1 /* 2 * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include "helpers/cmp_testlib.h" 13 14 static const char *ir_protected_f; 15 static const char *genm_prot_Ed_f; 16 static const char *ir_unprotected_f; 17 static const char *ip_PBM_f; 18 19 typedef struct test_fixture { 20 const char *test_case_name; 21 OSSL_CMP_CTX *cmp_ctx; 22 /* for protection tests */ 23 OSSL_CMP_MSG *msg; 24 OSSL_CMP_PKISI *si; /* for error and response messages */ 25 EVP_PKEY *pubkey; 26 unsigned char *mem; 27 int memlen; 28 X509 *cert; 29 STACK_OF(X509) *certs; 30 STACK_OF(X509) *chain; 31 int with_ss; 32 int callback_arg; 33 int expected; 34 } CMP_PROTECT_TEST_FIXTURE; 35 36 static OSSL_LIB_CTX *libctx = NULL; 37 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 38 39 static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) 40 { 41 if (fixture != NULL) { 42 OSSL_CMP_CTX_free(fixture->cmp_ctx); 43 OSSL_CMP_MSG_free(fixture->msg); 44 OSSL_CMP_PKISI_free(fixture->si); 45 46 OPENSSL_free(fixture->mem); 47 sk_X509_free(fixture->certs); 48 sk_X509_free(fixture->chain); 49 50 OPENSSL_free(fixture); 51 } 52 } 53 54 static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) 55 { 56 CMP_PROTECT_TEST_FIXTURE *fixture; 57 58 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 59 return NULL; 60 fixture->test_case_name = test_case_name; 61 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) { 62 tear_down(fixture); 63 return NULL; 64 } 65 return fixture; 66 } 67 68 static EVP_PKEY *prot_RSA_key = NULL; 69 #ifndef OPENSSL_NO_ECX 70 static EVP_PKEY *prot_Ed_key = NULL; 71 static OSSL_CMP_MSG *genm_protected_Ed; 72 #endif 73 static EVP_PKEY *server_key = NULL; 74 static X509 *server_cert = NULL; 75 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 76 static OSSL_CMP_MSG *ir_unprotected, *ir_protected; 77 static X509 *endentity1 = NULL, *endentity2 = NULL, 78 *root = NULL, *intermediate = NULL; 79 80 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) 81 { 82 ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 83 int res = TEST_ptr_null(protection); 84 85 ASN1_BIT_STRING_free(protection); 86 return res; 87 } 88 89 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) 90 { 91 ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 92 int res = TEST_ptr(protection) 93 && TEST_true(ASN1_STRING_cmp(protection, 94 fixture->msg->protection) 95 == 0); 96 97 ASN1_BIT_STRING_free(protection); 98 return res; 99 } 100 101 /* 102 * This function works similarly to parts of verify_signature in cmp_vfy.c, 103 * but without the need for an OSSL_CMP_CTX or an X509 certificate. 104 */ 105 static int verify_signature(OSSL_CMP_MSG *msg, 106 ASN1_BIT_STRING *protection, 107 EVP_PKEY *pkey, EVP_MD *digest) 108 { 109 OSSL_CMP_PROTECTEDPART prot_part; 110 111 prot_part.header = OSSL_CMP_MSG_get0_header(msg); 112 prot_part.body = msg->body; 113 return ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), 114 msg->header->protectionAlg, protection, 115 &prot_part, NULL, pkey, libctx, NULL) 116 > 0; 117 } 118 119 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ 120 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * 121 fixture) 122 { 123 ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 124 int ret = (TEST_ptr(protection) 125 && TEST_true(verify_signature(fixture->msg, protection, 126 fixture->pubkey, 127 fixture->cmp_ctx->digest))); 128 129 ASN1_BIT_STRING_free(protection); 130 return ret; 131 } 132 133 static int test_cmp_calc_protection_no_key_no_secret(void) 134 { 135 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 136 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) 137 || !TEST_ptr(fixture->msg->header->protectionAlg = X509_ALGOR_new() /* no specific alg needed here */)) { 138 tear_down(fixture); 139 fixture = NULL; 140 } 141 142 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); 143 return result; 144 } 145 146 static int test_cmp_calc_protection_pkey(void) 147 { 148 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 149 fixture->pubkey = prot_RSA_key; 150 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_RSA_key)) 151 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { 152 tear_down(fixture); 153 fixture = NULL; 154 } 155 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 156 return result; 157 } 158 159 #ifndef OPENSSL_NO_ECX 160 static int test_cmp_calc_protection_pkey_Ed(void) 161 { 162 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 163 fixture->pubkey = prot_Ed_key; 164 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_Ed_key)) 165 || !TEST_ptr(fixture->msg = load_pkimsg(genm_prot_Ed_f, libctx))) { 166 tear_down(fixture); 167 fixture = NULL; 168 } 169 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 170 return result; 171 } 172 #endif 173 174 static int test_cmp_calc_protection_pbmac(void) 175 { 176 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; 177 178 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 179 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 180 sec_insta, sizeof(sec_insta))) 181 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { 182 tear_down(fixture); 183 fixture = NULL; 184 } 185 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); 186 return result; 187 } 188 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) 189 { 190 return TEST_int_eq(fixture->expected, 191 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); 192 } 193 194 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ 195 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) 196 static int test_MSG_protect_unprotected_request(void) 197 { 198 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 199 200 fixture->expected = 1; 201 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 202 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { 203 tear_down(fixture); 204 fixture = NULL; 205 } 206 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 207 return result; 208 } 209 210 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) 211 { 212 const size_t size = sizeof(rand_data) / 2; 213 214 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 215 fixture->expected = 1; 216 217 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 218 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 219 /* 220 * Use half of the 16 bytes of random input 221 * for each reference and secret value 222 */ 223 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 224 rand_data, size)) 225 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 226 rand_data + size, 227 size))) { 228 tear_down(fixture); 229 fixture = NULL; 230 } 231 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 232 return result; 233 } 234 235 static int test_MSG_protect_with_certificate_and_key(void) 236 { 237 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 238 fixture->expected = 1; 239 240 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 241 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 242 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, server_key)) 243 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, 244 server_cert))) { 245 tear_down(fixture); 246 fixture = NULL; 247 } 248 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 249 return result; 250 } 251 252 static int test_MSG_protect_certificate_based_without_cert(void) 253 { 254 OSSL_CMP_CTX *ctx; 255 256 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 257 ctx = fixture->cmp_ctx; 258 fixture->expected = 0; 259 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 260 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) 261 || !TEST_true(EVP_PKEY_up_ref(server_key)) 262 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, server_key))) { 263 tear_down(fixture); 264 fixture = NULL; 265 } 266 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 267 return result; 268 } 269 270 static int test_MSG_protect_no_key_no_secret(void) 271 { 272 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 273 fixture->expected = 0; 274 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 275 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { 276 tear_down(fixture); 277 fixture = NULL; 278 } 279 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 280 return result; 281 } 282 283 static int test_MSG_protect_pbmac_no_sender(int with_ref) 284 { 285 static unsigned char secret[] = { 47, 11, 8, 15 }; 286 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; 287 288 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 289 fixture->expected = with_ref; 290 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 291 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) 292 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) 293 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 294 secret, sizeof(secret)) 295 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 296 with_ref ? ref : NULL, 297 sizeof(ref)))) { 298 tear_down(fixture); 299 fixture = NULL; 300 } 301 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 302 return result; 303 } 304 305 static int test_MSG_protect_pbmac_no_sender_with_ref(void) 306 { 307 return test_MSG_protect_pbmac_no_sender(1); 308 } 309 310 static int test_MSG_protect_pbmac_no_sender_no_ref(void) 311 { 312 return test_MSG_protect_pbmac_no_sender(0); 313 } 314 315 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) 316 { 317 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, 318 fixture->msg)); 319 } 320 321 static int test_MSG_add_extraCerts(void) 322 { 323 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 324 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { 325 tear_down(fixture); 326 fixture = NULL; 327 } 328 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); 329 return result; 330 } 331 332 #ifndef OPENSSL_NO_EC 333 /* The cert chain tests use EC certs so we skip them in no-ec builds */ 334 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) 335 { 336 int ret = 0; 337 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 338 X509_STORE *store; 339 STACK_OF(X509) *chain = X509_build_chain(fixture->cert, fixture->certs, NULL, 340 fixture->with_ss, ctx->libctx, ctx->propq); 341 342 if (TEST_ptr(chain)) { 