TianoCore EDK2 master
Loading...
Searching...
No Matches
Pkcs7EkuTests.c
1
46#include "TestBaseCryptLib.h"
47
48#include "Pkcs7EkuTestSignatures.h"
49
50EFI_STATUS
51EFIAPI
52VerifyEKUsInPkcs7Signature (
53 IN CONST UINT8 *Pkcs7Signature,
54 IN CONST UINT32 SignatureSize,
55 IN CONST CHAR8 *RequiredEKUs[],
56 IN CONST UINT32 RequiredEKUsSize,
57 IN BOOLEAN RequireAllPresent
58 );
59
67
68CONST CHAR8 FIRMWARE_SIGNER_EKU[] = "1.3.6.1.4.1.311.76.9.21.1";
69
83static
84UNIT_TEST_STATUS
85EFIAPI
86TestVerifyEKUsInSignature (
87 IN UNIT_TEST_CONTEXT Context
88 )
89{
90 EFI_STATUS Status = EFI_SUCCESS;
91
92 CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
93
94 Status = VerifyEKUsInPkcs7Signature (
95 ProductionECCSignature,
96 ARRAY_SIZE (ProductionECCSignature),
97 (CONST CHAR8 **)RequiredEKUs,
98 ARRAY_SIZE (RequiredEKUs),
99 TRUE
100 );
101 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
102
103 return UNIT_TEST_PASSED;
104}// TestVerifyEKUsInSignature()
105
119static
120UNIT_TEST_STATUS
121EFIAPI
122TestVerifyEKUsWith3CertsInSignature (
123 IN UNIT_TEST_CONTEXT Context
124 )
125{
126 EFI_STATUS Status = EFI_SUCCESS;
127
128 CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
129
130 Status = VerifyEKUsInPkcs7Signature (
131 TestSignEKUsWith3CertsInSignature,
132 ARRAY_SIZE (TestSignEKUsWith3CertsInSignature),
133 (CONST CHAR8 **)RequiredEKUs,
134 ARRAY_SIZE (RequiredEKUs),
135 TRUE
136 );
137 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
138
139 return UNIT_TEST_PASSED;
140}// TestVerifyEKUsWith3CertsInSignature()
141
154static
155UNIT_TEST_STATUS
156EFIAPI
157TestVerifyEKUsWith2CertsInSignature (
158 IN UNIT_TEST_CONTEXT Context
159 )
160{
161 EFI_STATUS Status = EFI_SUCCESS;
162
163 CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
164
165 Status = VerifyEKUsInPkcs7Signature (
166 TestSignEKUsWith2CertsInSignature,
167 ARRAY_SIZE (TestSignEKUsWith2CertsInSignature),
168 (CONST CHAR8 **)RequiredEKUs,
169 ARRAY_SIZE (RequiredEKUs),
170 TRUE
171 );
172 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
173
174 return UNIT_TEST_PASSED;
175}// TestVerifyEKUsWith2CertsInSignature()
176
189static
190UNIT_TEST_STATUS
191EFIAPI
192TestVerifyEKUsWith1CertInSignature (
193 IN UNIT_TEST_CONTEXT Context
194 )
195{
196 EFI_STATUS Status = EFI_SUCCESS;
197
198 CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
199
200 Status = VerifyEKUsInPkcs7Signature (
201 TestSignEKUsWith1CertInSignature,
202 ARRAY_SIZE (TestSignEKUsWith1CertInSignature),
203 (CONST CHAR8 **)RequiredEKUs,
204 ARRAY_SIZE (RequiredEKUs),
205 TRUE
206 );
207 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
208
209 return UNIT_TEST_PASSED;
210}// TestVerifyEKUsWith1CertInSignature()
211
227static
228UNIT_TEST_STATUS
229EFIAPI
230TestVerifyEKUsWithMultipleEKUsInCert (
231 IN UNIT_TEST_CONTEXT Context
232 )
233{
234 EFI_STATUS Status = EFI_SUCCESS;
235
236 CONST CHAR8 *RequiredEKUs[] = {
237 "1.3.6.1.4.1.311.76.9.21.1",
238 "1.3.6.1.4.1.311.76.9.21.1.2"
239 };
240
241 Status = VerifyEKUsInPkcs7Signature (
242 TestSignedWithMultipleEKUsInCert,
243 ARRAY_SIZE (TestSignedWithMultipleEKUsInCert),
244 (CONST CHAR8 **)RequiredEKUs,
245 ARRAY_SIZE (RequiredEKUs),
246 TRUE
247 );
248 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
249
250 return UNIT_TEST_PASSED;
251}// TestVerifyEKUsWithMultipleEKUsInCert()
252
265static
266UNIT_TEST_STATUS
267EFIAPI
268TestEkusNotPresentInSignature (
269 IN UNIT_TEST_CONTEXT Context
270 )
271{
272 EFI_STATUS Status = EFI_SUCCESS;
273
274 //
275 // This EKU is not in the signature.
