mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-27 15:40:02 +00:00
fc234b7b52
Windows tests are failing pkcs7 verification due to differnt line endings. Therefore, add make instuctions for building the data files with Windows EOF instead. As a result, regenerate other data files so that verification works. Add these CRLF EOF files to the exception in check_files to ignore the line endings. Signed-off-by: Nick Child <nick.child@ibm.com>
195 lines
5.3 KiB
Plaintext
195 lines
5.3 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/bignum.h"
|
|
#include "mbedtls/pkcs7.h"
|
|
#include "mbedtls/x509.h"
|
|
#include "mbedtls/x509_crt.h"
|
|
#include "mbedtls/x509_crl.h"
|
|
#include "mbedtls/oid.h"
|
|
#include "sys/types.h"
|
|
#include "sys/stat.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PKCS7_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
|
|
void pkcs7_parse( char *pkcs7_file, int res_expect )
|
|
{
|
|
unsigned char *pkcs7_buf = NULL;
|
|
size_t buflen;
|
|
int res;
|
|
|
|
mbedtls_pkcs7 pkcs7;
|
|
|
|
mbedtls_pkcs7_init( &pkcs7 );
|
|
|
|
res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
|
|
TEST_ASSERT( res == res_expect );
|
|
|
|
exit:
|
|
mbedtls_free( pkcs7_buf );
|
|
mbedtls_pkcs7_free( &pkcs7 );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
|
|
void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg, int res_expect )
|
|
{
|
|
unsigned char *pkcs7_buf = NULL;
|
|
size_t buflen;
|
|
unsigned char *data = NULL;
|
|
unsigned char hash[32];
|
|
struct stat st;
|
|
size_t datalen;
|
|
int res;
|
|
FILE *file;
|
|
const mbedtls_md_info_t *md_info;
|
|
mbedtls_md_type_t md_alg;
|
|
|
|
mbedtls_pkcs7 pkcs7;
|
|
mbedtls_x509_crt x509;
|
|
|
|
USE_PSA_INIT();
|
|
|
|
mbedtls_pkcs7_init( &pkcs7 );
|
|
mbedtls_x509_crt_init( &x509 );
|
|
|
|
res = mbedtls_x509_crt_parse_file( &x509, crt );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
|
|
TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
|
|
|
|
res = stat( filetobesigned, &st );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
file = fopen( filetobesigned, "rb" );
|
|
TEST_ASSERT( file != NULL );
|
|
|
|
datalen = st.st_size;
|
|
data = mbedtls_calloc( datalen, 1 );
|
|
TEST_ASSERT( data != NULL );
|
|
|
|
buflen = fread( (void *)data , sizeof( unsigned char ), datalen, file );
|
|
TEST_ASSERT( buflen == datalen );
|
|
fclose( file );
|
|
|
|
if( do_hash_alg )
|
|
{
|
|
res = mbedtls_oid_get_md_alg( &pkcs7.signed_data.digest_alg_identifiers, &md_alg );
|
|
TEST_ASSERT( res == 0 );
|
|
TEST_ASSERT( md_alg == (mbedtls_md_type_t) do_hash_alg );
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
|
|
res = mbedtls_md( md_info, data, datalen, hash );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) );
|
|
}
|
|
else
|
|
{
|
|
res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen );
|
|
}
|
|
TEST_ASSERT( res == res_expect );
|
|
|
|
exit:
|
|
mbedtls_x509_crt_free( &x509 );
|
|
mbedtls_free( data );
|
|
mbedtls_pkcs7_free( &pkcs7 );
|
|
mbedtls_free( pkcs7_buf );
|
|
USE_PSA_DONE();
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
|
|
void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned, int do_hash_alg, int res_expect )
|
|
{
|
|
unsigned char *pkcs7_buf = NULL;
|
|
size_t buflen;
|
|
unsigned char *data = NULL;
|
|
unsigned char hash[32];
|
|
struct stat st;
|
|
size_t datalen;
|
|
int res;
|
|
FILE *file;
|
|
const mbedtls_md_info_t *md_info;
|
|
mbedtls_md_type_t md_alg;
|
|
|
|
mbedtls_pkcs7 pkcs7;
|
|
mbedtls_x509_crt x509_1;
|
|
mbedtls_x509_crt x509_2;
|
|
|
|
USE_PSA_INIT();
|
|
|
|
mbedtls_pkcs7_init( &pkcs7 );
|
|
mbedtls_x509_crt_init( &x509_1 );
|
|
mbedtls_x509_crt_init( &x509_2 );
|
|
|
|
res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
|
|
TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
|
|
|
|
TEST_ASSERT( pkcs7.signed_data.no_of_signers == 2 );
|
|
|
|
res = mbedtls_x509_crt_parse_file( &x509_1, crt1 );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_x509_crt_parse_file( &x509_2, crt2 );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = stat( filetobesigned, &st );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
file = fopen( filetobesigned, "rb" );
|
|
TEST_ASSERT( file != NULL );
|
|
|
|
datalen = st.st_size;
|
|
data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) );
|
|
buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file );
|
|
TEST_ASSERT( buflen == datalen );
|
|
|
|
fclose( file );
|
|
|
|
if( do_hash_alg )
|
|
{
|
|
res = mbedtls_oid_get_md_alg( &pkcs7.signed_data.digest_alg_identifiers, &md_alg );
|
|
TEST_ASSERT( res == 0 );
|
|
TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 );
|
|
|
|
md_info = mbedtls_md_info_from_type( md_alg );
|
|
|
|
res = mbedtls_md( md_info, data, datalen, hash );
|
|
TEST_ASSERT( res == 0 );
|
|
|
|
res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash) );
|
|
TEST_ASSERT( res == res_expect );
|
|
}
|
|
else
|
|
{
|
|
res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen );
|
|
TEST_ASSERT( res == res_expect );
|
|
}
|
|
|
|
res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen );
|
|
TEST_ASSERT( res == res_expect );
|
|
|
|
exit:
|
|
mbedtls_x509_crt_free( &x509_1 );
|
|
mbedtls_x509_crt_free( &x509_2 );
|
|
mbedtls_pkcs7_free( &pkcs7 );
|
|
mbedtls_free( data );
|
|
mbedtls_free( pkcs7_buf );
|
|
USE_PSA_DONE();
|
|
}
|
|
/* END_CASE */
|