• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/pkcs7.h"
4#include "mbedtls/x509.h"
5#include "mbedtls/x509_crt.h"
6#include "mbedtls/x509_crl.h"
7#include "mbedtls/oid.h"
8#include "sys/types.h"
9#include "sys/stat.h"
10#include "mbedtls/rsa.h"
11/* END_HEADER */
12
13/* BEGIN_DEPENDENCIES
14 * depends_on:MBEDTLS_PKCS7_C
15 * END_DEPENDENCIES
16 */
17/* BEGIN_SUITE_HELPERS */
18int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen)
19{
20    int res;
21    mbedtls_pkcs7 pkcs7;
22
23    mbedtls_pkcs7_init(&pkcs7);
24    res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
25    mbedtls_pkcs7_free(&pkcs7);
26    return res;
27}
28/* END_SUITE_HELPERS */
29
30/* BEGIN_CASE */
31void pkcs7_asn1_fail(data_t *pkcs7_buf)
32{
33    int res;
34    res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len);
35    TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA);
36
37}
38/* END_CASE */
39
40/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
41void pkcs7_parse(char *pkcs7_file, int res_expect)
42{
43    unsigned char *pkcs7_buf = NULL;
44    size_t buflen;
45    int res;
46
47    res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
48    TEST_EQUAL(res, 0);
49
50    res = pkcs7_parse_buffer(pkcs7_buf, buflen);
51    TEST_EQUAL(res, res_expect);
52
53exit:
54    mbedtls_free(pkcs7_buf);
55}
56/* END_CASE */
57
58/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
59void pkcs7_verify(char *pkcs7_file,
60                  char *crt_files,
61                  char *filetobesigned,
62                  int do_hash_alg,
63                  int res_expect)
64{
65    unsigned char *pkcs7_buf = NULL;
66    size_t buflen, i, k, cnt = 0, n_crts = 1;
67    unsigned char *data = NULL;
68    char **crt_files_arr = NULL;
69    unsigned char *hash = NULL;
70    struct stat st;
71    size_t datalen;
72    int res;
73    FILE *file;
74    const mbedtls_md_info_t *md_info;
75    mbedtls_pkcs7 pkcs7;
76    mbedtls_x509_crt **crts = NULL;
77
78
79    /* crt_files are space seprated list */
80    for (i = 0; i < strlen(crt_files); i++) {
81        if (crt_files[i] == ' ') {
82            n_crts++;
83        }
84    }
85
86    ASSERT_ALLOC(crts, sizeof(*crts)*n_crts);
87    ASSERT_ALLOC(crt_files_arr, sizeof(*crt_files_arr)*n_crts);
88
89    for (i = 0; i < strlen(crt_files); i++) {
90        for (k = i; k < strlen(crt_files); k++) {
91            if (crt_files[k] == ' ') {
92                break;
93            }
94        }
95        ASSERT_ALLOC(crt_files_arr[cnt], (k-i)+1);
96        crt_files_arr[cnt][k-i] = '\0';
97        memcpy(crt_files_arr[cnt++], crt_files + i, k-i);
98        i = k;
99    }
100
101    mbedtls_pkcs7_init(&pkcs7);
102    for (i = 0; i < n_crts; i++) {
103        ASSERT_ALLOC(crts[i], sizeof(*crts[i]));
104        mbedtls_x509_crt_init(crts[i]);
105    }
106
107    USE_PSA_INIT();
108
109    res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
110    TEST_EQUAL(res, 0);
111
112    res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
113    TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA);
114
115    TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts);
116
117    for (i = 0; i < n_crts; i++) {
118        res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]);
119        TEST_EQUAL(res, 0);
120    }
121
122    res = stat(filetobesigned, &st);
123    TEST_EQUAL(res, 0);
124
125    file = fopen(filetobesigned, "rb");
126    TEST_ASSERT(file != NULL);
127
128    datalen = st.st_size;
129    /* Special-case for zero-length input so that data will be non-NULL */
130    ASSERT_ALLOC(data, datalen == 0 ? 1 : datalen);
131    buflen = fread((void *) data, sizeof(unsigned char), datalen, file);
132    TEST_EQUAL(buflen, datalen);
133
134    fclose(file);
135
136    if (do_hash_alg) {
137        md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg);
138        ASSERT_ALLOC(hash, mbedtls_md_get_size(md_info));
139        res = mbedtls_md(md_info, data, datalen, hash);
140        TEST_EQUAL(res, 0);
141
142        for (i = 0; i < n_crts; i++) {
143            res =
144                mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash,
145                                                 mbedtls_md_get_size(md_info));
146            TEST_EQUAL(res, res_expect);
147        }
148    } else {
149        for (i = 0; i < n_crts; i++) {
150            res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen);
151            TEST_EQUAL(res, res_expect);
152        }
153    }
154
155exit:
156    for (i = 0; i < n_crts; i++) {
157        mbedtls_x509_crt_free(crts[i]);
158        mbedtls_free(crts[i]);
159        mbedtls_free(crt_files_arr[i]);
160    }
161    mbedtls_free(hash);
162    mbedtls_pkcs7_free(&pkcs7);
163    mbedtls_free(crt_files_arr);
164    mbedtls_free(crts);
165    mbedtls_free(data);
166    mbedtls_free(pkcs7_buf);
167    USE_PSA_DONE();
168}
169/* END_CASE */
170