276 //
277 CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.3" };
278
279 Status = VerifyEKUsInPkcs7Signature (
280 TestSignedWithMultipleEKUsInCert,
281 ARRAY_SIZE (TestSignedWithMultipleEKUsInCert),
282 (CONST CHAR8 **)RequiredEKUs,
283 ARRAY_SIZE (RequiredEKUs),
284 TRUE
285 );
286 UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
287
288 return UNIT_TEST_PASSED;
289}// TestEkusNotPresentInSignature()
290
304static
305UNIT_TEST_STATUS
306EFIAPI
307TestProductId10001PresentInSignature (
308 IN UNIT_TEST_CONTEXT Context
309 )
310{
311 EFI_STATUS Status = EFI_SUCCESS;
312
313 //
314 // These EKU's are present in the leaf signer certificate.
315 //
316 CONST CHAR8 *RequiredEKUs[] = {
317 "1.3.6.1.4.1.311.76.9.21.1",
318 "1.3.6.1.4.1.311.76.9.21.1.10001"
319 };
320
321 Status = VerifyEKUsInPkcs7Signature (
322 TestSignedWithProductId10001,
323 ARRAY_SIZE (TestSignedWithProductId10001),
324 (CONST CHAR8 **)RequiredEKUs,
325 ARRAY_SIZE (RequiredEKUs),
326 TRUE
327 );
328 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
329
330 return UNIT_TEST_PASSED;
331}// TestProductId10001PresentInSignature()
332
351static
352UNIT_TEST_STATUS
353EFIAPI
354TestOnlyOneEkuInListRequired (
355 IN UNIT_TEST_CONTEXT Context
356 )
357{
358 EFI_STATUS Status = EFI_SUCCESS;
359
360 //
361 // This will test the flag that specifies it is OK to succeed if
362 // any one of the EKU's passed in is found.
363 //
364 CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1.10001" };
365
366 Status = VerifyEKUsInPkcs7Signature (
367 TestSignedWithProductId10001,
368 ARRAY_SIZE (TestSignedWithProductId10001),
369 (CONST CHAR8 **)RequiredEKUs,
370 ARRAY_SIZE (RequiredEKUs),
371 FALSE
372 );
373 UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
374
375 return UNIT_TEST_PASSED;
376}// TestOnlyOneEkuInListRequired()
377
391static
392UNIT_TEST_STATUS
393EFIAPI
394TestNoEKUsInSignature (
395 IN UNIT_TEST_CONTEXT Context
396 )
397{
398 EFI_STATUS Status = EFI_SUCCESS;
399
400 //
401 // This EKU is not in the certificate, so it should fail.
402 //
403 CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1" };
404
405 Status = VerifyEKUsInPkcs7Signature (
406 TestSignatureWithNoEKUsPresent,
407 ARRAY_SIZE (TestSignatureWithNoEKUsPresent),
408 (CONST CHAR8 **)RequiredEKUs,
409 ARRAY_SIZE (RequiredEKUs),
410 TRUE
411 );
412 UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
413
414 return UNIT_TEST_PASSED;
415}// TestNoEKUsInSignature()
416
428static
429UNIT_TEST_STATUS
430EFIAPI
431TestInvalidParameters (
432 IN UNIT_TEST_CONTEXT Context
433 )
434{
435 EFI_STATUS Status = EFI_SUCCESS;
436
437 CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1" };
438
439 //
440 // Check bad signature.
441 //
442 Status = VerifyEKUsInPkcs7Signature (
443 NULL,
444 0,
445 (CONST CHAR8 **)RequiredEKUs,
446 ARRAY_SIZE (RequiredEKUs),
447 TRUE
448 );
449 UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
450
451 //
452 // Check invalid EKU's
453 //
454 Status = VerifyEKUsInPkcs7Signature (
455 TestSignatureWithNoEKUsPresent,
456 ARRAY_SIZE (TestSignatureWithNoEKUsPresent),
457 (CONST CHAR8 **)NULL,
458 0,
459 TRUE
460 );
461 UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
462
463 return UNIT_TEST_PASSED;
464}// TestInvalidParameters()
465
478static
479UNIT_TEST_STATUS
480EFIAPI
481TestEKUSubsetSupersetFails (
482 IN UNIT_TEST_CONTEXT Context
483 )
484{
485 EFI_STATUS Status = EFI_SUCCESS;
486
487 //
488 // This signature has an EKU of:
489 // "1.3.6.1.4.1.311.76.9.21.1.10001"
490 // so ensure that
491 // "1.3.6.1.4.1.311.76.9.21"
492 // does not pass.
