]>
Commit | Line | Data |
---|---|---|
694bfd6f MC |
1 | /** @file -- Pkcs7EkuVerify.c\r |
2 | * Copyright (c) Microsoft Corporation.\r | |
3 | * SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
4 | \r | |
5 | This is an test code which verifies specified\r | |
6 | Enhanced Key Usages (EKU)'s are present in the leaf signer\r | |
7 | of a PKCS7 formatted signature.\r | |
8 | \r | |
9 | \r | |
10 | A typical signing certificate chain looks like this: (Could be RSA or ECC).\r | |
11 | \r | |
12 | ------------------------------------------\r | |
13 | | | // Root of trust. ECDSA P521 curve\r | |
14 | | TestEKUParsingRoot | // SHA 256 Key Usage: CERT_DIGITAL_SIGNATURE_KEY_USAGE\r | |
15 | | | // CERT_KEY_CERT_SIGN_KEY_USAGE | CERT_CRL_SIGN_KEY_USAGE\r | |
16 | ------------------------------------------\r | |
17 | ^\r | |
18 | |\r | |
19 | ------------------------------------------\r | |
20 | | | // Policy CA. Issues subordinate CAs. ECC P384 curve.\r | |
21 | | TestEKUParsingPolicyCA | // SHA 256 Key Usage:\r | |
22 | | | // CERT_KEY_CERT_SIGN_KEY_USAGE | CERT_CRL_SIGN_KEY_USAGE\r | |
23 | ------------------------------------------\r | |
24 | ^\r | |
25 | |\r | |
26 | ------------------------------------------\r | |
27 | | | // Issues end-entity (leaf) signers. ECC P256 curve.\r | |
28 | | TestEKUParsingIssuingCA | // SHA 256 Key Usage: CERT_DIGITAL_SIGNATURE_KEY_USAGE\r | |
29 | | | // Enhanced Key Usage:\r | |
30 | ------------------------------------------ // 1.3.6.1.4.1.311.76.9.21.1 (Surface firmware signing)\r | |
31 | ^\r | |
32 | |\r | |
33 | --------------------------------------\r | |
34 | / TestEKUParsingLeafSigner && / // Leaf signer, ECC P256 curve.\r | |
35 | / TestEKUParsingLeafSignerPid12345 / // SHA 256 Key Usage: CERT_DIGITAL_SIGNATURE_KEY_USAGE\r | |
36 | / / // Enhanced Key usages:\r | |
37 | -------------------------------------- // 1.3.6.1.4.1.311.76.9.21.1 (Surface firmware signing)\r | |
38 | // 1.3.6.1.4.1.311.76.9.21.1.N, N == Product ID.\r | |
39 | \r | |
40 | \r | |
41 | \r | |
42 | \r | |
43 | \r | |
44 | **/\r | |
45 | \r | |
46 | #include "TestBaseCryptLib.h"\r | |
47 | \r | |
48 | #include "Pkcs7EkuTestSignatures.h"\r | |
49 | \r | |
50 | EFI_STATUS\r | |
51 | EFIAPI\r | |
52 | VerifyEKUsInPkcs7Signature (\r | |
7c342378 | 53 | IN CONST UINT8 *Pkcs7Signature,\r |
694bfd6f | 54 | IN CONST UINT32 SignatureSize,\r |
7c342378 | 55 | IN CONST CHAR8 *RequiredEKUs[],\r |
694bfd6f MC |
56 | IN CONST UINT32 RequiredEKUsSize,\r |
57 | IN BOOLEAN RequireAllPresent\r | |
58 | );\r | |
59 | \r | |
7c342378 MK |
60 | /// ================================================================================================\r |
61 | /// ================================================================================================\r | |
694bfd6f MC |
62 | ///\r |
63 | /// TEST CASES\r | |
64 | ///\r | |
7c342378 MK |
65 | /// ================================================================================================\r |
66 | /// ================================================================================================\r | |
694bfd6f | 67 | \r |
7c342378 | 68 | CONST CHAR8 FIRMWARE_SIGNER_EKU[] = "1.3.6.1.4.1.311.76.9.21.1";\r |
