eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test/pkcs7: Add test for wrong hash alg

Browse source 
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.

Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
Nick Child 2022-12-15 13:06:21 -06:00
parent 6759eb2c5f
commit ff2746fa56
2 changed files with 15 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/suites/test_suite_pkcs7.data
View file

@ -81,3 +81,8 @@ pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_
PKCS7 Signed Data Hash Verify with multiple signers #17 PKCS7 Signed Data Hash Verify with multiple signers #17
depends_on:MBEDTLS_SHA256_C depends_on:MBEDTLS_SHA256_C
pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
PKCS7 Signed Data Hash Verify Fail with multiple signers #18
depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C
pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL

26
tests/suites/test_suite_pkcs7.function
View file

@ -44,13 +44,12 @@ void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash
unsigned char *pkcs7_buf = NULL; unsigned char *pkcs7_buf = NULL;
size_t buflen; size_t buflen;
unsigned char *data = NULL; unsigned char *data = NULL;
unsigned char hash[32]; unsigned char hash[64];
struct stat st; struct stat st;
size_t datalen; size_t datalen;
int res; int res;
FILE *file; FILE *file;
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_md_type_t md_alg;
mbedtls_pkcs7 pkcs7; mbedtls_pkcs7 pkcs7;
mbedtls_x509_crt x509; mbedtls_x509_crt x509;
@ -84,15 +83,12 @@ void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash
fclose(file); fclose(file);
if (do_hash_alg) { if (do_hash_alg) {
res = mbedtls_oid_get_md_alg(&pkcs7.signed_data.digest_alg_identifiers, &md_alg); md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg);
TEST_EQUAL(res, 0);
TEST_EQUAL(md_alg, (mbedtls_md_type_t) do_hash_alg);
md_info = mbedtls_md_info_from_type(md_alg);
res = mbedtls_md(md_info, data, datalen, hash); res = mbedtls_md(md_info, data, datalen, hash);
TEST_EQUAL(res, 0); TEST_EQUAL(res, 0);
res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, sizeof(hash)); res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, mbedtls_md_get_size(md_info));
} else { } else {
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509, data, datalen); res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509, data, datalen);
} }
@ -118,13 +114,12 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file,
unsigned char *pkcs7_buf = NULL; unsigned char *pkcs7_buf = NULL;
size_t buflen; size_t buflen;
unsigned char *data = NULL; unsigned char *data = NULL;
unsigned char hash[32]; unsigned char hash[64];
struct stat st; struct stat st;
size_t datalen; size_t datalen;
int res; int res;
FILE *file; FILE *file;
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
mbedtls_md_type_t md_alg;
mbedtls_pkcs7 pkcs7; mbedtls_pkcs7 pkcs7;
mbedtls_x509_crt x509_1; mbedtls_x509_crt x509_1;
@ -164,24 +159,21 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file,
fclose(file); fclose(file);
if (do_hash_alg) { if (do_hash_alg) {
res = mbedtls_oid_get_md_alg(&pkcs7.signed_data.digest_alg_identifiers, &md_alg); md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg);
TEST_EQUAL(res, 0);
TEST_EQUAL(md_alg, MBEDTLS_MD_SHA256);
md_info = mbedtls_md_info_from_type(md_alg);
res = mbedtls_md(md_info, data, datalen, hash); res = mbedtls_md(md_info, data, datalen, hash);
TEST_EQUAL(res, 0); TEST_EQUAL(res, 0);
res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, sizeof(hash)); res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, mbedtls_md_get_size(md_info));
TEST_EQUAL(res, res_expect);
res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_2, hash, mbedtls_md_get_size(md_info));
TEST_EQUAL(res, res_expect); TEST_EQUAL(res, res_expect);
} else { } else {
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_1, data, datalen); res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_1, data, datalen);
TEST_EQUAL(res, res_expect); TEST_EQUAL(res, res_expect);
}
res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen); res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen);
TEST_EQUAL(res, res_expect); TEST_EQUAL(res, res_expect);
}
exit: exit:
mbedtls_x509_crt_free(&x509_1); mbedtls_x509_crt_free(&x509_1);