diff options
author | Nick Child <nick.child@ibm.com> | 2022-12-15 13:06:21 -0600 |
---|---|---|
committer | Nick Child <nick.child@ibm.com> | 2023-01-30 15:55:44 +0000 |
commit | ff2746fa56166569a1f33ee1ab048aeeb0d4028d (patch) | |
tree | 54baa0563541150e0fadec9ee44f989dd062d153 | |
parent | 6759eb2c5f26c50d39a3d90b3950d31dacfb2dad (diff) | |
download | mbedtls-ff2746fa56166569a1f33ee1ab048aeeb0d4028d.zip mbedtls-ff2746fa56166569a1f33ee1ab048aeeb0d4028d.tar.gz mbedtls-ff2746fa56166569a1f33ee1ab048aeeb0d4028d.tar.bz2 |
test/pkcs7: Add test for wrong hash alg
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.
Signed-off-by: Nick Child <nick.child@ibm.com>
-rw-r--r-- | tests/suites/test_suite_pkcs7.data | 5 | ||||
-rw-r--r-- | tests/suites/test_suite_pkcs7.function | 28 |
2 files changed, 15 insertions, 18 deletions
diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 571d5ad..3f5b414 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -81,3 +81,8 @@ pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_ PKCS7 Signed Data Hash Verify with multiple signers #17 depends_on:MBEDTLS_SHA256_C pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 + +PKCS7 Signed Data Hash Verify Fail with multiple signers #18 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL + diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 4fc416a..d5a69da 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -44,13 +44,12 @@ void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash unsigned char *pkcs7_buf = NULL; size_t buflen; unsigned char *data = NULL; - unsigned char hash[32]; + unsigned char hash[64]; struct stat st; size_t datalen; int res; FILE *file; const mbedtls_md_info_t *md_info; - mbedtls_md_type_t md_alg; mbedtls_pkcs7 pkcs7; mbedtls_x509_crt x509; @@ -84,15 +83,12 @@ void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash fclose(file); if (do_hash_alg) { - res = mbedtls_oid_get_md_alg(&pkcs7.signed_data.digest_alg_identifiers, &md_alg); - TEST_EQUAL(res, 0); - TEST_EQUAL(md_alg, (mbedtls_md_type_t) do_hash_alg); - md_info = mbedtls_md_info_from_type(md_alg); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); res = mbedtls_md(md_info, data, datalen, hash); TEST_EQUAL(res, 0); - res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, sizeof(hash)); + res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, mbedtls_md_get_size(md_info)); } else { res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509, data, datalen); } @@ -118,13 +114,12 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file, unsigned char *pkcs7_buf = NULL; size_t buflen; unsigned char *data = NULL; - unsigned char hash[32]; + unsigned char hash[64]; struct stat st; size_t datalen; int res; FILE *file; const mbedtls_md_info_t *md_info; - mbedtls_md_type_t md_alg; mbedtls_pkcs7 pkcs7; mbedtls_x509_crt x509_1; @@ -164,25 +159,22 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file, fclose(file); if (do_hash_alg) { - res = mbedtls_oid_get_md_alg(&pkcs7.signed_data.digest_alg_identifiers, &md_alg); - TEST_EQUAL(res, 0); - TEST_EQUAL(md_alg, MBEDTLS_MD_SHA256); - - md_info = mbedtls_md_info_from_type(md_alg); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); res = mbedtls_md(md_info, data, datalen, hash); TEST_EQUAL(res, 0); - res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, sizeof(hash)); + res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, mbedtls_md_get_size(md_info)); + TEST_EQUAL(res, res_expect); + res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_2, hash, mbedtls_md_get_size(md_info)); TEST_EQUAL(res, res_expect); } else { res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_1, data, datalen); TEST_EQUAL(res, res_expect); + res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen); + TEST_EQUAL(res, res_expect); } - res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen); - TEST_EQUAL(res, res_expect); - exit: mbedtls_x509_crt_free(&x509_1); mbedtls_x509_crt_free(&x509_2); |