694bfd6f MC |
69 | \r |
70 | /**\r | |
71 | TestVerifyEKUsInSignature()\r | |
72 | \r | |
73 | Verify that "1.3.6.1.4.1.311.76.9.21.1" (Firmware signature) is in the\r | |
74 | leaf signer certificate.\r | |
75 | \r | |
76 | \r | |
77 | @param[in] Framework - Unit-test framework handle.\r | |
78 | @param[in] Context - Optional context pointer for this test.\r | |
79 | \r | |
80 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
81 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
82 | **/\r | |
83 | static\r | |
84 | UNIT_TEST_STATUS\r | |
85 | EFIAPI\r | |
86 | TestVerifyEKUsInSignature (\r | |
7c342378 | 87 | IN UNIT_TEST_CONTEXT Context\r |
694bfd6f MC |
88 | )\r |
89 | {\r | |
7c342378 | 90 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f | 91 | \r |
7c342378 | 92 | CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };\r |
694bfd6f | 93 | \r |
7c342378 MK |
94 | Status = VerifyEKUsInPkcs7Signature (\r |
95 | ProductionECCSignature,\r | |
96 | ARRAY_SIZE (ProductionECCSignature),\r | |
97 | (CONST CHAR8 **)RequiredEKUs,\r | |
98 | ARRAY_SIZE (RequiredEKUs),\r | |
99 | TRUE\r | |
100 | );\r | |
694bfd6f MC |
101 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
102 | \r | |
103 | return UNIT_TEST_PASSED;\r | |
104 | }// TestVerifyEKUsInSignature()\r | |
105 | \r | |
694bfd6f MC |
106 | /**\r |
107 | TestVerifyEKUsWith3CertsInSignature()\r | |
108 | \r | |
109 | This PKCS7 signature has 3 certificates in it. (Policy CA, Issuing CA\r | |
110 | and leaf signer). It has one firmware signing EKU in it.\r | |
111 | "1.3.6.1.4.1.311.76.9.21.1"\r | |
112 | \r | |
113 | @param[in] Framework - Unit-test framework handle.\r | |
114 | @param[in] Context - Optional context pointer for this test.\r | |
115 | \r | |
116 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
117 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
118 | **/\r | |
119 | static\r | |
120 | UNIT_TEST_STATUS\r | |
121 | EFIAPI\r | |
122 | TestVerifyEKUsWith3CertsInSignature (\r | |
7c342378 | 123 | IN UNIT_TEST_CONTEXT Context\r |
694bfd6f MC |
124 | )\r |
125 | {\r | |
7c342378 | 126 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f | 127 | \r |
7c342378 | 128 | CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };\r |
694bfd6f | 129 | \r |
7c342378 MK |
130 | Status = VerifyEKUsInPkcs7Signature (\r |
131 | TestSignEKUsWith3CertsInSignature,\r | |
132 | ARRAY_SIZE (TestSignEKUsWith3CertsInSignature),\r | |
133 | (CONST CHAR8 **)RequiredEKUs,\r | |
134 | ARRAY_SIZE (RequiredEKUs),\r | |
135 | TRUE\r | |
136 | );\r | |
694bfd6f MC |
137 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
138 | \r | |
139 | return UNIT_TEST_PASSED;\r | |
140 | }// TestVerifyEKUsWith3CertsInSignature()\r | |
141 | \r | |
142 | /**\r | |
143 | TestVerifyEKUsWith2CertsInSignature()\r | |
144 | \r | |
145 | This PKCS7 signature has 2 certificates in it. (Issuing CA and leaf signer).\r | |
146 | It has one firmware signing EKU in it. "1.3.6.1.4.1.311.76.9.21.1"\r | |
147 | \r | |
148 | @param[in] Framework - Unit-test framework handle.\r | |
149 | @param[in] Context - Optional context pointer for this test.\r | |
