use tasign::{
build_plain_bin_with_limits, plain_bytes_from_signed_elf, ta_signature_section_bytes,
verify_elf_signature_from_parts_with_limits, VerifyLimits,
};
static TRIVIAL_ELF: &[u8] = include_bytes!("fixtures/trivial_elf64.o");
#[test]
fn build_plain_rejects_oversized_input_under_tight_elf_cap() {
let mut limits = VerifyLimits::recommended();
limits.max_elf_bytes = 4;
let err = build_plain_bin_with_limits(TRIVIAL_ELF, &limits).unwrap_err();
let s = err.to_string();
assert!(
s.contains("ELF 输入长度") || s.contains("资源上限"),
"unexpected: {s}"
);
}
#[test]
fn verify_parts_rejects_plain_over_plain_buffer_cap() {
static CA_PEM: &str = include_str!("fixtures/gmssl/ca.crt");
static ELF: &[u8] = include_bytes!("fixtures/trivial_with_ta_sig.o");
let sig = ta_signature_section_bytes(ELF).expect("fixture .ta_signature");
let plain = plain_bytes_from_signed_elf(ELF).expect("fixture plain");
let mut limits = VerifyLimits::recommended();
limits.max_plain_output_bytes = plain.len().saturating_sub(1);
let e =
verify_elf_signature_from_parts_with_limits(&plain, sig, Some(CA_PEM.as_bytes()), &limits)
.unwrap_err();
let s = e.to_string();
assert!(
s.contains("plain 缓冲区长度") || s.contains("资源上限"),
"unexpected: {s}"
);
}
#[test]
fn default_limits_allow_unsigned_relocatable_plain() {
let p = build_plain_bin_with_limits(TRIVIAL_ELF, &VerifyLimits::default())
.expect("plain under defaults");
assert!(!p.is_empty());
}