From 7b38ba2983752825975606d1fa8512facb26e438 Mon Sep 17 00:00:00 2001
From: Beniamin Sandu <beniaminsandu@gmail.com>
Date: Fri, 11 Aug 2023 21:38:40 +0300
Subject: [PATCH] tests/pkcs7: add tests for authenticated attributes

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
---
 tests/data_files/Makefile                     |  31 ++++++++++++++++++
 .../pkcs7_data_auth_attr_2_signers.der        | Bin 0 -> 1272 bytes
 ...kcs7_data_auth_attr_bad_message_digest.der | Bin 0 -> 666 bytes
 .../pkcs7_data_auth_attr_bad_signature.der    | Bin 0 -> 666 bytes
 .../data_files/pkcs7_data_auth_attr_cert.der  | Bin 0 -> 1515 bytes
 .../pkcs7_data_auth_attr_nocert.der           | Bin 0 -> 666 bytes
 tests/suites/test_suite_pkcs7.data            |  20 +++++++++++
 7 files changed, 51 insertions(+)
 create mode 100644 tests/data_files/pkcs7_data_auth_attr_2_signers.der
 create mode 100644 tests/data_files/pkcs7_data_auth_attr_bad_message_digest.der
 create mode 100644 tests/data_files/pkcs7_data_auth_attr_bad_signature.der
 create mode 100644 tests/data_files/pkcs7_data_auth_attr_cert.der
 create mode 100644 tests/data_files/pkcs7_data_auth_attr_nocert.der

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index b5f0844c9d08..59c8a0fb2fef 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1978,6 +1978,37 @@ pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
 	$(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt
 all_final += pkcs7_data_cert_encrypted.der
 
+##################################################
+# Authenticated attributes tests
+
+# pkcs7 file with 1 signer + authenticated attributes + nocert
+pkcs7_data_auth_attr_nocert.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -outform der -out $@
+all_final += pkcs7_data_auth_attr_nocert.der
+
+# pkcs7 file with 1 signer + authenticated attributes + 1 cert
+pkcs7_data_auth_attr_cert.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -md sha256 -signer pkcs7-rsa-sha256-1.pem -outform der -out $@
+all_final += pkcs7_data_auth_attr_cert.der
+
+# pkcs7 file with 2 signers + authenticated attributes
+pkcs7_data_auth_attr_2_signers.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2)
+	$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -outform der -out $@
+all_final += pkcs7_data_auth_attr_2_signers.der
+
+# pkcs7 file with bad message digest inside authenticated attributes
+pkcs7_data_auth_attr_bad_message_digest.der: pkcs7_data_auth_attr_nocert.der
+	cp pkcs7_data_auth_attr_nocert.der $@
+	echo '00' | xxd -r -p | dd of=$@ bs=1 seek=240 conv=notrunc
+all_final += pkcs7_data_auth_attr_bad_message_digest.der
+
+# pkcs7 file with authenticated attributes and bad signature
+pkcs7_data_auth_attr_bad_signature.der: pkcs7_data_auth_attr_nocert.der
+	cp pkcs7_data_auth_attr_nocert.der $@
+	echo '00' | xxd -r -p | dd of=$@ bs=1 seek=420 conv=notrunc
+all_final += pkcs7_data_auth_attr_bad_signature.der
+###################################################
+
 ## Negative tests
 # For some interesting sizes, what happens if we make them off-by-one?
 pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der
diff --git a/tests/data_files/pkcs7_data_auth_attr_2_signers.der b/tests/data_files/pkcs7_data_auth_attr_2_signers.der
new file mode 100644
index 0000000000000000000000000000000000000000..9712beac3d4083cdcd21ef9471452c5de4391d85
GIT binary patch
literal 1272
zcmXqLV)??xsnzDu_MMlJooPW6%Tt3UmWND?jE4LMylk8aZ61uN%q&cdtPBR+2!)J>
zO)Ps1nwX-13JrV=ObodVIN6v(S=fY`{Co`g40u2sE*{nZZ|7ihLs0`^5TBWc2h3M+
zPAw`?Fk})@PC6^JR@84pbK1<#Q(xL{dz}h@jArSA#wP|6aC<qK4UrvTAcK%$HRKoP
zH8M7^Ff=i+G_W)>jxx|k$g&tJu_&;veb9e?Bg+?VRkMY@f3Ce0yXO4$e1prz2^!nj
z*Y$gH7*rxO@EhhBWPyAP4FE<hWR4gzhsl78jRO*b%<Kkya5fVY6GH>gJ1{vWCPoJX
zb~aXRK4vC%RB;WEuc48^2n=eLCPs#ib1WyWh);D7^bq|KGSBBFTg0Wf)e8SC4?lbT
za&Po~bN=Aj-CK7*2{kmW7802CQ|?h=`!7bNc=3ZjK097<)oZ^m61ev1!Yl#f7qLfY
z%~IdGp4a0gXZ6>Uce?mBU%Y#e)B5p-Q(cwrT9qkNx_xtJrwUzPe|FBnYq45e_jcZK
zJERb*_kwBa<nwb1f3Uadx=yhvkoJ8%>AqXEABWBq@6d!g!-bcgZ;VlY*R?EuVz)f^
z$2A(3zb)^a37Pz}ehnMzyEg~3MZ-;M5_IoWzGwedaei@==d2~N@?l$*W45fdFRv=T
za9C>D`OKWtR>G^;xW5FI+?t$lD~fUFg55jj9BQ+<9!6Q}GGY?Z<ydsYndPtX+z&eU
z#klI_MJHI<jixSW>SDMPvn;7j<Q9Y1SHX)44==p_Y~z?@_A{@Gqi5T^H~vPPJ3hV@
zTJL$&sN$@ZMX&6=2MMbdL}xIq?W)mTbBJ@@mXmQgwW}{B*p`MwFH#ck?T&fz<lUay
zqYA1!<=0*hoN;45-{N!zdE4)~zSi6i5-MkeF-@x~vX3~alFBL2G;R6s+ww7IHMZ|J
zXiQhQAz%OeuDiEuNW$h=t4X}R9+z*NI`^I{FTC<_c_;I%2kHBcZ%pX)uTN~>e%<Y#
zzkY{v=?{%e-Ol?*A4-Sh?V2}-N7(+n*j{E$-*>a}wr!i|&hzN*ecgzEeV<*|l)o41
bcy%pTdCxO#&y7pww_Uh7?Z)yYZ=<aM#-p*Z