150 | \r | |
151 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
152 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
153 | **/\r | |
154 | static\r | |
155 | UNIT_TEST_STATUS\r | |
156 | EFIAPI\r | |
157 | TestVerifyEKUsWith2CertsInSignature (\r | |
7c342378 | 158 | IN UNIT_TEST_CONTEXT Context\r |
694bfd6f MC |
159 | )\r |
160 | {\r | |
7c342378 | 161 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f | 162 | \r |
7c342378 | 163 | CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };\r |
694bfd6f | 164 | \r |
7c342378 MK |
165 | Status = VerifyEKUsInPkcs7Signature (\r |
166 | TestSignEKUsWith2CertsInSignature,\r | |
167 | ARRAY_SIZE (TestSignEKUsWith2CertsInSignature),\r | |
168 | (CONST CHAR8 **)RequiredEKUs,\r | |
169 | ARRAY_SIZE (RequiredEKUs),\r | |
170 | TRUE\r | |
171 | );\r | |
694bfd6f MC |
172 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
173 | \r | |
174 | return UNIT_TEST_PASSED;\r | |
175 | }// TestVerifyEKUsWith2CertsInSignature()\r | |
176 | \r | |
694bfd6f MC |
177 | /**\r |
178 | TestVerifyEKUsWith1CertInSignature()\r | |
179 | \r | |
180 | This PKCS7 signature only has the leaf signer in it.\r | |
181 | It has one firmware signing EKU in it. "1.3.6.1.4.1.311.76.9.21.1"\r | |
182 | \r | |
183 | @param[in] Framework - Unit-test framework handle.\r | |
184 | @param[in] Context - Optional context pointer for this test.\r | |
185 | \r | |
186 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
187 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
188 | **/\r | |
189 | static\r | |
190 | UNIT_TEST_STATUS\r | |
191 | EFIAPI\r | |
192 | TestVerifyEKUsWith1CertInSignature (\r | |
7c342378 | 193 | IN UNIT_TEST_CONTEXT Context\r |
694bfd6f MC |
194 | )\r |
195 | {\r | |
7c342378 | 196 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f | 197 | \r |
7c342378 | 198 | CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };\r |
694bfd6f | 199 | \r |
7c342378 MK |
200 | Status = VerifyEKUsInPkcs7Signature (\r |
201 | TestSignEKUsWith1CertInSignature,\r | |
202 | ARRAY_SIZE (TestSignEKUsWith1CertInSignature),\r | |
203 | (CONST CHAR8 **)RequiredEKUs,\r | |
204 | ARRAY_SIZE (RequiredEKUs),\r | |
205 | TRUE\r | |
206 | );\r | |
694bfd6f MC |
207 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
208 | \r | |
209 | return UNIT_TEST_PASSED;\r | |
210 | }// TestVerifyEKUsWith1CertInSignature()\r | |
211 | \r | |
694bfd6f MC |
212 | /**\r |
213 | TestVerifyEKUsWithMultipleEKUsInCert()\r | |
214 | \r | |
215 | \r | |
216 | This signature has two EKU's in it:\r | |
217 | "1.3.6.1.4.1.311.76.9.21.1"\r | |
218 | "1.3.6.1.4.1.311.76.9.21.2"\r | |
219 | We verify that both EKU's were present in the leaf signer.\r | |
220 | \r | |
221 | @param[in] Framework - Unit-test framework handle.\r | |
222 | @param[in] Context - Optional context pointer for this test.\r | |
223 | \r | |
224 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
225 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
226 | **/\r | |
227 | static\r | |
228 | UNIT_TEST_STATUS\r | |
229 | EFIAPI\r | |
230 | TestVerifyEKUsWithMultipleEKUsInCert (\r | |
7c342378 | 231 | IN UNIT_TEST_CONTEXT Context\r |
