From 2e8442565a5a67ca935abee573259cf419eaf7fe Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Sat, 11 Mar 2023 10:24:30 +0000
Subject: [PATCH] Add PKCS #7 test files using expired cert

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/data_files/Makefile                   |   9 +++++++++
 tests/data_files/pkcs7-rsa-expired.der      | Bin 0 -> 857 bytes
 tests/data_files/pkcs7_data_rsa_expired.der | Bin 0 -> 1302 bytes
 3 files changed, 9 insertions(+)
 create mode 100644 tests/data_files/pkcs7-rsa-expired.der
 create mode 100644 tests/data_files/pkcs7_data_rsa_expired.der
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 80bdd2573..e638cafe6 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1306,6 +1306,11 @@ pkcs7-rsa-expired.crt:
 	$(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365  -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt
 all_final += pkcs7-rsa-expired.crt
 
+# File with an otherwise valid signature signed with an expired cert
+pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@
+all_final += pkcs7_data_rsa_expired.der
+
 # Convert signing certs to DER for testing PEM-free builds
 pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1)
 	$(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER
@@ -1315,6 +1320,10 @@ pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2)
 	$(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER
 all_final += pkcs7-rsa-sha256-2.der
 
+pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt
+	$(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER
+all_final += pkcs7-rsa-expired.der
+
 # pkcs7 signature file over zero-len data
 pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt
 	$(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der
diff --git a/tests/data_files/pkcs7-rsa-expired.der b/tests/data_files/pkcs7-rsa-expired.der
new file mode 100644
index 0000000000000000000000000000000000000000..508ec5c29a04659cc22494dfdda906c5512310fe
GIT binary patch
literal 857
zcmXqLVh%NEVzOPp%*4pVBx1F7(v4q_f3_dF99xx_C%#{5zFVXLFB_*;n@8JsUPeZ4
zRt5trLv903Hs(+kHen_|A45I^9uS9%hc&?4IoRA#+CUP-XXX(C^A(&^i%Jw+D+)4;
zQd11%#CZ*kfY98~(#YJ<A_~YgM&eRrb`zr#vQrsZ8JL?G`56qF7`d357#SJX$cAyT
zTBu8ZX4t4(_NY^O!Bn#yoy_+7S#En-6x0jvF-<UDyXnh0UZIV)X4==Zm`+E%x4%*+
z>T0`2H@QSIxHI9&>m@daye>@3OxAqN=TpIcbLGd+PtV&(O*cI(R&^{>-{QQtZlBs|
zp5!-QHvL&BGr=QTZ+2mjaYC~{-vSZkh|q@WdV6QRs|!DA@XgGPoMB<O;2J}^YK!2p
zw6n==Pmavkez@?VoU_pz=j>BEFPyX55MuwyF>YOe%pRWKbEjxscdUBOUZlcMAF(WD
z?snhznQy0*=jXa6Wy?-^VB}kFoo6vk=0<|5-qvMFzP2ZBX-~P$5@(|MnJ;;h@x!U?
z>PCu8%!~|-i-QdU4P=24B+JJl#v)=oT}<&%Nvfsbwq?5{{%r9Q$w@FbkOxUCvq%_-
zHDFi34^kk^$oQXy)qojDAqP7!g#d${k%5=_)6w^WcHsfp=HeWAY<cD<Z~cjm-hFw`
zN0-}Y65dT%cl={}E5qSSs<N9N>SwMl`I3I6v6k;v{C@#6<|BMH7C--O5E09~&i%0O
zV%zV3EbC77t-ICF!KvuH(UMO?O|`6i7T?`&g-?&lA}7zi^(r#<`I!e3R_-poU_9G5
z)azpX!?-USZ~0DqA1#0Ni+7~r83&ny>Sp0$)%$U)9<MH+XrB{!CUtdaMczgK^9iE<
zp1F*5ZacQM-2WIAspn%5y2I`(bH}oevo1ONY)oBn^37?1my+y(TUE<g?}YBsH8_7s
oZpZ&Kjvw3Aw_R)7bVos8#tZMz9b9G;^}T(yQX;%3>pg!60FaqLSO5S3