literal 0
HcmV?d00001

diff --git a/tests/data_files/pkcs7_data_auth_attr_bad_message_digest.der b/tests/data_files/pkcs7_data_auth_attr_bad_message_digest.der
new file mode 100644
index 0000000000000000000000000000000000000000..65100331c4a2deaa25f0ef7f9dca84dc76aabadd
GIT binary patch
literal 666
zcmXqLVw%RrsnzDu_MMlJooPW6Q@cSEQ!^7IqanWmFB@k<n+IbmGYb<VD}w<yLLsAJ
z6H^>eVH8lIfscWSA-4f18*?ZNn=q4~k0GA{4~WCX!y4f29BghVY9I{aGxP9(`3lad
zMI{P`Od`rjXNA^^`fX@Vo7s8lOWSR)Q{j)%EM3s}#6SXWFDJ7hvLg&+5HhTW{NlVu
z#s(IKCI%M91_owP2KoqD7DFW#1=h6>`WZH|eBo9#Tj=}e+Dox(&R@?rxNMxDv5kFQ
zzbA)5B|-zgVU9r-$j8tCVAMk9h#_;B47k`hAR)-iZomg;GchqSGyuH=lVf6HbTD9N
zW7XzkW@1Mb*8uq%8VQWRpk`@eWDwE_;PvpIS9oOOthroIJh}JFE&Y?jAFTO4#o3tM
zen;sAUJ<2a<@5~|x0U5`|9+^+exDI&_cz`0eUcE9nCX<WSECPqy&ZKUqe^Q+&jELd
z6xFDCF$^1~i-#5;d~SQ1Wnq|qkm$wOX_Bjc3Wff^{i9m?c!|7t>i(kW12a3K@?5)1
zC#V11c{%&z><6l=HB5iGU*u<OOr5!2=%RS<G&PagX5Kk+92q^Ia+@xjulAl3a4^;|
z!&l16Sz61krtopZwf$B6!95AtFD8ojL@j=`wsLv(M}w`8w2r#k)$`A1I{k<*qPw0Y
haKjwAc9C~!+*2i=rw0f)nQC2E3cYf6W#Xf5SpW$n(#ik;

