1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/bignum.h" 3*62c56f98SSadaf Ebrahimi#include "mbedtls/pkcs7.h" 4*62c56f98SSadaf Ebrahimi#include "mbedtls/x509.h" 5*62c56f98SSadaf Ebrahimi#include "mbedtls/x509_crt.h" 6*62c56f98SSadaf Ebrahimi#include "mbedtls/x509_crl.h" 7*62c56f98SSadaf Ebrahimi#include "mbedtls/oid.h" 8*62c56f98SSadaf Ebrahimi#include "sys/types.h" 9*62c56f98SSadaf Ebrahimi#include "sys/stat.h" 10*62c56f98SSadaf Ebrahimi#include "mbedtls/rsa.h" 11*62c56f98SSadaf Ebrahimi#include "mbedtls/error.h" 12*62c56f98SSadaf Ebrahimi/* END_HEADER */ 13*62c56f98SSadaf Ebrahimi 14*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 15*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_PKCS7_C 16*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 17*62c56f98SSadaf Ebrahimi */ 18*62c56f98SSadaf Ebrahimi/* BEGIN_SUITE_HELPERS */ 19*62c56f98SSadaf Ebrahimiint pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) 20*62c56f98SSadaf Ebrahimi{ 21*62c56f98SSadaf Ebrahimi int res; 22*62c56f98SSadaf Ebrahimi mbedtls_pkcs7 pkcs7; 23*62c56f98SSadaf Ebrahimi 24*62c56f98SSadaf Ebrahimi mbedtls_pkcs7_init(&pkcs7); 25*62c56f98SSadaf Ebrahimi res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); 26*62c56f98SSadaf Ebrahimi mbedtls_pkcs7_free(&pkcs7); 27*62c56f98SSadaf Ebrahimi return res; 28*62c56f98SSadaf Ebrahimi} 29*62c56f98SSadaf Ebrahimi/* END_SUITE_HELPERS */ 30*62c56f98SSadaf Ebrahimi 31*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 32*62c56f98SSadaf Ebrahimivoid pkcs7_asn1_fail(data_t *pkcs7_buf) 33*62c56f98SSadaf Ebrahimi{ 34*62c56f98SSadaf Ebrahimi int res; 35*62c56f98SSadaf Ebrahimi res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len); 36*62c56f98SSadaf Ebrahimi TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA); 37*62c56f98SSadaf Ebrahimi 38*62c56f98SSadaf Ebrahimi} 39*62c56f98SSadaf Ebrahimi/* END_CASE */ 40*62c56f98SSadaf Ebrahimi 41*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 42*62c56f98SSadaf Ebrahimivoid pkcs7_parse(char *pkcs7_file, int res_expect) 43*62c56f98SSadaf Ebrahimi{ 44*62c56f98SSadaf Ebrahimi unsigned char *pkcs7_buf = NULL; 45*62c56f98SSadaf Ebrahimi size_t buflen; 46*62c56f98SSadaf Ebrahimi int res; 47*62c56f98SSadaf Ebrahimi 48*62c56f98SSadaf Ebrahimi res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); 49*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, 0); 50*62c56f98SSadaf Ebrahimi 51*62c56f98SSadaf Ebrahimi res = pkcs7_parse_buffer(pkcs7_buf, buflen); 52*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, res_expect); 53*62c56f98SSadaf Ebrahimi 54*62c56f98SSadaf Ebrahimiexit: 55*62c56f98SSadaf Ebrahimi mbedtls_free(pkcs7_buf); 56*62c56f98SSadaf Ebrahimi} 57*62c56f98SSadaf Ebrahimi/* END_CASE */ 58*62c56f98SSadaf Ebrahimi 59*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ 60*62c56f98SSadaf