pkcs7: add support for signed data
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 288b01f..dbe3234 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1223,6 +1223,11 @@
echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc
all_final += pkcs7_signerInfo_serial_invalid_size.der
+# pkcs7 signature file just with signed data
+pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der
+ dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1
+all_final += pkcs7_data_cert_signeddata_sha256.der
+
################################################################
#### Diffie-Hellman parameters
################################################################
diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
index 870e83b..75ee9f6 100644
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@@ -51,3 +51,6 @@
PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2
pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der"
+
+PKCS7 Only Signed Data Parse Pass #15
+pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der"
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index b5ef2ef..d85a455 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -29,7 +29,7 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
exit:
mbedtls_free( pkcs7_buf );
@@ -52,7 +52,7 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
exit:
mbedtls_free( pkcs7_buf );
@@ -210,10 +210,10 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
mbedtls_free( pkcs7_buf );
- res = stat(filetobesigned, &st);
+ res = stat( filetobesigned, &st );
TEST_ASSERT( res == 0 );
file = fopen( filetobesigned, "rb" );
@@ -263,9 +263,9 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
- res = stat(filetobesigned, &st);
+ res = stat( filetobesigned, &st );
TEST_ASSERT( res == 0 );
file = fopen( filetobesigned, "rb" );
@@ -319,12 +319,12 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
res = mbedtls_x509_crt_parse_file( &x509, crt );
TEST_ASSERT( res == 0 );
- res = stat(filetobesigned, &st);
+ res = stat( filetobesigned, &st );
TEST_ASSERT( res == 0 );
file = fopen( filetobesigned, "rb" );
@@ -369,12 +369,12 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
res = mbedtls_x509_crt_parse_file( &x509, crt );
TEST_ASSERT( res == 0 );
- res = stat(filetobesigned, &st);
+ res = stat( filetobesigned, &st );
TEST_ASSERT( res == 0 );
file = fopen( filetobesigned, "rb" );