mbedtls/tests/suites/test_suite_pkcs7.function
Nick Child c547447deb pkcs7/test: Let verify take dynamic number of certs
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00

167 lines
4.3 KiB
C

/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
#include "mbedtls/pkcs7.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/oid.h"
#include "sys/types.h"
#include "sys/stat.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PKCS7_C:MBEDTLS_RSA_C
* END_DEPENDENCIES
*/
/* BEGIN_SUITE_HELPERS */
int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen)
{
int res;
mbedtls_pkcs7 pkcs7;
mbedtls_pkcs7_init(&pkcs7);
res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
mbedtls_pkcs7_free(&pkcs7);
return res;
}
/* END_SUITE_HELPERS */
/* BEGIN_CASE */
void pkcs7_asn1_fail(data_t *pkcs7_buf)
{
int res;
res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len);
TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void pkcs7_parse(char *pkcs7_file, int res_expect)
{
unsigned char *pkcs7_buf = NULL;
size_t buflen;
int res;
res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
TEST_EQUAL(res, 0);
res = pkcs7_parse_buffer(pkcs7_buf, buflen);
TEST_EQUAL(res, res_expect);
exit:
mbedtls_free(pkcs7_buf);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
void pkcs7_verify(char *pkcs7_file,
char *crt_files,
char *filetobesigned,
int do_hash_alg,
int res_expect)
{
unsigned char *pkcs7_buf = NULL;
size_t buflen, i, k, cnt = 0, n_crts = 1;
unsigned char *data = NULL;
char **crt_files_arr = NULL;
unsigned char hash[64];
struct stat st;
size_t datalen;
int res;
FILE *file;
const mbedtls_md_info_t *md_info;
mbedtls_pkcs7 pkcs7;
mbedtls_x509_crt **crts = NULL;
/* crt_files are space seprated list */
for (i = 0; i < strlen(crt_files); i++) {
if (crt_files[i] == ' ') {
n_crts++;
}
}
ASSERT_ALLOC(crts, sizeof(*crts)*n_crts);
ASSERT_ALLOC(crt_files_arr, sizeof(*crt_files_arr)*n_crts);
for (i = 0; i < strlen(crt_files); i++) {
for (k = i; k < strlen(crt_files); k++) {
if (crt_files[k] == ' ') {
break;
}
}
ASSERT_ALLOC(crt_files_arr[cnt], (k-i)+1);
crt_files_arr[cnt][k-i] = '\0';
memcpy(crt_files_arr[cnt++], crt_files + i, k-i);
i = k;
}
mbedtls_pkcs7_init(&pkcs7);
for (i = 0; i < n_crts; i++) {
ASSERT_ALLOC(crts[i], sizeof(*crts[i]));
mbedtls_x509_crt_init(crts[i]);
}
USE_PSA_INIT();
res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
TEST_EQUAL(res, 0);
res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA);
TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts);
for (i = 0; i < n_crts; i++) {
res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]);
TEST_EQUAL(res, 0);
}
res = stat(filetobesigned, &st);
TEST_EQUAL(res, 0);
file = fopen(filetobesigned, "rb");
TEST_ASSERT(file != NULL);
datalen = st.st_size;
ASSERT_ALLOC(data, datalen);
buflen = fread((void *) data, sizeof(unsigned char), datalen, file);
TEST_EQUAL(buflen, datalen);
fclose(file);
if (do_hash_alg) {
md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg);
res = mbedtls_md(md_info, data, datalen, hash);
TEST_EQUAL(res, 0);
for (i = 0; i < n_crts; i++) {
res =
mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash,
mbedtls_md_get_size(md_info));
TEST_EQUAL(res, res_expect);
}
} else {
for (i = 0; i < n_crts; i++) {
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen);
TEST_EQUAL(res, res_expect);
}
}
exit:
for (i = 0; i < n_crts; i++) {
mbedtls_x509_crt_free(crts[i]);
mbedtls_free(crts[i]);
mbedtls_free(crt_files_arr[i]);
}
mbedtls_pkcs7_free(&pkcs7);
mbedtls_free(crt_files_arr);
mbedtls_free(crts);
mbedtls_free(data);
mbedtls_free(pkcs7_buf);
USE_PSA_DONE();
}
/* END_CASE */