diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index b813c6d3eb..b26a16fb94 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -1,75 +1,75 @@ PKCS7 Signed Data Parse Pass SHA256 #1 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass SHA1 #2 -depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der" +depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass Without CERT #3 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_without_cert:"data_files/pkcs7_data_without_cert_signed.der" +pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Fail with multiple certs #4 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_multiple_certs:"data_files/pkcs7_data_multiple_certs_signed.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with corrupted cert #5 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_corrupted_cert:"data_files/pkcs7_data_signed_badcert.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with corrupted signer info #6 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_corrupted_signer_info:"data_files/pkcs7_data_signed_badsigner.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail Version other than 1 #7 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_version:"data_files/pkcs7_data_cert_signed_v2.der" +pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION PKCS7 Signed Data Parse Fail Encrypted Content #8 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_content_oid:"data_files/pkcs7_data_cert_encrypted.der" +pkcs7_parse:"data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Verification Pass SHA256 #9 depends_on:MBEDTLS_SHA256_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Pass SHA256 #9.1 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_hash:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 PKCS7 Signed Data Verification Pass SHA1 #10 depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Pass SHA512 #11 depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA256_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Fail because of different certificate #12 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_badcert:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Verification Fail because of different data hash #13 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_tampered_data:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data_1.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_failure:"data_files/pkcs7_signerInfo_issuer_invalid_size.der" +pkcs7_parse:"data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der" +pkcs7_parse:"data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Only Signed Data Parse Pass #15 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Verify with multiple signers #16 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Hash Verify with multiple signers #17 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_hash_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 9822fb826e..8db3f3f53d 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -14,31 +14,8 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_without_cert( char *pkcs7_file ) +void pkcs7_parse( char *pkcs7_file, int res_expect ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -52,7 +29,7 @@ void pkcs7_parse_without_cert( char *pkcs7_file ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); + TEST_ASSERT( res == res_expect ); exit: mbedtls_free( pkcs7_buf ); @@ -60,175 +37,8 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_multiple_certs( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_corrupted_cert( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_corrupted_signer_info( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res < 0 ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_version( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_VERSION ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_content_oid( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res != 0 ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE ); -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509 ); - - res = mbedtls_x509_crt_parse_file( &x509, crt ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - mbedtls_free( pkcs7_buf ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "rb" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); - - fclose(file); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); - TEST_ASSERT( res == 0 ); - -exit: - mbedtls_x509_crt_free( &x509 ); - mbedtls_free( data ); - mbedtls_pkcs7_free( &pkcs7 ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ -void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) +void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg, int res_expect ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -272,17 +82,23 @@ void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) TEST_ASSERT( buflen == datalen); fclose( file ); - res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); - TEST_ASSERT( res == 0 ); - TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); + if( do_hash_alg ) + { + res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + TEST_ASSERT( res == 0 ); + TEST_ASSERT( md_alg == (mbedtls_md_type_t) do_hash_alg ); + md_info = mbedtls_md_info_from_type( md_alg ); - md_info = mbedtls_md_info_from_type( md_alg ); + res = mbedtls_md( md_info, data, datalen, hash ); + TEST_ASSERT( res == 0 ); - res = mbedtls_md( md_info, data, datalen, hash ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) ); - TEST_ASSERT( res == 0 ); + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) ); + } + else + { + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); + } + TEST_ASSERT( res == res_expect ); exit: mbedtls_x509_crt_free( &x509 ); @@ -294,7 +110,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_hash_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned ) +void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned, int do_hash_alg, int res_expect ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -344,20 +160,28 @@ void pkcs7_verify_hash_multiple_signers( char *pkcs7_file, char *crt1, char *crt fclose( file ); - res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); - TEST_ASSERT( res == 0 ); - TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); + if( do_hash_alg ) + { + res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + TEST_ASSERT( res == 0 ); + TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); - md_info = mbedtls_md_info_from_type( md_alg ); + md_info = mbedtls_md_info_from_type( md_alg ); - res = mbedtls_md( md_info, data, datalen, hash ); - TEST_ASSERT( res == 0 ); + res = mbedtls_md( md_info, data, datalen, hash ); + TEST_ASSERT( res == 0 ); - res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash)); - TEST_ASSERT( res == 0 ); + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash)); + TEST_ASSERT( res == res_expect ); + } + else + { + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen ); + TEST_ASSERT( res == res_expect ); + } res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == res_expect ); exit: mbedtls_x509_crt_free( &x509_1 ); @@ -368,194 +192,3 @@ exit: USE_PSA_DONE(); } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - - res = mbedtls_x509_crt_parse_file( &x509, crt ); - TEST_ASSERT( res == 0 ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "rb" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); - - fclose(file); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); - TEST_ASSERT( res != 0 ); - -exit: - mbedtls_x509_crt_free( &x509 ); - mbedtls_free( data ); - mbedtls_pkcs7_free( &pkcs7 ); - mbedtls_free( pkcs7_buf ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_tampered_data( char *pkcs7_file, char *crt, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - - res = mbedtls_x509_crt_parse_file( &x509, crt ); - TEST_ASSERT( res == 0 ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "rb" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); - - fclose(file); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); - TEST_ASSERT( res != 0 ); - -exit: - mbedtls_x509_crt_free( &x509 ); - mbedtls_pkcs7_free( &pkcs7 ); - mbedtls_free( data ); - mbedtls_free( pkcs7_buf ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509_1; - mbedtls_x509_crt x509_2; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509_1 ); - mbedtls_x509_crt_init( &x509_2 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - - TEST_ASSERT( pkcs7.signed_data.no_of_signers == 2 ); - - res = mbedtls_x509_crt_parse_file( &x509_1, crt1 ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_x509_crt_parse_file( &x509_2, crt2 ); - TEST_ASSERT( res == 0 ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "r" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen ); - - fclose( file ); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); - TEST_ASSERT( res == 0 ); - -exit: - mbedtls_x509_crt_free( &x509_1 ); - mbedtls_x509_crt_free( &x509_2 ); - mbedtls_pkcs7_free( &pkcs7 ); - mbedtls_free( data ); - mbedtls_free( pkcs7_buf ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_failure( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res != 0 ); -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */