test/pkcs7: Reduce number of test functions
In response to feedback[1], we can reuse much of the functions in
similar test cases by specifying some additional parameters.
Specifically, test cases which probe the functionality of
`mbedtls_pkcs7_parse_der` have all been merged into one test function.
Additionally, all test cases which examine the
`mbedtls_pkcs7_signed_data_verify` and `mbedtls_pkcs7_signed_hash_verify`
functions have been merged into two test functions (one for single and one
for multiple signers).
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953686780
Signed-off-by: Nick Child <nick.child@ibm.com>
diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
index b813c6d..b26a16f 100644
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@@ -1,75 +1,75 @@
PKCS7 Signed Data Parse Pass SHA256 #1
-depends_on:MBEDTLS_SHA256_C
-pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der"
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA
PKCS7 Signed Data Parse Pass SHA1 #2
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der"
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA
PKCS7 Signed Data Parse Pass Without CERT #3
depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_without_cert:"data_files/pkcs7_data_without_cert_signed.der"
+pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED_DATA
PKCS7 Signed Data Parse Fail with multiple certs #4
-depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_multiple_certs:"data_files/pkcs7_data_multiple_certs_signed.der"
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_INVALID_CERT
PKCS7 Signed Data Parse Fail with corrupted cert #5
-depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_corrupted_cert:"data_files/pkcs7_data_signed_badcert.der"
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pkcs7_parse:"data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT
PKCS7 Signed Data Parse Fail with corrupted signer info #6
-depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_corrupted_signer_info:"data_files/pkcs7_data_signed_badsigner.der"
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pkcs7_parse:"data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
PKCS7 Signed Data Parse Fail Version other than 1 #7
depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_version:"data_files/pkcs7_data_cert_signed_v2.der"
+pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION
PKCS7 Signed Data Parse Fail Encrypted Content #8
depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_content_oid:"data_files/pkcs7_data_cert_encrypted.der"
+pkcs7_parse:"data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
PKCS7 Signed Data Verification Pass SHA256 #9
depends_on:MBEDTLS_SHA256_C
-pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin"
+pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0
PKCS7 Signed Data Verification Pass SHA256 #9.1
depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_hash:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin"
+pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
PKCS7 Signed Data Verification Pass SHA1 #10
depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin"
+pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0
PKCS7 Signed Data Verification Pass SHA512 #11
depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA256_C
-pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin"
+pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0
PKCS7 Signed Data Verification Fail because of different certificate #12
depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_badcert:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_data.bin"
+pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
PKCS7 Signed Data Verification Fail because of different data hash #13
depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_tampered_data:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data_1.bin"
+pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1
depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_failure:"data_files/pkcs7_signerInfo_issuer_invalid_size.der"
+pkcs7_parse:"data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2
depends_on:MBEDTLS_SHA256_C
-pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der"
+pkcs7_parse:"data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
PKCS7 Only Signed Data Parse Pass #15
-depends_on:MBEDTLS_SHA256_C
-pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der"
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA
PKCS7 Signed Data Verify with multiple signers #16
depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin"
+pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0
PKCS7 Signed Data Hash Verify with multiple signers #17
depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_hash_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin"
+pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index 9822fb8..8db3f3f 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -14,31 +14,8 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */
-void pkcs7_parse( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
-
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
-
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void pkcs7_parse_without_cert( char *pkcs7_file )
+void pkcs7_parse( char *pkcs7_file, int res_expect )
{
unsigned char *pkcs7_buf = NULL;
size_t buflen;
@@ -52,7 +29,7 @@
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
+ TEST_ASSERT( res == res_expect );
exit:
mbedtls_free( pkcs7_buf );
@@ -60,175 +37,8 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */
-void pkcs7_parse_multiple_certs( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
-
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT );
-
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */
-void pkcs7_parse_corrupted_cert( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
-
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT );
-
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */
-void pkcs7_parse_corrupted_signer_info( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
-
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res < 0 );
-
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void pkcs7_parse_version( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
-
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_VERSION );
-
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void pkcs7_parse_content_oid( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen);
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res != 0 );
- TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE );
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
-void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- unsigned char *data = NULL;
- struct stat st;
- size_t datalen;
- int res;
- FILE *file;
-
- mbedtls_pkcs7 pkcs7;
- mbedtls_x509_crt x509;
-
- USE_PSA_INIT();
-
- mbedtls_pkcs7_init( &pkcs7 );
- mbedtls_x509_crt_init( &x509 );
-
- res = mbedtls_x509_crt_parse_file( &x509, crt );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
- mbedtls_free( pkcs7_buf );
-
- res = stat( filetobesigned, &st );
- TEST_ASSERT( res == 0 );
-
- file = fopen( filetobesigned, "rb" );
- TEST_ASSERT( file != NULL );
-
- datalen = st.st_size;
- data = mbedtls_calloc( datalen, 1 );
- buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file );
- TEST_ASSERT( buflen == datalen);
-
- fclose(file);
-
- res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen );
- TEST_ASSERT( res == 0 );
-
-exit:
- mbedtls_x509_crt_free( &x509 );
- mbedtls_free( data );
- mbedtls_pkcs7_free( &pkcs7 );
- USE_PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */
-void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned )
+void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg, int res_expect )
{
unsigned char *pkcs7_buf = NULL;
size_t buflen;
@@ -272,17 +82,23 @@
TEST_ASSERT( buflen == datalen);
fclose( file );
- res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg );
- TEST_ASSERT( res == 0 );
- TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 );
+ if( do_hash_alg )
+ {
+ res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg );
+ TEST_ASSERT( res == 0 );
+ TEST_ASSERT( md_alg == (mbedtls_md_type_t) do_hash_alg );
+ md_info = mbedtls_md_info_from_type( md_alg );
- md_info = mbedtls_md_info_from_type( md_alg );
+ res = mbedtls_md( md_info, data, datalen, hash );
+ TEST_ASSERT( res == 0 );
- res = mbedtls_md( md_info, data, datalen, hash );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) );
- TEST_ASSERT( res == 0 );
+ res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) );
+ }
+ else
+ {
+ res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen );
+ }
+ TEST_ASSERT( res == res_expect );
exit:
mbedtls_x509_crt_free( &x509 );
@@ -294,7 +110,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
-void pkcs7_verify_hash_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned )
+void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned, int do_hash_alg, int res_expect )
{
unsigned char *pkcs7_buf = NULL;
size_t buflen;
@@ -344,20 +160,28 @@
fclose( file );
- res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg );
- TEST_ASSERT( res == 0 );
- TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 );
+ if( do_hash_alg )
+ {
+ res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg );
+ TEST_ASSERT( res == 0 );
+ TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 );