694bfd6f MC |
232 | )\r |
233 | {\r | |
7c342378 MK |
234 | EFI_STATUS Status = EFI_SUCCESS;\r |
235 | \r | |
236 | CONST CHAR8 *RequiredEKUs[] = {\r | |
237 | "1.3.6.1.4.1.311.76.9.21.1",\r | |
238 | "1.3.6.1.4.1.311.76.9.21.1.2"\r | |
239 | };\r | |
240 | \r | |
241 | Status = VerifyEKUsInPkcs7Signature (\r | |
242 | TestSignedWithMultipleEKUsInCert,\r | |
243 | ARRAY_SIZE (TestSignedWithMultipleEKUsInCert),\r | |
244 | (CONST CHAR8 **)RequiredEKUs,\r | |
245 | ARRAY_SIZE (RequiredEKUs),\r | |
246 | TRUE\r | |
247 | );\r | |
694bfd6f MC |
248 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
249 | \r | |
250 | return UNIT_TEST_PASSED;\r | |
251 | }// TestVerifyEKUsWithMultipleEKUsInCert()\r | |
252 | \r | |
694bfd6f MC |
253 | /**\r |
254 | TestEkusNotPresentInSignature()\r | |
255 | \r | |
256 | This test verifies that if we send an EKU that is not in the signature,\r | |
257 | that we get back an error.\r | |
258 | \r | |
259 | @param[in] Framework - Unit-test framework handle.\r | |
260 | @param[in] Context - Optional context pointer for this test.\r | |
261 | \r | |
262 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
263 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
264 | **/\r | |
265 | static\r | |
266 | UNIT_TEST_STATUS\r | |
267 | EFIAPI\r | |
268 | TestEkusNotPresentInSignature (\r | |
7c342378 | 269 | IN UNIT_TEST_CONTEXT Context\r |
694bfd6f MC |
270 | )\r |
271 | {\r | |
7c342378 | 272 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f MC |
273 | \r |
274 | //\r | |
275 | // This EKU is not in the signature.\r | |
276 | //\r | |
7c342378 MK |
277 | CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.3" };\r |
278 | \r | |
279 | Status = VerifyEKUsInPkcs7Signature (\r | |
280 | TestSignedWithMultipleEKUsInCert,\r | |
281 | ARRAY_SIZE (TestSignedWithMultipleEKUsInCert),\r | |
282 | (CONST CHAR8 **)RequiredEKUs,\r | |
283 | ARRAY_SIZE (RequiredEKUs),\r | |
284 | TRUE\r | |
285 | );\r | |
694bfd6f MC |
286 | UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);\r |
287 | \r | |
288 | return UNIT_TEST_PASSED;\r | |
289 | }// TestEkusNotPresentInSignature()\r | |
290 | \r | |
291 | /**\r | |
292 | TestEkusNotPresentInSignature()\r | |
293 | \r | |
294 | This test signature has two EKU's in it: (Product ID is 10001)\r | |
295 | "1.3.6.1.4.1.311.76.9.21.1"\r | |
296 | "1.3.6.1.4.1.311.76.9.21.1.10001"\r | |
297 | \r | |
298 | @param[in] Framework - Unit-test framework handle.\r | |
299 | @param[in] Context - Optional context pointer for this test.\r | |
300 | \r | |
301 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
302 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
303 | **/\r | |
694bfd6f MC |
304 | static\r |
305 | UNIT_TEST_STATUS\r | |
306 | EFIAPI\r | |
7c342378 MK |
307 | TestProductId10001PresentInSignature (\r |
308 | IN UNIT_TEST_CONTEXT Context\r | |
309 | )\r | |
694bfd6f | 310 | {\r |
7c342378 | 311 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f MC |
312 | \r |
313 | //\r | |
314 | // These EKU's are present in the leaf signer certificate.\r | |
315 | //\r | |
7c342378 MK |
316 | CONST CHAR8 *RequiredEKUs[] = {\r |
317 | "1.3.6.1.4.1.311.76.9.21.1",\r | |