Ebrahimivoid pkcs7_verify(char *pkcs7_file, 61*62c56f98SSadaf Ebrahimi char *crt_files, 62*62c56f98SSadaf Ebrahimi char *filetobesigned, 63*62c56f98SSadaf Ebrahimi int do_hash_alg, 64*62c56f98SSadaf Ebrahimi int res_expect) 65*62c56f98SSadaf Ebrahimi{ 66*62c56f98SSadaf Ebrahimi unsigned char *pkcs7_buf = NULL; 67*62c56f98SSadaf Ebrahimi size_t buflen, i, k, cnt = 0, n_crts = 1; 68*62c56f98SSadaf Ebrahimi unsigned char *data = NULL; 69*62c56f98SSadaf Ebrahimi char **crt_files_arr = NULL; 70*62c56f98SSadaf Ebrahimi unsigned char *hash = NULL; 71*62c56f98SSadaf Ebrahimi struct stat st; 72*62c56f98SSadaf Ebrahimi size_t datalen; 73*62c56f98SSadaf Ebrahimi int res; 74*62c56f98SSadaf Ebrahimi FILE *file; 75*62c56f98SSadaf Ebrahimi const mbedtls_md_info_t *md_info; 76*62c56f98SSadaf Ebrahimi mbedtls_pkcs7 pkcs7; 77*62c56f98SSadaf Ebrahimi mbedtls_x509_crt **crts = NULL; 78*62c56f98SSadaf Ebrahimi 79*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_INIT(); 80*62c56f98SSadaf Ebrahimi 81*62c56f98SSadaf Ebrahimi mbedtls_pkcs7_init(&pkcs7); 82*62c56f98SSadaf Ebrahimi 83*62c56f98SSadaf Ebrahimi /* crt_files are space seprated list */ 84*62c56f98SSadaf Ebrahimi for (i = 0; i < strlen(crt_files); i++) { 85*62c56f98SSadaf Ebrahimi if (crt_files[i] == ' ') { 86*62c56f98SSadaf Ebrahimi n_crts++; 87*62c56f98SSadaf Ebrahimi } 88*62c56f98SSadaf Ebrahimi } 89*62c56f98SSadaf Ebrahimi 90*62c56f98SSadaf Ebrahimi TEST_CALLOC(crts, n_crts); 91*62c56f98SSadaf Ebrahimi TEST_CALLOC(crt_files_arr, n_crts); 92*62c56f98SSadaf Ebrahimi 93*62c56f98SSadaf Ebrahimi for (i = 0; i < strlen(crt_files); i++) { 94*62c56f98SSadaf Ebrahimi for (k = i; k < strlen(crt_files); k++) { 95*62c56f98SSadaf Ebrahimi if (crt_files[k] == ' ') { 96*62c56f98SSadaf Ebrahimi break; 97*62c56f98SSadaf Ebrahimi } 98*62c56f98SSadaf Ebrahimi } 99*62c56f98SSadaf Ebrahimi TEST_CALLOC(crt_files_arr[cnt], (k-i)+1); 100*62c56f98SSadaf Ebrahimi crt_files_arr[cnt][k-i] = '\0'; 101*62c56f98SSadaf Ebrahimi memcpy(crt_files_arr[cnt++], crt_files + i, k-i); 102*62c56f98SSadaf Ebrahimi i = k; 103*62c56f98SSadaf Ebrahimi } 104*62c56f98SSadaf Ebrahimi 105*62c56f98SSadaf Ebrahimi for (i = 0; i < n_crts; i++) { 106*62c56f98SSadaf Ebrahimi TEST_CALLOC(crts[i], 1); 107*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_init(crts[i]); 108*62c56f98SSadaf Ebrahimi } 109*62c56f98SSadaf Ebrahimi 110*62c56f98SSadaf Ebrahimi res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); 111*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, 0); 112*62c56f98SSadaf Ebrahimi 113*62c56f98SSadaf Ebrahimi res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); 114*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA); 115*62c56f98SSadaf Ebrahimi 116*62c56f98SSadaf Ebrahimi TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts); 117*62c56f98SSadaf