diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 22dd8a446..5991e40d8 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -76,15 +76,15 @@ pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIG PKCS7 Signed Data Verify with multiple signers #16 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0 +pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Hash Verify with multiple signers #17 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 +pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 PKCS7 Signed Data Hash Verify Fail with multiple signers #18 depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C -pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL +pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL PKCS7 Signed Data Verify Fail Expired Cert #19 depends_on:MBEDTLS_SHA256_C diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index f799c8fb5..168ac6c21 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -55,96 +55,53 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg, +void pkcs7_verify(char *pkcs7_file, + char *crt_files, + char *filetobesigned, + int do_hash_alg, int res_expect) { unsigned char *pkcs7_buf = NULL; - size_t buflen; + size_t buflen, i, k, cnt = 0, n_crts = 1; unsigned char *data = NULL; + char **crt_files_arr = NULL; unsigned char hash[64]; struct stat st; size_t datalen; int res; FILE *file; const mbedtls_md_info_t *md_info; - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; + mbedtls_x509_crt **crts = NULL; - mbedtls_pkcs7_init(&pkcs7); - mbedtls_x509_crt_init(&x509); - USE_PSA_INIT(); - - res = mbedtls_x509_crt_parse_file(&x509, crt); - TEST_EQUAL(res, 0); - - res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); - TEST_EQUAL(res, 0); - - res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); - TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA); - - res = stat(filetobesigned, &st); - TEST_EQUAL(res, 0); - - file = fopen(filetobesigned, "rb"); - TEST_ASSERT(file != NULL); - - datalen = st.st_size; - ASSERT_ALLOC(data, datalen); - TEST_ASSERT(data != NULL); - - buflen = fread((void *) data, sizeof(unsigned char), datalen, file); - TEST_EQUAL(buflen, datalen); - fclose(file); - - if (do_hash_alg) { - md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); - - res = mbedtls_md(md_info, data, datalen, hash); - TEST_EQUAL(res, 0); - - res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, mbedtls_md_get_size(md_info)); - } else { - res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509, data, datalen); + /* crt_files are space seprated list */ + for (i = 0; i < strlen(crt_files); i++) { + if (crt_files[i] == ' ') { + n_crts++; + } } - TEST_EQUAL(res, res_expect); -exit: - mbedtls_x509_crt_free(&x509); - mbedtls_free(data); - mbedtls_pkcs7_free(&pkcs7); - mbedtls_free(pkcs7_buf); - USE_PSA_DONE(); -} -/* END_CASE */ + ASSERT_ALLOC(crts, sizeof(*crts)*n_crts); + ASSERT_ALLOC(crt_files_arr, sizeof(*crt_files_arr)*n_crts); -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_multiple_signers(char *pkcs7_file, - char *crt1, - char *crt2, - char *filetobesigned, - int do_hash_alg, - int res_expect) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - unsigned char hash[64]; - struct stat st; - size_t datalen; - int res; - FILE *file; - const mbedtls_md_info_t *md_info; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509_1; - mbedtls_x509_crt x509_2; + for (i = 0; i < strlen(crt_files); i++) { + for (k = i; k < strlen(crt_files); k++) { + if (crt_files[k] == ' ') { + break; + } + } + ASSERT_ALLOC(crt_files_arr[cnt], (k-i)+1); + crt_files_arr[cnt][k-i] = '\0'; + memcpy(crt_files_arr[cnt++], crt_files + i, k-i); + i = k; + } mbedtls_pkcs7_init(&pkcs7); - mbedtls_x509_crt_init(&x509_1); - mbedtls_x509_crt_init(&x509_2); + for (i = 0; i < n_crts; i++) { + ASSERT_ALLOC(crts[i], sizeof(*crts[i])); + mbedtls_x509_crt_init(crts[i]); + } USE_PSA_INIT(); @@ -154,13 +111,12 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file, res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA); - TEST_EQUAL(pkcs7.signed_data.no_of_signers, 2); + TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts); - res = mbedtls_x509_crt_parse_file(&x509_1, crt1); - TEST_EQUAL(res, 0); - - res = mbedtls_x509_crt_parse_file(&x509_2, crt2); - TEST_EQUAL(res, 0); + for (i = 0; i < n_crts; i++) { + res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]); + TEST_EQUAL(res, 0); + } res = stat(filetobesigned, &st); TEST_EQUAL(res, 0); @@ -181,21 +137,29 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file, res = mbedtls_md(md_info, data, datalen, hash); TEST_EQUAL(res, 0); - res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, mbedtls_md_get_size(md_info)); - TEST_EQUAL(res, res_expect); - res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_2, hash, mbedtls_md_get_size(md_info)); - TEST_EQUAL(res, res_expect); + for (i = 0; i < n_crts; i++) { + res = + mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash, + mbedtls_md_get_size(md_info)); + TEST_EQUAL(res, res_expect); + } } else { - res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_1, data, datalen); - TEST_EQUAL(res, res_expect); - res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen); - TEST_EQUAL(res, res_expect); + for (i = 0; i < n_crts; i++) { + res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen); + TEST_EQUAL(res, res_expect); + } } exit: - mbedtls_x509_crt_free(&x509_1); - mbedtls_x509_crt_free(&x509_2); + for (i = 0; i < n_crts; i++) { + mbedtls_x509_crt_free(crts[i]); + mbedtls_free(crts[i]); + mbedtls_free(crt_files_arr[i]); + } + mbedtls_pkcs7_free(&pkcs7); + mbedtls_free(crt_files_arr); + mbedtls_free(crts); mbedtls_free(data); mbedtls_free(pkcs7_buf); USE_PSA_DONE();