343 /* Check whether chain built is equal to the expected one */ 344 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 345 OSSL_STACK_OF_X509_free(chain); 346 } 347 if (!ret) 348 return 0; 349 350 if (TEST_ptr(store = X509_STORE_new()) 351 && TEST_true(X509_STORE_add_cert(store, root))) { 352 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), 353 X509_V_FLAG_NO_CHECK_TIME); 354 chain = X509_build_chain(fixture->cert, fixture->certs, store, 355 fixture->with_ss, ctx->libctx, ctx->propq); 356 ret = TEST_int_eq(fixture->expected, chain != NULL); 357 if (ret && chain != NULL) { 358 /* Check whether chain built is equal to the expected one */ 359 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 360 OSSL_STACK_OF_X509_free(chain); 361 } 362 } 363 X509_STORE_free(store); 364 return ret; 365 } 366 367 static int test_cmp_build_cert_chain(void) 368 { 369 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 370 fixture->expected = 1; 371 fixture->with_ss = 0; 372 fixture->cert = endentity2; 373 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 374 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 375 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 376 || !TEST_true(sk_X509_push(fixture->certs, root)) 377 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 378 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 379 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 380 tear_down(fixture); 381 fixture = NULL; 382 } 383 if (fixture != NULL) { 384 result = execute_cmp_build_cert_chain_test(fixture); 385 fixture->with_ss = 1; 386 if (result && TEST_true(sk_X509_push(fixture->chain, root))) 387 result = execute_cmp_build_cert_chain_test(fixture); 388 } 389 tear_down(fixture); 390 return result; 391 } 392 393 static int test_cmp_build_cert_chain_missing_intermediate(void) 394 { 395 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 396 fixture->expected = 0; 397 fixture->with_ss = 0; 398 fixture->cert = endentity2; 399 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 400 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 401 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 402 || !TEST_true(sk_X509_push(fixture->certs, root)) 403 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 404 tear_down(fixture); 405 fixture = NULL; 406 } 407 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 408 return result; 409 } 410 411 static int test_cmp_build_cert_chain_no_root(void) 412 { 413 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 414 fixture->expected = 1; 415 fixture->with_ss = 0; 416 fixture->cert = endentity2; 417 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 418 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 419 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 420 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 421 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 422 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 423 tear_down(fixture); 424 fixture = NULL; 425 } 426 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 427 return result; 428 } 429 430 static int test_cmp_build_cert_chain_only_root(void) 431 { 432 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 433 fixture->expected = 1; 434 fixture->with_ss = 0; /* still chain must include the only cert (root) */ 435 fixture->cert = root; 436 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 437 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 438 || !TEST_true(sk_X509_push(fixture->certs, root)) 439 || !TEST_true(sk_X509_push(fixture->chain, root))) { 440 tear_down(fixture); 441 fixture = NULL; 442 } 443 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 444 return result; 445 } 446 447 static int test_cmp_build_cert_chain_no_certs(void) 448 { 449 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 450 fixture->expected = 0; 451 fixture->with_ss = 0; 452 fixture->cert = endentity2; 453 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 454 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 455 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 456 tear_down(fixture); 457 fixture = NULL; 458 } 459 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 460 return result; 461 } 462 #endif /* OPENSSL_NO_EC */ 463 464 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) 465 { 466 X509_STORE *store = X509_STORE_new(); 467 STACK_OF(X509) *sk = NULL; 468 int res = 0; 469 470 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, 471 fixture->certs, 472 fixture->callback_arg))) 473 goto err; 474 sk = X509_STORE_get1_all_certs(store); 475 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) 476 goto err; 477 res = 1; 478 err: 479 X509_STORE_free(store); 480 OSSL_STACK_OF_X509_free(sk); 481 return res; 482 } 483 484 static int test_X509_STORE(void) 485 { 486 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 487 fixture->callback_arg = 0; /* self-issued allowed */ 488 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 489 || !sk_X509_push(fixture->certs, endentity1) 490 || !sk_X509_push(fixture->certs, endentity2) 