493 //
494 CONST CHAR8 *RequiredEKUs1[] = { "1.3.6.1.4.1.311.76.9.21" };
495
496 Status = VerifyEKUsInPkcs7Signature (
497 TestSignedWithProductId10001,
498 ARRAY_SIZE (TestSignedWithProductId10001),
499 (CONST CHAR8 **)RequiredEKUs1,
500 ARRAY_SIZE (RequiredEKUs1),
501 TRUE
502 );
503 UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
504
505 //
506 // This signature has an EKU of:
507 // "1.3.6.1.4.1.311.76.9.21.1.10001"
508 // so ensure that a super set
509 // "1.3.6.1.4.1.311.76.9.21.1.10001.1"
510 // does not pass.
511 //
512 CONST CHAR8 *RequiredEKUs2[] = { "1.3.6.1.4.1.311.76.9.21.1.10001.1" };
513
514 Status = VerifyEKUsInPkcs7Signature (
515 TestSignedWithProductId10001,
516 ARRAY_SIZE (TestSignedWithProductId10001),
517 (CONST CHAR8 **)RequiredEKUs2,
518 ARRAY_SIZE (RequiredEKUs2),
519 TRUE
520 );
521 UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
522
523 return UNIT_TEST_PASSED;
524}// TestEKUSubsetSupersetFails()
525
526TEST_DESC mPkcs7EkuTest[] = {
527 //
528 // -----Description--------------------------------Class----------------------------Function------------------------------Pre---Post--Context
529 //
530 { "TestVerifyEKUsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsInSignature, NULL, NULL, NULL },
531 { "TestVerifyEKUsWith3CertsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith3CertsInSignature, NULL, NULL, NULL },
532 { "TestVerifyEKUsWith2CertsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith2CertsInSignature, NULL, NULL, NULL },
533 { "TestVerifyEKUsWith1CertInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith1CertInSignature, NULL, NULL, NULL },
534 { "TestVerifyEKUsWithMultipleEKUsInCert()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWithMultipleEKUsInCert, NULL, NULL, NULL },
535 { "TestEkusNotPresentInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestEkusNotPresentInSignature, NULL, NULL, NULL },
536 { "TestProductId10001PresentInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestProductId10001PresentInSignature, NULL, NULL, NULL },
537 { "TestOnlyOneEkuInListRequired()", "CryptoPkg.BaseCryptLib.Eku", TestOnlyOneEkuInListRequired, NULL, NULL, NULL },
538 { "TestNoEKUsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestNoEKUsInSignature, NULL, NULL, NULL },
539 { "TestInvalidParameters()", "CryptoPkg.BaseCryptLib.Eku", TestInvalidParameters, NULL, NULL, NULL },
540 { "TestEKUSubsetSupersetFails()", "CryptoPkg.BaseCryptLib.Eku", TestEKUSubsetSupersetFails, NULL, NULL, NULL },
541};
542
543UINTN mPkcs7EkuTestNum = ARRAY_SIZE (mPkcs7EkuTest);
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
VerifyEKUsInPkcs7Signature
RETURN_STATUS EFIAPI VerifyEKUsInPkcs7Signature(IN CONST UINT8 *Pkcs7Signature, IN CONST UINT32 SignatureSize, IN CONST CHAR8 *RequiredEKUs[], IN CONST UINT32 RequiredEKUsSize, IN BOOLEAN RequireAllPresent)
Definition: CryptPkcs7VerifyEku.c:367
NULL
#define NULL
Definition: Base.h:319
CONST
#define CONST
Definition: Base.h:259
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
ARRAY_SIZE
#define ARRAY_SIZE(Array)
Definition: Base.h:1393
IN
#define IN
Definition: Base.h:279
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
UT_ASSERT_NOT_EQUAL
#define UT_ASSERT_NOT_EQUAL(ValueA, ValueB)
Definition: UnitTestLib.h:402
UNIT_TEST_CONTEXT
VOID * UNIT_TEST_CONTEXT
Definition: UnitTestLib.h:54
UT_ASSERT_STATUS_EQUAL
#define UT_ASSERT_STATUS_EQUAL(Status, Expected)
Definition: UnitTestLib.h:427
UNIT_TEST_STATUS
UINT32 UNIT_TEST_STATUS
Definition: UnitTestLib.h:16
TEST_DESC
Definition: TestBaseCryptLib.h:29