Ebrahimi 118*62c56f98SSadaf Ebrahimi for (i = 0; i < n_crts; i++) { 119*62c56f98SSadaf Ebrahimi res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]); 120*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, 0); 121*62c56f98SSadaf Ebrahimi } 122*62c56f98SSadaf Ebrahimi 123*62c56f98SSadaf Ebrahimi res = stat(filetobesigned, &st); 124*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, 0); 125*62c56f98SSadaf Ebrahimi 126*62c56f98SSadaf Ebrahimi file = fopen(filetobesigned, "rb"); 127*62c56f98SSadaf Ebrahimi TEST_ASSERT(file != NULL); 128*62c56f98SSadaf Ebrahimi 129*62c56f98SSadaf Ebrahimi datalen = st.st_size; 130*62c56f98SSadaf Ebrahimi /* Special-case for zero-length input so that data will be non-NULL */ 131*62c56f98SSadaf Ebrahimi TEST_CALLOC(data, datalen == 0 ? 1 : datalen); 132*62c56f98SSadaf Ebrahimi buflen = fread((void *) data, sizeof(unsigned char), datalen, file); 133*62c56f98SSadaf Ebrahimi TEST_EQUAL(buflen, datalen); 134*62c56f98SSadaf Ebrahimi 135*62c56f98SSadaf Ebrahimi fclose(file); 136*62c56f98SSadaf Ebrahimi 137*62c56f98SSadaf Ebrahimi if (do_hash_alg) { 138*62c56f98SSadaf Ebrahimi md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); 139*62c56f98SSadaf Ebrahimi TEST_CALLOC(hash, mbedtls_md_get_size(md_info)); 140*62c56f98SSadaf Ebrahimi res = mbedtls_md(md_info, data, datalen, hash); 141*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, 0); 142*62c56f98SSadaf Ebrahimi 143*62c56f98SSadaf Ebrahimi for (i = 0; i < n_crts; i++) { 144*62c56f98SSadaf Ebrahimi res = 145*62c56f98SSadaf Ebrahimi mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash, 146*62c56f98SSadaf Ebrahimi mbedtls_md_get_size(md_info)); 147*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, res_expect); 148*62c56f98SSadaf Ebrahimi } 149*62c56f98SSadaf Ebrahimi } else { 150*62c56f98SSadaf Ebrahimi for (i = 0; i < n_crts; i++) { 151*62c56f98SSadaf Ebrahimi res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen); 152*62c56f98SSadaf Ebrahimi TEST_EQUAL(res, res_expect); 153*62c56f98SSadaf Ebrahimi } 154*62c56f98SSadaf Ebrahimi } 155*62c56f98SSadaf Ebrahimi 156*62c56f98SSadaf Ebrahimiexit: 157*62c56f98SSadaf Ebrahimi for (i = 0; i < n_crts; i++) { 158*62c56f98SSadaf Ebrahimi mbedtls_x509_crt_free(crts[i]); 159*62c56f98SSadaf Ebrahimi mbedtls_free(crts[i]); 160*62c56f98SSadaf Ebrahimi mbedtls_free(crt_files_arr[i]); 161*62c56f98SSadaf Ebrahimi } 162*62c56f98SSadaf Ebrahimi mbedtls_free(hash); 163*62c56f98SSadaf Ebrahimi mbedtls_pkcs7_free(&pkcs7); 164*62c56f98SSadaf Ebrahimi mbedtls_free(crt_files_arr); 165*62c56f98SSadaf Ebrahimi mbedtls_free(crts); 166*62c56f98SSadaf Ebrahimi mbedtls_free(data); 167*62c56f98SSadaf Ebrahimi mbedtls_free(pkcs7_buf); 168*62c56f98SSadaf Ebrahimi MD_OR_USE_PSA_DONE(); 169*62c56f98SSadaf Ebrahimi} 170*62c56f98SSadaf Ebrahimi/* END_CASE */ 171