318 | "1.3.6.1.4.1.311.76.9.21.1.10001"\r | |
319 | };\r | |
320 | \r | |
321 | Status = VerifyEKUsInPkcs7Signature (\r | |
322 | TestSignedWithProductId10001,\r | |
323 | ARRAY_SIZE (TestSignedWithProductId10001),\r | |
324 | (CONST CHAR8 **)RequiredEKUs,\r | |
325 | ARRAY_SIZE (RequiredEKUs),\r | |
326 | TRUE\r | |
327 | );\r | |
694bfd6f MC |
328 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
329 | \r | |
330 | return UNIT_TEST_PASSED;\r | |
331 | }// TestProductId10001PresentInSignature()\r | |
332 | \r | |
694bfd6f MC |
333 | /**\r |
334 | TestOnlyOneEkuInListRequired()\r | |
335 | \r | |
336 | This test will check the BOOLEAN RequireAllPresent parameter in the\r | |
337 | call to VerifyEKUsInPkcs7Signature() behaves properly. The signature\r | |
338 | has two EKU's in it:\r | |
339 | \r | |
340 | "1.3.6.1.4.1.311.76.9.21.1"\r | |
341 | "1.3.6.1.4.1.311.76.9.21.1.10001"\r | |
342 | \r | |
343 | but we only pass in one of them, and set RequireAllPresent to FALSE.\r | |
344 | \r | |
345 | @param[in] Framework - Unit-test framework handle.\r | |
346 | @param[in] Context - Optional context pointer for this test.\r | |
347 | \r | |
348 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
349 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
350 | **/\r | |
694bfd6f MC |
351 | static\r |
352 | UNIT_TEST_STATUS\r | |
353 | EFIAPI\r | |
7c342378 MK |
354 | TestOnlyOneEkuInListRequired (\r |
355 | IN UNIT_TEST_CONTEXT Context\r | |
356 | )\r | |
694bfd6f | 357 | {\r |
7c342378 | 358 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f MC |
359 | \r |
360 | //\r | |
361 | // This will test the flag that specifies it is OK to succeed if\r | |
362 | // any one of the EKU's passed in is found.\r | |
363 | //\r | |
7c342378 MK |
364 | CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1.10001" };\r |
365 | \r | |
366 | Status = VerifyEKUsInPkcs7Signature (\r | |
367 | TestSignedWithProductId10001,\r | |
368 | ARRAY_SIZE (TestSignedWithProductId10001),\r | |
369 | (CONST CHAR8 **)RequiredEKUs,\r | |
370 | ARRAY_SIZE (RequiredEKUs),\r | |
371 | FALSE\r | |
372 | );\r | |
694bfd6f MC |
373 | UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);\r |
374 | \r | |
375 | return UNIT_TEST_PASSED;\r | |
376 | }// TestOnlyOneEkuInListRequired()\r | |
377 | \r | |
378 | /**\r | |
379 | TestNoEKUsInSignature()\r | |
380 | \r | |
381 | This test uses a signature that was signed with a certificate that does\r | |
382 | not contain any EKUs.\r | |
383 | \r | |
384 | \r | |
385 | @param[in] Framework - Unit-test framework handle.\r | |
386 | @param[in] Context - Optional context pointer for this test.\r | |
387 | \r | |
388 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
389 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
390 | **/\r | |
694bfd6f MC |
391 | static\r |
392 | UNIT_TEST_STATUS\r | |
393 | EFIAPI\r | |
7c342378 MK |
394 | TestNoEKUsInSignature (\r |
395 | IN UNIT_TEST_CONTEXT Context\r | |
396 | )\r | |
694bfd6f | 397 | {\r |
7c342378 | 398 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f MC |
399 | \r |
400 | //\r | |
401 | // This EKU is not in the certificate, so it should fail.\r | |