491 || !sk_X509_push(fixture->certs, root) 492 || !sk_X509_push(fixture->certs, intermediate) 493 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { 494 tear_down(fixture); 495 fixture = NULL; 496 } 497 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 498 return result; 499 } 500 501 static int test_X509_STORE_only_self_issued(void) 502 { 503 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 504 fixture->certs = sk_X509_new_null(); 505 fixture->chain = sk_X509_new_null(); 506 fixture->callback_arg = 1; /* only self-issued */ 507 if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) 508 || !TEST_true(sk_X509_push(fixture->certs, endentity2)) 509 || !TEST_true(sk_X509_push(fixture->certs, root)) 510 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 511 || !TEST_true(sk_X509_push(fixture->chain, root))) { 512 tear_down(fixture); 513 fixture = NULL; 514 } 515 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 516 return result; 517 } 518 519 void cleanup_tests(void) 520 { 521 EVP_PKEY_free(prot_RSA_key); 522 #ifndef OPENSSL_NO_ECX 523 EVP_PKEY_free(prot_Ed_key); 524 OSSL_CMP_MSG_free(genm_protected_Ed); 525 #endif 526 EVP_PKEY_free(server_key); 527 X509_free(server_cert); 528 X509_free(endentity1); 529 X509_free(endentity2); 530 X509_free(root); 531 X509_free(intermediate); 532 OSSL_CMP_MSG_free(ir_protected); 533 OSSL_CMP_MSG_free(ir_unprotected); 534 OSSL_PROVIDER_unload(default_null_provider); 535 OSSL_PROVIDER_unload(provider); 536 OSSL_LIB_CTX_free(libctx); 537 } 538 539 #define USAGE "prot_RSA.pem IR_protected.der prot_Ed.pem " \ 540 "GENM_protected_Ed.der IR_unprotected.der IP_PBM.der " \ 541 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ 542 "Intermediate_CA.crt module_name [module_conf_file]\n" 543 OPT_TEST_DECLARE_USAGE(USAGE) 544 545 int setup_tests(void) 546 { 547 char *prot_RSA_f; 548 char *prot_Ed_f; 549 char *server_key_f; 550 char *server_cert_f; 551 char *endentity1_f; 552 char *endentity2_f; 553 char *root_f; 554 char *intermediate_f; 555 556 if (!test_skip_common_options()) { 557 TEST_error("Error parsing test options\n"); 558 return 0; 559 } 560 561 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 562 if (!TEST_ptr(prot_RSA_f = test_get_argument(0)) 563 || !TEST_ptr(ir_protected_f = test_get_argument(1)) 564 || !TEST_ptr(prot_Ed_f = test_get_argument(2)) 565 || !TEST_ptr(genm_prot_Ed_f = test_get_argument(3)) 566 || !TEST_ptr(ir_unprotected_f = test_get_argument(4)) 567 || !TEST_ptr(ip_PBM_f = test_get_argument(5)) 568 || !TEST_ptr(server_cert_f = test_get_argument(6)) 569 || !TEST_ptr(server_key_f = test_get_argument(7)) 570 || !TEST_ptr(endentity1_f = test_get_argument(8)) 571 || !TEST_ptr(endentity2_f = test_get_argument(9)) 572 || !TEST_ptr(root_f = test_get_argument(10)) 573 || !TEST_ptr(intermediate_f = test_get_argument(11))) { 574 TEST_error("usage: cmp_protect_test %s", USAGE); 575 return 0; 576 } 577 578 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 12, USAGE)) 579 return 0; 580 581 if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) 582 || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))) 583 return 0; 584 585 if (!TEST_ptr(prot_RSA_key = load_pkey_pem(prot_RSA_f, libctx))) 586 return 0; 587 #ifndef OPENSSL_NO_ECX 588 if (!TEST_ptr(prot_Ed_key = load_pkey_pem(prot_Ed_f, libctx))) 589 return 0; 590 #endif 591 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) 592 #ifndef OPENSSL_NO_ECX 593 || !TEST_ptr(genm_protected_Ed = load_pkimsg(genm_prot_Ed_f, libctx)) 594 #endif 595 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) 596 return 0; 597 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 598 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 599 || !TEST_ptr(root = load_cert_pem(root_f, libctx)) 600 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 601 return 0; 602 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 603 return 0; 604 605 /* Message protection tests */ 606 ADD_TEST(test_cmp_calc_protection_no_key_no_secret); 607 ADD_TEST(test_cmp_calc_protection_pkey); 608 #ifndef OPENSSL_NO_ECX 609 ADD_TEST(test_cmp_calc_protection_pkey_Ed); 610 #endif 611 ADD_TEST(test_cmp_calc_protection_pbmac); 612 613 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); 614 ADD_TEST(test_MSG_protect_with_certificate_and_key); 615 ADD_TEST(test_MSG_protect_certificate_based_without_cert); 616 ADD_TEST(test_MSG_protect_unprotected_request); 617 ADD_TEST(test_MSG_protect_no_key_no_secret); 618 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); 619 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); 620 ADD_TEST(test_MSG_add_extraCerts); 621 622 #ifndef OPENSSL_NO_EC 623 ADD_TEST(test_cmp_build_cert_chain); 624 ADD_TEST(test_cmp_build_cert_chain_only_root); 625 ADD_TEST(test_cmp_build_cert_chain_no_root); 626 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); 627 ADD_TEST(test_cmp_build_cert_chain_no_certs); 628 #endif 629 630 ADD_TEST(test_X509_STORE); 631 ADD_TEST(test_X509_STORE_only_self_issued); 632 633 return 1; 634 } 635
Indexes created Sat Feb 28 05:31:39 UTC 2026