1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/pkcs7.h" 4#include "mbedtls/x509.h" 5#include "mbedtls/x509_crt.h" 6#include "mbedtls/x509_crl.h" 7#include "mbedtls/oid.h" 8#include "sys/types.h" 9#include "sys/stat.h" 10/* END_HEADER */ 11 12/* BEGIN_DEPENDENCIES 13 * depends_on:MBEDTLS_PKCS7_C:MBEDTLS_RSA_C 14 * END_DEPENDENCIES 15 */ 16 17/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 18void pkcs7_parse( char *pkcs7_file, int res_expect ) 19{ 20 unsigned char *pkcs7_buf = NULL; 21 size_t buflen; 22 int res; 23 24 mbedtls_pkcs7 pkcs7; 25 26 mbedtls_pkcs7_init( &pkcs7 ); 27 28 res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); 29 TEST_EQUAL( res, 0 ); 30 31 res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); 32 TEST_EQUAL( res, res_expect ); 33 34exit: 35 mbedtls_free( pkcs7_buf ); 36 mbedtls_pkcs7_free( &pkcs7 ); 37} 38/* END_CASE */ 39 40/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ 41void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg, int res_expect ) 42{ 43 unsigned char *pkcs7_buf = NULL; 44 size_t buflen; 45 unsigned char *data = NULL; 46 unsigned char hash[32]; 47 struct stat st; 48 size_t datalen; 49 int res; 50 FILE *file; 51 const mbedtls_md_info_t *md_info; 52 mbedtls_md_type_t md_alg; 53 54 mbedtls_pkcs7 pkcs7; 55 mbedtls_x509_crt x509; 56 57 mbedtls_pkcs7_init( &pkcs7 ); 58 mbedtls_x509_crt_init( &x509 ); 59 60 USE_PSA_INIT(); 61 62 res = mbedtls_x509_crt_parse_file( &x509, crt ); 63 TEST_EQUAL( res, 0 ); 64 65 res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); 66 TEST_EQUAL( res, 0 ); 67 68 res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); 69 TEST_EQUAL( res, MBEDTLS_PKCS7_SIGNED_DATA ); 70 71 res = stat( filetobesigned, &st ); 72 TEST_EQUAL( res, 0 ); 73 74 file = fopen( filetobesigned, "rb" ); 75 TEST_ASSERT( file != NULL ); 76 77 datalen = st.st_size; 78 ASSERT_ALLOC( data, datalen ); 79 TEST_ASSERT( data != NULL ); 80 81 buflen = fread( (void *)data , sizeof( unsigned char ), datalen, file ); 82 TEST_EQUAL( buflen, datalen ); 83 fclose( file ); 84 85 if( do_hash_alg ) 86 { 87 res = mbedtls_oid_get_md_alg( &pkcs7.signed_data.digest_alg_identifiers, &md_alg ); 88 TEST_EQUAL( res, 0 ); 89 TEST_EQUAL( md_alg, (mbedtls_md_type_t) do_hash_alg ); 90 md_info = mbedtls_md_info_from_type( md_alg ); 91 92 res = mbedtls_md( md_info, data, datalen, hash ); 93 TEST_EQUAL( res, 0 ); 94 95 res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) ); 96 } 97 else 98 { 99 res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); 100 } 101 TEST_EQUAL( res, res_expect ); 102 103exit: 104 mbedtls_x509_crt_free( &x509 ); 105 mbedtls_free( data ); 106 mbedtls_pkcs7_free( &pkcs7 ); 107 mbedtls_free( pkcs7_buf ); 108 USE_PSA_DONE(); 109} 110/* END_CASE */ 111 112/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ 113void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned, int do_hash_alg, int res_expect ) 114{ 115 unsigned char *pkcs7_buf = NULL; 116 size_t buflen; 117 unsigned char *data = NULL; 118 unsigned char hash[32]; 119 struct stat st; 120 size_t datalen; 121 int res; 122 FILE *file; 123 const mbedtls_md_info_t *md_info; 124 mbedtls_md_type_t md_alg; 125 126 mbedtls_pkcs7 pkcs7; 127 mbedtls_x509_crt x509_1; 128 mbedtls_x509_crt x509_2; 129 130 mbedtls_pkcs7_init( &pkcs7 ); 131 mbedtls_x509_crt_init( &x509_1 ); 132 mbedtls_x509_crt_init( &x509_2 ); 133 134 USE_PSA_INIT(); 135 136 res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); 137 TEST_EQUAL( res, 0 ); 138 139 res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); 140 TEST_EQUAL( res, MBEDTLS_PKCS7_SIGNED_DATA ); 141 142 TEST_EQUAL( pkcs7.signed_data.no_of_signers, 2 ); 143 144 res = mbedtls_x509_crt_parse_file( &x509_1, crt1 ); 145 TEST_EQUAL( res, 0 ); 146 147 res = mbedtls_x509_crt_parse_file( &x509_2, crt2 ); 148 TEST_EQUAL( res, 0 ); 149 150 res = stat( filetobesigned, &st ); 151 TEST_EQUAL( res, 0 ); 152 153 file = fopen( filetobesigned, "rb" ); 154 TEST_ASSERT( file != NULL ); 155 156 datalen = st.st_size; 157 ASSERT_ALLOC( data, datalen ); 158 buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); 159 TEST_EQUAL( buflen, datalen ); 160 161 fclose( file ); 162 163 if( do_hash_alg ) 164 { 165 res = mbedtls_oid_get_md_alg( &pkcs7.signed_data.digest_alg_identifiers, &md_alg ); 166 TEST_EQUAL( res, 0 ); 167 TEST_EQUAL( md_alg, MBEDTLS_MD_SHA256 ); 168 169 md_info = mbedtls_md_info_from_type( md_alg ); 170 171 res = mbedtls_md( md_info, data, datalen, hash ); 172 TEST_EQUAL( res, 0 ); 173 174 res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash) ); 175 TEST_EQUAL( res, res_expect ); 176 } 177 else 178 { 179 res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen ); 180 TEST_EQUAL( res, res_expect ); 181 } 182 183 res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); 184 TEST_EQUAL( res, res_expect ); 185 186exit: 187 mbedtls_x509_crt_free( &x509_1 ); 188 mbedtls_x509_crt_free( &x509_2 ); 189 mbedtls_pkcs7_free( &pkcs7 ); 190 mbedtls_free( data ); 191 mbedtls_free( pkcs7_buf ); 192 USE_PSA_DONE(); 193} 194/* END_CASE */ 195
