tests/pkcs7: add tests for authenticated attributes

Signed-off-by: Beniamin Sandu <[email protected]>
Mbed-TLS · Sep 13, 2023 · 7b38ba2 · 7b38ba2
1 parent 66b5f2f
commit 7b38ba2
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 0 deletions.
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
@@ -1978,6 +1978,37 @@ pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
 	$(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt
 all_final += pkcs7_data_cert_encrypted.der
 
+##################################################
+# Authenticated attributes tests
+
+# pkcs7 file with 1 signer + authenticated attributes + nocert
+pkcs7_data_auth_attr_nocert.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -outform der -out $@
+all_final += pkcs7_data_auth_attr_nocert.der
+
+# pkcs7 file with 1 signer + authenticated attributes + 1 cert
+pkcs7_data_auth_attr_cert.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -md sha256 -signer pkcs7-rsa-sha256-1.pem -outform der -out $@
+all_final += pkcs7_data_auth_attr_cert.der
+
+# pkcs7 file with 2 signers + authenticated attributes
+pkcs7_data_auth_attr_2_signers.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2)
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -outform der -out $@
+all_final += pkcs7_data_auth_attr_2_signers.der
+
+# pkcs7 file with bad message digest inside authenticated attributes
+pkcs7_data_auth_attr_bad_message_digest.der: pkcs7_data_auth_attr_nocert.der
+	cp pkcs7_data_auth_attr_nocert.der $@
+	echo '00' | xxd -r -p | dd of=$@ bs=1 seek=240 conv=notrunc
+all_final += pkcs7_data_auth_attr_bad_message_digest.der
+
+# pkcs7 file with authenticated attributes and bad signature
+pkcs7_data_auth_attr_bad_signature.der: pkcs7_data_auth_attr_nocert.der
+	cp pkcs7_data_auth_attr_nocert.der $@
+	echo '00' | xxd -r -p | dd of=$@ bs=1 seek=420 conv=notrunc
+all_final += pkcs7_data_auth_attr_bad_signature.der
+###################################################
+
 ## Negative tests
 # For some interesting sizes, what happens if we make them off-by-one?
 pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der

diff --git a/tests/data_files/pkcs7_data_auth_attr_2_signers.der b/tests/data_files/pkcs7_data_auth_attr_2_signers.der
diff --git a/tests/data_files/pkcs7_data_auth_attr_bad_message_digest.der b/tests/data_files/pkcs7_data_auth_attr_bad_message_digest.der
diff --git a/tests/data_files/pkcs7_data_auth_attr_bad_signature.der b/tests/data_files/pkcs7_data_auth_attr_bad_signature.der
diff --git a/tests/data_files/pkcs7_data_auth_attr_cert.der b/tests/data_files/pkcs7_data_auth_attr_cert.der
diff --git a/tests/data_files/pkcs7_data_auth_attr_nocert.der b/tests/data_files/pkcs7_data_auth_attr_nocert.der
diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
@@ -154,6 +154,26 @@ PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2
 depends_on:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C
 pkcs7_verify:"data_files/pkcs7_data_rsa_expired.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
 
+PKCS7 Signed Data Verify 1 signer + authenticated attributes + nocert
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_nocert.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:0
+
+PKCS7 Signed Data Verify 1 signer + authenticated attributes + 1 cert
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_cert.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:0
+
+PKCS7 Signed Data Verify 2 signers + authenticated attributes
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_2_signers.der":"data_files/pkcs7-rsa-sha256-1.pem data_files/pkcs7-rsa-sha256-2.pem":"data_files/pkcs7_data.bin":0:0
+
+PKCS7 Signed Data Verify Fail bad message digest inside authenticated attributes
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_bad_message_digest.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_INVALID_AUTH_ATTR
+
+PKCS7 Signed Data Verify Fail authenticated attributes +  bad signature
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_bad_signature.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
 PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0
 depends_on:MBEDTLS_MD_CAN_SHA256
 pkcs7_asn1_fail:"003082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0"