402 | //\r | |
7c342378 MK |
403 | CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1" };\r |
404 | \r | |
405 | Status = VerifyEKUsInPkcs7Signature (\r | |
406 | TestSignatureWithNoEKUsPresent,\r | |
407 | ARRAY_SIZE (TestSignatureWithNoEKUsPresent),\r | |
408 | (CONST CHAR8 **)RequiredEKUs,\r | |
409 | ARRAY_SIZE (RequiredEKUs),\r | |
410 | TRUE\r | |
411 | );\r | |
694bfd6f MC |
412 | UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);\r |
413 | \r | |
414 | return UNIT_TEST_PASSED;\r | |
415 | }// TestNoEKUsInSignature()\r | |
416 | \r | |
694bfd6f MC |
417 | /**\r |
418 | TestInvalidParameters()\r | |
419 | \r | |
420 | Passes the API invalid parameters, and ensures that it does not succeed.\r | |
421 | \r | |
422 | @param[in] Framework - Unit-test framework handle.\r | |
423 | @param[in] Context - Optional context pointer for this test.\r | |
424 | \r | |
425 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
426 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
427 | **/\r | |
428 | static\r | |
429 | UNIT_TEST_STATUS\r | |
430 | EFIAPI\r | |
7c342378 MK |
431 | TestInvalidParameters (\r |
432 | IN UNIT_TEST_CONTEXT Context\r | |
433 | )\r | |
694bfd6f | 434 | {\r |
7c342378 | 435 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f | 436 | \r |
7c342378 | 437 | CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1" };\r |
694bfd6f MC |
438 | \r |
439 | //\r | |
440 | // Check bad signature.\r | |
441 | //\r | |
7c342378 MK |
442 | Status = VerifyEKUsInPkcs7Signature (\r |
443 | NULL,\r | |
444 | 0,\r | |
445 | (CONST CHAR8 **)RequiredEKUs,\r | |
446 | ARRAY_SIZE (RequiredEKUs),\r | |
447 | TRUE\r | |
448 | );\r | |
694bfd6f MC |
449 | UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);\r |
450 | \r | |
451 | //\r | |
452 | // Check invalid EKU's\r | |
453 | //\r | |
7c342378 MK |
454 | Status = VerifyEKUsInPkcs7Signature (\r |
455 | TestSignatureWithNoEKUsPresent,\r | |
456 | ARRAY_SIZE (TestSignatureWithNoEKUsPresent),\r | |
457 | (CONST CHAR8 **)NULL,\r | |
458 | 0,\r | |
459 | TRUE\r | |
460 | );\r | |
694bfd6f MC |
461 | UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);\r |
462 | \r | |
463 | return UNIT_TEST_PASSED;\r | |
464 | }// TestInvalidParameters()\r | |
465 | \r | |
694bfd6f MC |
466 | /**\r |
467 | TestEKUSubStringFails()\r | |
468 | \r | |
469 | Pass the API a sub set and super set of an EKU and ensure that they\r | |
470 | don't pass.\r | |
471 | \r | |
472 | @param[in] Framework - Unit-test framework handle.\r | |
473 | @param[in] Context - Optional context pointer for this test.\r | |
474 | \r | |
475 | @retval UNIT_TEST_PASSED - The required EKUs were found in the signature.\r | |
476 | @retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.\r | |
477 | **/\r | |
478 | static\r | |
479 | UNIT_TEST_STATUS\r | |
480 | EFIAPI\r | |
7c342378 MK |
481 | TestEKUSubsetSupersetFails (\r |
482 | IN UNIT_TEST_CONTEXT Context\r | |
483 | )\r | |
694bfd6f | 484 | {\r |
7c342378 | 485 | EFI_STATUS Status = EFI_SUCCESS;\r |
694bfd6f MC |
486 | \r |
487 | //\r | |
488 | // This signature has an EKU of:\r | |
489 | // "1.3.6.1.4.1.311.76.9.21.1.10001"\r | |
