X509_NAME_entry_count(name);
+    PRINT_MSG("X509_NAME has %d entries", count);
+    if (count < 0) {
+        PRINT_MSG("Error counting X509_NAME entries");
+        return -1;
+    }
+
+    for (int i = 0; i < count; i++) {
+        X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
+        if (!entry) continue;
+
+        ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
+        ASN1_STRING *data = X509_NAME_ENTRY_get_data(entry);
+
+        char obj_buf[80];
+        OBJ_obj2txt(obj_buf, sizeof(obj_buf), obj, 1);
+        PRINT_MSG("  OID: %s", obj_buf);
+
+        const unsigned char *data_ptr = ASN1_STRING_get0_data(data);
+        int data_len = ASN1_STRING_length(data);
+        PRINT_MSG("  Value: %.*s", data_len, data_ptr);
+    }
+
+    return 0;
+}
+
+static int test_x509_algor(X509 *cert) {
+    X509_ALGOR *alg = NULL;
+    X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);
+    if (!pubkey) {
+        PRINT_MSG("No public key found");
+        return -1;
+    }
+
+    PRINT_MSG("Public key algorithm:");
+
+    if (!X509_PUBKEY_get0_param(NULL, NULL, NULL, &alg, pubkey)) {
+        PRINT_MSG("Failed to get algorithm info");
+        return -1;
+    }
+
+    PRINT_MSG("Algorithm OID: %i", OBJ_obj2nid(alg->algorithm));
+
+    const ASN1_OBJECT *obj = NULL;
+    X509_ALGOR_get0(&obj, NULL, NULL, alg);
+
+    char alg_buf[80];
+    OBJ_obj2txt(alg_buf, sizeof(alg_buf), obj, 1);
+    PRINT_MSG("Public key algorithm OID: %s", alg_buf);
+
+    return 0; /* Success */
+}
+
+int test_x509_cert(void* data) {
+    (void)data; /* Unused parameter */
+    int err = 0;
+    const unsigned char *p = cert_der;
+    X509 *cert = d2i_X509(NULL, &p, cert_der_len);
+    if (!cert) {
+        PRINT_MSG("Failed to parse DER certificate");
+        err = -1;
+    }
+
+    if (err == 0) {
+        PRINT_MSG("Subject:");
+        X509_NAME *subject = X509_get_subject_name(cert);
+        err = test_x509_name(subject);
+        if (err) {
+            PRINT_MSG("Failed to test subject name");
+        }
+    }
+    
+    if (err == 0) {
+        PRINT_MSG("Testing algorithm info:");
+        err = test_x509_algor(cert);
+        if (err) {
+            PRINT_MSG("Failed to test algorithm info");
+        }
+    }
+
+    X509_free(cert);
+    return err;
+}
diff --git a/test/unit.c b/test/unit.c
@@ -300,6 +300,9 @@ TEST_CASE test_case[] = {
     TEST_DECL(test_ecx_misc, NULL),
     TEST_DECL(test_ecx_null_init, NULL),
 #endif
+
+    TEST_DECL(test_pkcs7_x509_sign_verify, NULL),
+    TEST_DECL(test_x509_cert, NULL),
 };
 #define TEST_CASE_CNT   (int)(sizeof(test_case) / sizeof(*test_case))
 
diff --git a/test/unit.h b/test/unit.h
@@ -402,4 +402,7 @@ int test_ecx_misc(void *data);
 int test_ecx_null_init(void *data);
 #endif
 
+int test_pkcs7_x509_sign_verify(void *data);
+int test_x509_cert(void *data);
+
 #endif /* UNIT_H */