literal 0
HcmV?d00001

diff --git a/tests/data_files/pkcs7_data_auth_attr_bad_signature.der b/tests/data_files/pkcs7_data_auth_attr_bad_signature.der
new file mode 100644
index 0000000000000000000000000000000000000000..bfbe77c3667fb22a860322ed4821e8883c9e73f6
GIT binary patch
literal 666
zcmXqLVw%RrsnzDu_MMlJooPW6Q@cSEQ!^7IqanWmFB@k<n+IbmGYb<VD}w<yLLsAJ
z6H^>eVH8lIfscWSA-4f18*?ZNn=q4~k0GA{4~WCX!y4f29BghVY9I{aGxP9(`3lad
zMI{P`Od`rjXNA^^`fX@Vo7s8lOWSR)Q{j)%EM3s}#6SXWFDJ7hvLg&+5HhTW{NlVu
z#s(IKCI%M91_owP2KoqD7DFW#1=h6>`p<7<`NFMgw$S&_wU=VooWGuLaM?IPV;lRr
zeoqdAN`wY}!yJPwkdL7Oz^H}H5kuxM8E~<2Kthn2-GC3yW@2JuXaIT#Cdb6Y=wQIk
z#;VQ7%*2i=t^x8jG!htrLCw;{$RMN<!0X{Zukgr5hPhl%Jh}JFE&Y?jAFTO4#o3tM
zen;sAUJ<2a<@5~|x0U5`|9+^+exDI&_cz`0eUcE9nCX<WSECPqy&ZKUqe^Q+&jELd
z6xFDCF$^1~i-#5;d~SQ1Wnq|qkm$wOX_Bjc3Wff^{i9m?c!|7t>i(kW12a3K@?5)1
zC#V11c{%&z><6l=HB5iGU*u<OOr5!2=%RS<G&PagX5Kk+92q^Ia+@xjulAl3a4^;|
z!&l16Sz61krtopZwf$B6!95AtFD8ojL@j=`wsLv(M}w`8w2r#k)$`A1I{k<*qPw0Y
haKjwAc9C~!+*2i=rw0f)nQC2E3cYf6W#Xf5SpdzR(*FPe

literal 0
HcmV?d00001

diff --git a/tests/data_files/pkcs7_data_auth_attr_cert.der b/tests/data_files/pkcs7_data_auth_attr_cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..e03a2a6e5dd7921c9afe54b03abcbd4a004f0f6e
GIT binary patch
literal 1515
zcmXqLVtvlWsnzDu_MMlJooPW6>kWe@)+<bmjE4LMylk8aZ61uN%q&cdtPBR+2!)Ib
znwWhJnwUKenwSh1Ff%bSF^MQAofTRu>bIdeZD!}GFKxHIPK7@P838q%ksD})i6OTE
zCmVAp3!5;LpN}D*0S}17#lsrl?Hp`wC~6=K;xqH`fcXl}sYN9Uh6Zxtyhg?brUn*<
z28Nb~hEd|Y#>iYUO>JUSLUta|hs;fk{0s(7j9g4jjEoGk7KNToySzqX&T7S#B`Yif
zo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7Sx;5Z{lB?%wofhpz1QVsn$H)t>UeY8
z2(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R(=O0oq|o18dZqHyLcdq6SNL!H@{~Cq
zE>?@4V8e5FuftK+Nq2QR7pw13Dv$WBsS+t?S~w^8`J$+=0#4U?W}AH#&08L^{Nv|Y
zES>HGT-SDLh~8Xcy))<?OR<f)t;FY8exV4Fj0ZhOvS0l1vGAMVS!1!%!**#z@T1L=
z2hUlqy1Qr5uLQwm`y1s2h4=2ddF@GbMuSzpVfU49sfT}`Df&HG?(HXylT6Hv42+9|
z4FU~hfsrE1$0EieB7MI2nOMH?Tl-?xzMR$iD+4A>$~TY)Nh`BR7>G4sSHKTaAk4`4
zpM}+c8Au@qJ1|uMgPoCK((bm$p6*YcPMqN0p&fl;vHUc{ixIyY^p{_|l(?S7eCA1!
z<JN|AS8+T~wvb4l`)5hs<qZc{%-S;HP=IhvL)XUtvZk8pc8eD&{4%S(UemPyt@WOz
zBKfEGR+{XeaDQ`)ThO^Hi8nXTJt)DQl;hW!!{6~Z`(5tb{{JRZ3MWj@Ir#J60jc%_
z_cuLS$X&L+K|pBJ%q=>~%#GViWh+AsSR~%An0j=J%imK{OIF6D=l|H!Q}wW4W0LbX
zJOA6}&mUOD1zFA2=+v?CsbdP|OxtF4vE%=@hUu0Czn8mrDTRgzzD(V^CDF`ch2N7t
z;n$^?BBsbKd8qp?|HhB%b5Ab(<v0<Qdz{~}i75`4nWBI>&%lSg6pcFzBIV)*jZX|D
z;F*$>*$_Eb8^|DJSPl8X+0Mey#K6MD(7-IpKp!E?VyMKTz`FK9|M`t9U$|Ax7W)3V
z_EPMc^VjnYE*mFkY-3;7@5y0MiO|4rm}8IyDng)cVbntAh#_;B47k`hAf*N~y8$1Z
z&BVmS&;U$3FgYeBMh63SHdbvuW+rx2aSh}o2F%$kO^ghwkG{?6$%s1{@=L9L1Jmk#
zg6+H=(ZTcMoWCD4UbN`i`-p#O)m9IG7@MuS*|@RM|DINo%;KWZ--~W&JGM(&e3=|+
zW^B1UN@jAs>D+?v7S*g>Z?3B696gma!8u*ddFrX2$5sXrIr)4`7TL|c6>!l+`+V1X
zq2;$`#4gpc-Xd&&)ArlSlE~>7_dMEs@2m0U#g|_h^glYLcU$Gv`M$u5HBE*A-{#%f
z_E6N`lXn?^Yua(Iii;o9^YZRpu$!b;$GBhu>&f7=-17tyHLOZxQhdEz&h+m&#j^OK
yP{?B?xw(7Z9iI``pUK9(gLm6L+rJm?ZdK{qAYa;ja$4*w;{^ed#fFE!C;|Wp_b)^M