490 | // so ensure that\r | |
491 | // "1.3.6.1.4.1.311.76.9.21"\r | |
492 | // does not pass.\r | |
493 | //\r | |
7c342378 MK |
494 | CONST CHAR8 *RequiredEKUs1[] = { "1.3.6.1.4.1.311.76.9.21" };\r |
495 | \r | |
496 | Status = VerifyEKUsInPkcs7Signature (\r | |
497 | TestSignedWithProductId10001,\r | |
498 | ARRAY_SIZE (TestSignedWithProductId10001),\r | |
499 | (CONST CHAR8 **)RequiredEKUs1,\r | |
500 | ARRAY_SIZE (RequiredEKUs1),\r | |
501 | TRUE\r | |
502 | );\r | |
694bfd6f MC |
503 | UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);\r |
504 | \r | |
505 | //\r | |
506 | // This signature has an EKU of:\r | |
507 | // "1.3.6.1.4.1.311.76.9.21.1.10001"\r | |
508 | // so ensure that a super set\r | |
509 | // "1.3.6.1.4.1.311.76.9.21.1.10001.1"\r | |
510 | // does not pass.\r | |
511 | //\r | |
7c342378 MK |
512 | CONST CHAR8 *RequiredEKUs2[] = { "1.3.6.1.4.1.311.76.9.21.1.10001.1" };\r |
513 | \r | |
514 | Status = VerifyEKUsInPkcs7Signature (\r | |
515 | TestSignedWithProductId10001,\r | |
516 | ARRAY_SIZE (TestSignedWithProductId10001),\r | |
517 | (CONST CHAR8 **)RequiredEKUs2,\r | |
518 | ARRAY_SIZE (RequiredEKUs2),\r | |
519 | TRUE\r | |
520 | );\r | |
694bfd6f MC |
521 | UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);\r |
522 | \r | |
523 | return UNIT_TEST_PASSED;\r | |
524 | }// TestEKUSubsetSupersetFails()\r | |
525 | \r | |
7c342378 MK |
526 | TEST_DESC mPkcs7EkuTest[] = {\r |
527 | //\r | |
528 | // -----Description--------------------------------Class----------------------------Function------------------------------Pre---Post--Context\r | |
529 | //\r | |
530 | { "TestVerifyEKUsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsInSignature, NULL, NULL, NULL },\r | |
531 | { "TestVerifyEKUsWith3CertsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith3CertsInSignature, NULL, NULL, NULL },\r | |
532 | { "TestVerifyEKUsWith2CertsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith2CertsInSignature, NULL, NULL, NULL },\r | |
533 | { "TestVerifyEKUsWith1CertInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWith1CertInSignature, NULL, NULL, NULL },\r | |
534 | { "TestVerifyEKUsWithMultipleEKUsInCert()", "CryptoPkg.BaseCryptLib.Eku", TestVerifyEKUsWithMultipleEKUsInCert, NULL, NULL, NULL },\r | |
535 | { "TestEkusNotPresentInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestEkusNotPresentInSignature, NULL, NULL, NULL },\r | |
536 | { "TestProductId10001PresentInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestProductId10001PresentInSignature, NULL, NULL, NULL },\r | |
537 | { "TestOnlyOneEkuInListRequired()", "CryptoPkg.BaseCryptLib.Eku", TestOnlyOneEkuInListRequired, NULL, NULL, NULL },\r | |
538 | { "TestNoEKUsInSignature()", "CryptoPkg.BaseCryptLib.Eku", TestNoEKUsInSignature, NULL, NULL, NULL },\r | |
539 | { "TestInvalidParameters()", "CryptoPkg.BaseCryptLib.Eku", TestInvalidParameters, NULL, NULL, NULL },\r | |
540 | { "TestEKUSubsetSupersetFails()", "CryptoPkg.BaseCryptLib.Eku", TestEKUSubsetSupersetFails, NULL, NULL, NULL },\r | |
694bfd6f MC |
541 | };\r |
542 | \r | |
7c342378 | 543 | UINTN mPkcs7EkuTestNum = ARRAY_SIZE (mPkcs7EkuTest);\r |