Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der
This results in the loop being executed.
Signed-off-by: Nick Child <nick.child@ibm.com>
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.
Merge these two functions into one function that can take
any number of certificates as an argument.
Signed-off-by: Nick Child <nick.child@ibm.com>
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.
Signed-off-by: Nick Child <nick.child@ibm.com>
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der
Signed-off-by: Nick Child <nick.child@ibm.com>
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function
Signed-off-by: Nick Child <nick.child@ibm.com>
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.
Signed-off-by: Nick Child <nick.child@ibm.com>
If HOSTCC is set, use that to generate files, otherwise use CC. This
should make cross-compilation with generated files slightly easier.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Move compilation to a separate helper function in c_build_helper.py to
allow more generic use.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The 'MBEDTLS_TEST_HOOKS' belongs to a test function and
not to a test case.
This reverts commit 1e8c210b9d.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Don't use external programs for string manipulation that the shell can do.
This makes the script a little faster (~10% when testing PSK).
For this commit, I only looked at code run in the innermost loop.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>