literal 0
HcmV?d00001

diff --git a/tests/data_files/pkcs7_data_auth_attr_nocert.der b/tests/data_files/pkcs7_data_auth_attr_nocert.der
new file mode 100644
index 0000000000000000000000000000000000000000..17af4c96054cff3c2cc4fa0fd28104835e6d4ad7
GIT binary patch
literal 666
zcmXqLVw%RrsnzDu_MMlJooPW6Q@cSEQ!^7IqanWmFB@k<n+IbmGYb<VD}w<yLLsAJ
z6H^>eVH8lIfscWSA-4f18*?ZNn=q4~k0GA{4~WCX!y4f29BghVY9I{aGxP9(`3lad
zMI{P`Od`rjXNA^^`fX@Vo7s8lOWSR)Q{j)%EM3s}#6SXWFDJ7hvLg&+5HhTW{NlVu
z#s(IKCI%M91_owP2KoqD7DFW#1=h6>`p<7<`NFMgw$S&_wU=VooWGuLaM?IPV;lRr
zeoqdAN`wY}!yJPwkdL7Oz^H}H5kuxM8E~<2Kthn2-GC3yW@2JuXaIT#Cdb6Y=wQIk
z#;VQ7%*2i=t^x8jG!htrLCw;{$RMN<!0X{ZukgsmS#!CbcyjNTTly!5KUnj9inB4h
z{f^QLydp};%IO;_ZY#^>{{2vs{XQem?r*x~`y?SIG1Dn$uSOsKdOPYyMwQlto&)X@
zDXLNPVi-0|7Y{8y_}un1%fc}KAkmAl(<E2@6bk)+`$x6(@e+CQ)cr-#2WECe<+*m3
zPEP;1^K$mb*$-4#Ync9WzsS$nm^yR4&_(gyX=);~&AfBuI5K)Z<u+Y5U+q07;9#s_
zhOd;Bv$U37P2uB+Yx}GCgL@LPUrZG5iCX+>ZRPUnj|N*GX&rU7tLLB3bovorM0Y()
h;D$MJ?IQ2exTi`!PY)1qGS#}S6nf?C%EU+AvH)SJ)0qGO

literal 0
HcmV?d00001

diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
index d3b83cdf0aa6..a84978492ec9 100644
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@@ -154,6 +154,26 @@ PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2
 depends_on:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C
 pkcs7_verify:"data_files/pkcs7_data_rsa_expired.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
 
+PKCS7 Signed Data Verify 1 signer + authenticated attributes + nocert
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_nocert.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:0
+
+PKCS7 Signed Data Verify 1 signer + authenticated attributes + 1 cert
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_cert.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:0
+
+PKCS7 Signed Data Verify 2 signers + authenticated attributes
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_2_signers.der":"data_files/pkcs7-rsa-sha256-1.pem data_files/pkcs7-rsa-sha256-2.pem":"data_files/pkcs7_data.bin":0:0
+
+PKCS7 Signed Data Verify Fail bad message digest inside authenticated attributes
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_bad_message_digest.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_INVALID_AUTH_ATTR
+
+PKCS7 Signed Data Verify Fail authenticated attributes +  bad signature
+depends_on:MBEDTLS_MD_CAN_SHA256
+pkcs7_verify:"data_files/pkcs7_data_auth_attr_bad_signature.der":"data_files/pkcs7-rsa-sha256-1.pem":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
+
 PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0
 depends_on:MBEDTLS_MD_CAN_SHA256
 pkcs7_asn1_fail:"003082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0"