- md_info = mbedtls_md_info_from_type( md_alg );
+ md_info = mbedtls_md_info_from_type( md_alg );
- res = mbedtls_md( md_info, data, datalen, hash );
- TEST_ASSERT( res == 0 );
+ res = mbedtls_md( md_info, data, datalen, hash );
+ TEST_ASSERT( res == 0 );
- res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash));
- TEST_ASSERT( res == 0 );
+ res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash));
+ TEST_ASSERT( res == res_expect );
+ }
+ else
+ {
+ res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen );
+ TEST_ASSERT( res == res_expect );
+ }
res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen );
- TEST_ASSERT( res == 0 );
+ TEST_ASSERT( res == res_expect );
exit:
mbedtls_x509_crt_free( &x509_1 );
@@ -368,194 +192,3 @@
USE_PSA_DONE();
}
/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
-void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- unsigned char *data = NULL;
- struct stat st;
- size_t datalen;
- int res;
- FILE *file;
-
- mbedtls_pkcs7 pkcs7;
- mbedtls_x509_crt x509;
-
- USE_PSA_INIT();
-
- mbedtls_pkcs7_init( &pkcs7 );
- mbedtls_x509_crt_init( &x509 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
-
- res = mbedtls_x509_crt_parse_file( &x509, crt );
- TEST_ASSERT( res == 0 );
-
- res = stat( filetobesigned, &st );
- TEST_ASSERT( res == 0 );
-
- file = fopen( filetobesigned, "rb" );
- TEST_ASSERT( file != NULL );
-
- datalen = st.st_size;
- data = mbedtls_calloc( datalen, 1 );
- buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file );
- TEST_ASSERT( buflen == datalen);
-
- fclose(file);
-
- res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen );
- TEST_ASSERT( res != 0 );
-
-exit:
- mbedtls_x509_crt_free( &x509 );
- mbedtls_free( data );
- mbedtls_pkcs7_free( &pkcs7 );
- mbedtls_free( pkcs7_buf );
- USE_PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
-void pkcs7_verify_tampered_data( char *pkcs7_file, char *crt, char *filetobesigned )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- unsigned char *data = NULL;
- struct stat st;
- size_t datalen;
- int res;
- FILE *file;
-
- mbedtls_pkcs7 pkcs7;
- mbedtls_x509_crt x509;
-
- USE_PSA_INIT();
-
- mbedtls_pkcs7_init( &pkcs7 );
- mbedtls_x509_crt_init( &x509 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
-
- res = mbedtls_x509_crt_parse_file( &x509, crt );
- TEST_ASSERT( res == 0 );
-
- res = stat( filetobesigned, &st );
- TEST_ASSERT( res == 0 );
-
- file = fopen( filetobesigned, "rb" );
- TEST_ASSERT( file != NULL );
-
- datalen = st.st_size;
- data = mbedtls_calloc( datalen, 1 );
- buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file );
- TEST_ASSERT( buflen == datalen);
-
- fclose(file);
-
- res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen );
- TEST_ASSERT( res != 0 );
-
-exit:
- mbedtls_x509_crt_free( &x509 );
- mbedtls_pkcs7_free( &pkcs7 );
- mbedtls_free( data );
- mbedtls_free( pkcs7_buf );
- USE_PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
-void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- unsigned char *data = NULL;
- struct stat st;
- size_t datalen;
- int res;
- FILE *file;
-
- mbedtls_pkcs7 pkcs7;
- mbedtls_x509_crt x509_1;
- mbedtls_x509_crt x509_2;
-
- USE_PSA_INIT();
-
- mbedtls_pkcs7_init( &pkcs7 );
- mbedtls_x509_crt_init( &x509_1 );
- mbedtls_x509_crt_init( &x509_2 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA );
-
- TEST_ASSERT( pkcs7.signed_data.no_of_signers == 2 );
-
- res = mbedtls_x509_crt_parse_file( &x509_1, crt1 );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_x509_crt_parse_file( &x509_2, crt2 );
- TEST_ASSERT( res == 0 );
-
- res = stat( filetobesigned, &st );
- TEST_ASSERT( res == 0 );
-
- file = fopen( filetobesigned, "r" );
- TEST_ASSERT( file != NULL );
-
- datalen = st.st_size;
- data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) );
- buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file );
- TEST_ASSERT( buflen == datalen );
-
- fclose( file );
-
- res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen );
- TEST_ASSERT( res == 0 );
-
-exit:
- mbedtls_x509_crt_free( &x509_1 );
- mbedtls_x509_crt_free( &x509_2 );
- mbedtls_pkcs7_free( &pkcs7 );
- mbedtls_free( data );
- mbedtls_free( pkcs7_buf );
- USE_PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void pkcs7_parse_failure( char *pkcs7_file )
-{
- unsigned char *pkcs7_buf = NULL;
- size_t buflen;
- int res;
- mbedtls_pkcs7 pkcs7;
-
- mbedtls_pkcs7_init( &pkcs7 );
-
- res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen );
- TEST_ASSERT( res == 0 );
-
- res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen );
- TEST_ASSERT( res != 0 );
-exit:
- mbedtls_free( pkcs7_buf );
- mbedtls_pkcs7_free( &pkcs7 );
-}
-/* END_CASE */