yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

pkcs7/test: Let verify take dynamic number of certs

Browse source 
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
Nick Child 2023-01-27 21:06:39 +00:00
parent ec81709516
commit c547447deb
2 changed files with 55 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tests/suites/test_suite_pkcs7.data
View file

@ -76,15 +76,15 @@ pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIG
PKCS7 Signed Data Verify with multiple signers #16
depends_on:MBEDTLS_SHA256_C
pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0
pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0
PKCS7 Signed Data Hash Verify with multiple signers #17
depends_on:MBEDTLS_SHA256_C
pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
PKCS7 Signed Data Hash Verify Fail with multiple signers #18
depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C
pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL
pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL
PKCS7 Signed Data Verify Fail Expired Cert #19
depends_on:MBEDTLS_SHA256_C

140
tests/suites/test_suite_pkcs7.function
View file

@ -55,96 +55,53 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg,
void pkcs7_verify(char *pkcs7_file,
char *crt_files,
char *filetobesigned,
int do_hash_alg,
int res_expect)
{
unsigned char *pkcs7_buf = NULL;
size_t buflen;
size_t buflen, i, k, cnt = 0, n_crts = 1;
unsigned char *data = NULL;
char **crt_files_arr = NULL;
unsigned char hash[64];
struct stat st;
size_t datalen;
int res;
FILE *file;
const mbedtls_md_info_t *md_info;
mbedtls_pkcs7 pkcs7;
mbedtls_x509_crt x509;
mbedtls_x509_crt **crts = NULL;
mbedtls_pkcs7_init(&pkcs7);
mbedtls_x509_crt_init(&x509);
USE_PSA_INIT();
res = mbedtls_x509_crt_parse_file(&x509, crt);
TEST_EQUAL(res, 0);
res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
TEST_EQUAL(res, 0);
res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA);
res = stat(filetobesigned, &st);
TEST_EQUAL(res, 0);
file = fopen(filetobesigned, "rb");
TEST_ASSERT(file != NULL);
datalen = st.st_size;
ASSERT_ALLOC(data, datalen);
TEST_ASSERT(data != NULL);
buflen = fread((void *) data, sizeof(unsigned char), datalen, file);
TEST_EQUAL(buflen, datalen);
fclose(file);
if (do_hash_alg) {
md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg);
res = mbedtls_md(md_info, data, datalen, hash);
TEST_EQUAL(res, 0);
res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, mbedtls_md_get_size(md_info));
} else {
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509, data, datalen);
/* crt_files are space seprated list */
for (i = 0; i < strlen(crt_files); i++) {
if (crt_files[i] == ' ') {
n_crts++;
}
}
TEST_EQUAL(res, res_expect);
exit:
mbedtls_x509_crt_free(&x509);
mbedtls_free(data);
mbedtls_pkcs7_free(&pkcs7);
mbedtls_free(pkcs7_buf);
USE_PSA_DONE();
}
/* END_CASE */
ASSERT_ALLOC(crts, sizeof(*crts)*n_crts);
ASSERT_ALLOC(crt_files_arr, sizeof(*crt_files_arr)*n_crts);
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
void pkcs7_verify_multiple_signers(char *pkcs7_file,
char *crt1,
char *crt2,
char *filetobesigned,
int do_hash_alg,
int res_expect)
{
unsigned char *pkcs7_buf = NULL;
size_t buflen;
unsigned char *data = NULL;
unsigned char hash[64];
struct stat st;
size_t datalen;
int res;
FILE *file;
const mbedtls_md_info_t *md_info;
mbedtls_pkcs7 pkcs7;
mbedtls_x509_crt x509_1;
mbedtls_x509_crt x509_2;
for (i = 0; i < strlen(crt_files); i++) {
for (k = i; k < strlen(crt_files); k++) {
if (crt_files[k] == ' ') {
break;
}
}
ASSERT_ALLOC(crt_files_arr[cnt], (k-i)+1);
crt_files_arr[cnt][k-i] = '\0';
memcpy(crt_files_arr[cnt++], crt_files + i, k-i);
i = k;
}
mbedtls_pkcs7_init(&pkcs7);
mbedtls_x509_crt_init(&x509_1);
mbedtls_x509_crt_init(&x509_2);
for (i = 0; i < n_crts; i++) {
ASSERT_ALLOC(crts[i], sizeof(*crts[i]));
mbedtls_x509_crt_init(crts[i]);
}
USE_PSA_INIT();
@ -154,13 +111,12 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file,
res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA);
TEST_EQUAL(pkcs7.signed_data.no_of_signers, 2);
TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts);
res = mbedtls_x509_crt_parse_file(&x509_1, crt1);
TEST_EQUAL(res, 0);
res = mbedtls_x509_crt_parse_file(&x509_2, crt2);
TEST_EQUAL(res, 0);
for (i = 0; i < n_crts; i++) {
res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]);
TEST_EQUAL(res, 0);
}
res = stat(filetobesigned, &st);
TEST_EQUAL(res, 0);
@ -181,21 +137,29 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file,
res = mbedtls_md(md_info, data, datalen, hash);
TEST_EQUAL(res, 0);
res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, mbedtls_md_get_size(md_info));
TEST_EQUAL(res, res_expect);
res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_2, hash, mbedtls_md_get_size(md_info));
TEST_EQUAL(res, res_expect);
for (i = 0; i < n_crts; i++) {
res =
mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash,
mbedtls_md_get_size(md_info));
TEST_EQUAL(res, res_expect);
}
} else {
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_1, data, datalen);
TEST_EQUAL(res, res_expect);
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen);
TEST_EQUAL(res, res_expect);
for (i = 0; i < n_crts; i++) {
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen);
TEST_EQUAL(res, res_expect);
}
}
exit:
mbedtls_x509_crt_free(&x509_1);
mbedtls_x509_crt_free(&x509_2);
for (i = 0; i < n_crts; i++) {
mbedtls_x509_crt_free(crts[i]);
mbedtls_free(crts[i]);
mbedtls_free(crt_files_arr[i]);
}
mbedtls_pkcs7_free(&pkcs7);
mbedtls_free(crt_files_arr);
mbedtls_free(crts);
mbedtls_free(data);
mbedtls_free(pkcs7_buf);
USE_PSA_DONE();