literal 0
HcmV?d00001

diff --git a/tests/data_files/pkcs7_data_rsa_expired.der b/tests/data_files/pkcs7_data_rsa_expired.der
new file mode 100644
index 0000000000000000000000000000000000000000..63af49d6a9d8334faca425e3c7cede1be7cdc6ad
GIT binary patch
literal 1302
zcmXqLVijWJ)N1o+`_9YA&a|M3mD!+)<v$Z6qanWmFB@k<n+IbmGYb<VD}w<yLLuXV
zCgw<kCgxCsCMMej%uI|-Od?iWC*An<_-Ff(%du5?dE)z}=DS6LjDQ->$PF~Y%8=WD
zlZ`o)g-w{r&&QC@fCt3k;$aQ&b`CZ-ls1qA@tJvqz<dSg)S?mv*NTG7qSO=vIdNV?
zBOo+4v@|j|w1@(7jghz%ncc*wgzQwHZ<(7I`56qF7`d357#SJX$cAyTTBu8ZX4t4(
z_NY^O!Bn#yoy_+7S#En-6x0jvF-<UDyXnh0UZIV)X4==Zm`+E%x4%*+>T0`2H@QSI
zxHI9&>m@daye>@3OxAqN=TpIcbLGd+PtV&(O*cI(R&^{>-{QQtZlBs|p5!-QHvL&B
zGr=QTZ+2mjaYC~{-vSZkh|q@WdV6QRs|!DA@XgGPoMB<O;2J}^YK!2pw6n==Pmavk
zez@?VoU_pz=j>BEFPyX55MuwyF>YOe%pRWKbEjxscdUBOUZlcMAF(WD?snhznQy0*
z=jXa6Wy?-^VB}kFoo6vk=0<|5-qvMFzP2ZBX-~P$5@(|MnJ;;h@x!U?>PCu8%!~|-
zi-QdU4P=24B+JJl#v)=oT}<&%Nvfsbwq?5{{%r9Q$w@FbkOxUCvq%_-HDFi34^kk^
z$oQXy)qojDAqP7!g#d${k%5=_)6w^WcHsfp=HeWAY<cD<Z~cjm-hFw`N0-}Y65dT%
zcl={}E5qSSs<N9N>SwMl`I3I6v6k;v{C@#6<|BMH7C--O5E09~&i%0OV%zV3EbC77
zt-ICF!KvuH(UMO?O|`6i7T?`&g-?&lA}7zi^(r#<`I!e3R_-poU_9G5)azpX!?-US
zZ~0DqA1#0Ni+7~r83&ny>Sp0$)%$U)9<MH+XrB{!CUtdaMczgK^9iE<p1F*5ZacQM
z-2WIAspn%5y2I`(bH}oevo1ONY)oBn^37?1my+y(TUE<g?}YBsH8_7sZpZ&Kjvw3A
zw_R)7bVos8#tZMz9b9G;^}T(yQX;%3>pg#H*u+>1OnQ~TTxbwPNxH_JDUtIvQXT~+
ze3m9ghAFT6(xUf@{ym%6vsEzDPD=LCsk)a=mmVH5+pR4<Hzh;;xUTAH2IdRlk+KQ#
zi+1Fk$zv&(<cZd~v*EbwZX2n_pegQ5O}`kzU%9yLy;pGDGw}0Ao#T`4i9D>Cyq5g}
z>#iR=ek@i^ef;_4%IT}Ly^k+Qn~>D(CSRKnx9z&WSk{stDV2NY^{O+}*Tu<mu9ebG
zSiMZt^;W>0vMM3Q<>y?S9T?{y_Vg35(ApOgYY|fLUw&Ci;P0O`ck@oqmfSIyHMT9L
zWO9>&<1%xpfLCQZ>tz+V8a5Ps;jR#q^tSmfT$RXnXuI+IgB!okvN-Q+(J6n1`Sa0B
Sv($r)ZeP_5tz=$xa{&OMyW?d5

literal 0
HcmV?d00001

