add test for manual verify

2019-06-03 11:13:47 +07:00
parent d33a95352a
commit 60fc9b3a1d
3 changed files with 44 additions and 2 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -17451,7 +17451,27 @@ static void test_PKCS7_signed_enveloped(void)
    /* check verify fails */
    AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
    AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-    AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
+    AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
+            PKCS7_SIGNEEDS_CHECK);
+
+    /* try verifying the signature manually */
+    {
+        RsaKey rKey;
+        word32 idx = 0;
+        byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
+            WC_MAX_DIGEST_SIZE];
+        int  digestSz;
+
+        AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
+        AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
+        digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
+                    digest, sizeof(digest), &rKey);
+        AssertIntGT(digestSz, 0);
+        AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
+        AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
+        /* verify was success */
+    }
+
    wc_PKCS7_Free(pkcs7);

    /* create valid degenerate bundle */
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -1170,6 +1170,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
        pkcs7->plainDigest = NULL;
        pkcs7->plainDigestSz = 0;
    }
+    if (pkcs7->pkcs7Digest) {
+        XFREE(pkcs7->pkcs7Digest, pkcs7->heap, DYNAMIC_TYPE_DIGEST);
+        pkcs7->pkcs7Digest = NULL;
+        pkcs7->pkcs7DigestSz = 0;
+    }
 }


@ -3323,7 +3328,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
            XMEMCPY(pkcs7->signature, sig, sigSz);
            pkcs7->signatureSz = sigSz;

-            /* store digest */
+            /* store plain digest (CMS and ECC) */
            XFREE(pkcs7->plainDigest, pkcs7->heap, DYNAMIC_TYPE_DIGEST);
            pkcs7->plainDigest = NULL;
            pkcs7->plainDigestSz = 0;
@ -3338,6 +3343,21 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
            XMEMCPY(pkcs7->plainDigest, plainDigest, plainDigestSz);
            pkcs7->plainDigestSz = plainDigestSz;

+            /* store pkcs7 digest (default RSA) */
+            XFREE(pkcs7->pkcs7Digest, pkcs7->heap, DYNAMIC_TYPE_DIGEST);
+            pkcs7->pkcs7Digest = NULL;
+            pkcs7->pkcs7DigestSz = 0;
+            pkcs7->pkcs7Digest = (byte*)XMALLOC(sigSz, pkcs7->heap,
+                    DYNAMIC_TYPE_DIGEST);
+            if (pkcs7->pkcs7Digest == NULL) {
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(pkcs7Digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
+                return MEMORY_E;
+            }
+            XMEMCPY(pkcs7->pkcs7Digest, pkcs7Digest, pkcs7DigestSz);
+            pkcs7->pkcs7DigestSz = pkcs7DigestSz;
+
            return PKCS7_SIGNEEDS_CHECK;
        }
    }
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@ -311,8 +311,10 @@ struct PKCS7 {

    byte* signature;
    byte* plainDigest;
+    byte* pkcs7Digest;
    word32 signatureSz;
    word32 plainDigestSz;
+    word32 pkcs7DigestSz;
    /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };