Add Additional Host Based Testing#1714
Draft
Flickdm wants to merge 5 commits intomicrosoft:release/202511from
Draft
Add Additional Host Based Testing#1714Flickdm wants to merge 5 commits intomicrosoft:release/202511from
Flickdm wants to merge 5 commits intomicrosoft:release/202511from
Conversation
EcTests.c: add tampered-message and cross-key ECDSA rejection tests to confirm that EcDsaVerify rejects a modified hash and a signature verified against a different key pair. RsaPssTests.c: add SHA-384 and SHA-512 PSS round-trip tests and a tampered-message rejection test to verify that RsaPssSign and RsaPssVerify operate correctly across hash algorithms and reject corrupted message digests. RsaTests.c: add a cross-key PKCS#1 verify rejection test to confirm that RsaPkcs1Verify fails when the public key does not match the signing key. X509Tests.c: add tests for X509GetSubjectName, GetCommonName, GetOrganizationName (NOT_FOUND case), GetSignatureAlgorithm, and GetTBSCert to improve X.509 parsing coverage.
…ist tests Add TestVerifyPkcs7GetSigners to exercise the two previously untested signer-extraction APIs: - Pkcs7GetSigners: verify that signing certificates can be extracted from a freshly-signed PKCS#7 blob, and that Pkcs7FreeSigners correctly releases both CertStack and TrustedCert. - Pkcs7GetCertificatesList: verify chained and unchained certificate list extraction from the same blob. This test also served as the regression trigger that exposed a bug in Pkcs7GetCertificatesList (passing &NewP7Data directly to d2i_PKCS7, which advances the pointer past parsed bytes, causing free() to be called on a non-base address).
Add two new test functions to X509Tests.c covering previously untested APIs: TestVerifyX509ConstructFree: - X509ConstructCertificate: wrap DER cert bytes into an opaque X509 object - X509ConstructCertificateStack: build a multi-cert stack with variadic args - X509Free / X509StackFree: release both object types without leaking TestVerifyX509KeyUsage (uses mTestEndCert which has v3_end extensions): - X509GetKeyUsage: verify Digital Signature, Non Repudiation, and Key Encipherment bits are set in the returned OpenSSL KU bitmask - X509GetExtendedKeyUsage: size-query then full retrieval of EKU OID bytes - X509GetExtendedBasicConstraints: size-query then full retrieval of the Basic Constraints extension (CA:FALSE on the end-entity cert)
…tests Add TestVerifyPkcs7Encrypt to cover the two remaining untested PKCS#7 APIs: Pkcs7Encrypt: - Build a recipient X509 stack from TestCert using X509ConstructCertificateStack - Encrypt a payload with AES-256-CBC and verify non-empty ContentInfo is produced - Test NULL X509Stack argument rejection Pkcs7GetAttachedContent: - Call on a Pkcs7Sign-produced blob (which uses PKCS7_DETACHED) - Verify the API returns TRUE with Content=NULL / ContentSize=0, confirming correct detached-content signalling without crashing
…g tests Cover two previously untested BaseCryptLib APIs: - EcPointGetAffineCoordinates: round-trip test generating a key pair and verifying the extracted affine coordinates match the original BIGNUMs - Asn1GetTag: verify correct tag matching advances Ptr and returns length; verify tag mismatch restores Ptr to original position Note: X509ConstructCertificateStack exercises X509ConstructCertificateStackV internally (covered by commit 3).
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a number of Host Based Unit Tests that were previously not covered.
Only one bug found with these changes:
microsoft/mu_crypto_release#201
These can likely be brought upstream
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
How This Was Tested
Host Based Unit Tests
Integration Instructions
N/A