1 1.1 christos /* 2 1.1 christos * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the OpenSSL license (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <ctype.h> 11 1.1 christos #include <stdio.h> 12 1.1 christos #include <stdlib.h> 13 1.1 christos #include <string.h> 14 1.1 christos 15 1.1 christos #include <openssl/ct.h> 16 1.1 christos #include <openssl/err.h> 17 1.1 christos #include <openssl/pem.h> 18 1.1 christos #include <openssl/x509.h> 19 1.1 christos #include <openssl/x509v3.h> 20 1.1 christos #include "testutil.h" 21 1.1 christos #include <openssl/crypto.h> 22 1.1 christos 23 1.1 christos #ifndef OPENSSL_NO_CT 24 1.1 christos /* Used when declaring buffers to read text files into */ 25 1.1 christos # define CT_TEST_MAX_FILE_SIZE 8096 26 1.1 christos 27 1.1 christos static char *certs_dir = NULL; 28 1.1 christos static char *ct_dir = NULL; 29 1.1 christos 30 1.1 christos typedef struct ct_test_fixture { 31 1.1 christos const char *test_case_name; 32 1.1 christos /* The current time in milliseconds */ 33 1.1 christos uint64_t epoch_time_in_ms; 34 1.1 christos /* The CT log store to use during tests */ 35 1.1 christos CTLOG_STORE* ctlog_store; 36 1.1 christos /* Set the following to test handling of SCTs in X509 certificates */ 37 1.1 christos const char *certs_dir; 38 1.1 christos char *certificate_file; 39 1.1 christos char *issuer_file; 40 1.1 christos /* Expected number of SCTs */ 41 1.1 christos int expected_sct_count; 42 1.1 christos /* Expected number of valid SCTS */ 43 1.1 christos int expected_valid_sct_count; 44 1.1 christos /* Set the following to test handling of SCTs in TLS format */ 45 1.1 christos const unsigned char *tls_sct_list; 46 1.1 christos size_t tls_sct_list_len; 47 1.1 christos STACK_OF(SCT) *sct_list; 48 1.1 christos /* 49 1.1 christos * A file to load the expected SCT text from. 50 1.1 christos * This text will be compared to the actual text output during the test. 51 1.1 christos * A maximum of |CT_TEST_MAX_FILE_SIZE| bytes will be read of this file. 52 1.1 christos */ 53 1.1 christos const char *sct_dir; 54 1.1 christos const char *sct_text_file; 55 1.1 christos /* Whether to test the validity of the SCT(s) */ 56 1.1 christos int test_validity; 57 1.1 christos } CT_TEST_FIXTURE; 58 1.1 christos 59 1.1 christos static CT_TEST_FIXTURE *set_up(const char *const test_case_name) 60 1.1 christos { 61 1.1 christos CT_TEST_FIXTURE *fixture = NULL; 62 1.1 christos 63 1.1 christos if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 64 1.1 christos goto end; 65 1.1 christos fixture->test_case_name = test_case_name; 66 1.1 christos fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */ 67 1.1 christos if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) 68 1.1 christos || !TEST_int_eq( 69 1.1 christos CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) 70 1.1 christos goto end; 71 1.1 christos return fixture; 72 1.1 christos 73 1.1 christos end: 74 1.1 christos if (fixture != NULL) 75 1.1 christos CTLOG_STORE_free(fixture->ctlog_store); 76 1.1 christos OPENSSL_free(fixture); 77 1.1 christos TEST_error("Failed to setup"); 78 1.1 christos return NULL; 79 1.1 christos } 80 1.1 christos 81 1.1 christos static void tear_down(CT_TEST_FIXTURE *fixture) 82 1.1 christos { 83 1.1 christos if (fixture != NULL) { 84 1.1 christos CTLOG_STORE_free(fixture->ctlog_store); 85 1.1 christos SCT_LIST_free(fixture->sct_list); 86 1.1 christos } 87 1.1 christos OPENSSL_free(fixture); 88 1.1 christos } 89 1.1 christos 90 1.1 christos static X509 *load_pem_cert(const char *dir, const char *file) 91 1.1 christos { 92 1.1 christos X509 *cert = NULL; 93 1.1 christos char *file_path = test_mk_file_path(dir, file); 94 1.1 christos 95 1.1 christos if (file_path != NULL) { 96 1.1 christos BIO *cert_io = BIO_new_file(file_path, "r"); 97 1.1 christos 98 1.1 christos if (cert_io != NULL) 99 1.1 christos cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL); 100 1.1 christos BIO_free(cert_io); 101 1.1 christos } 102 1.1 christos 103 1.1 christos OPENSSL_free(file_path); 104 1.1 christos return cert; 105 1.1 christos } 106 1.1 christos 107 1.1 christos static int read_text_file(const char *dir, const char *file, 108 1.1 christos char *buffer, int buffer_length) 109 1.1 christos { 110 1.1 christos int len = -1; 111 1.1 christos char *file_path = test_mk_file_path(dir, file); 112 1.1 christos 113 1.1 christos if (file_path != NULL) { 114 1.1 christos BIO *file_io = BIO_new_file(file_path, "r"); 115 1.1 christos 116 1.1 christos if (file_io != NULL) 117 1.1 christos len = BIO_read(file_io, buffer, buffer_length); 118 1.1 christos BIO_free(file_io); 119 1.1 christos } 120 1.1 christos 121 1.1 christos OPENSSL_free(file_path); 122 1.1 christos return len; 123 1.1 christos } 124 1.1 christos 125 1.1 christos static int compare_sct_list_printout(STACK_OF(SCT) *sct, 126 1.1 christos const char *expected_output) 127 1.1 christos { 128 1.1 christos BIO *text_buffer = NULL; 129 1.1 christos char *actual_output = NULL; 130 1.1 christos int result = 0; 131 1.1 christos 132 1.1 christos if (!TEST_ptr(text_buffer = BIO_new(BIO_s_mem()))) 133 1.1 christos goto end; 134 1.1 christos 135 1.1 christos SCT_LIST_print(sct, text_buffer, 0, "\n", NULL); 136 1.1 christos 137 1.1 christos /* Append \0 because we're about to use the buffer contents as a string. */ 138 1.1 christos if (!TEST_true(BIO_write(text_buffer, "\0", 1))) 139 1.1 christos goto end; 140 1.1 christos 141 1.1 christos BIO_get_mem_data(text_buffer, &actual_output); 142 1.1 christos if (!TEST_str_eq(actual_output, expected_output)) 143 1.1 christos goto end; 144 1.1 christos result = 1; 145 1.1 christos 146 1.1 christos end: 147 1.1 christos BIO_free(text_buffer); 148 1.1 christos return result; 149 1.1 christos } 150 1.1 christos 151 1.1 christos static int compare_extension_printout(X509_EXTENSION *extension, 152 1.1 christos const char *expected_output) 153 1.1 christos { 154 1.1 christos BIO *text_buffer = NULL; 155 1.1 christos char *actual_output = NULL; 156 1.1 christos int result = 0; 157 1.1 christos 158 1.1 christos if (!TEST_ptr(text_buffer = BIO_new(BIO_s_mem())) 159 1.1 christos || !TEST_true(X509V3_EXT_print(text_buffer, extension, 160 1.1 christos X509V3_EXT_DEFAULT, 0))) 161 1.1 christos goto end; 162 1.1 christos 163 1.1 christos /* Append \0 because we're about to use the buffer contents as a string. */ 164 1.1 christos if (!TEST_true(BIO_write(text_buffer, "\0", 1))) 165 1.1 christos goto end; 166 1.1 christos 167 1.1 christos BIO_get_mem_data(text_buffer, &actual_output); 168 1.1 christos if (!TEST_str_eq(actual_output, expected_output)) 169 1.1 christos goto end; 170 1.1 christos 171 1.1 christos result = 1; 172 1.1 christos 173 1.1 christos end: 174 1.1 christos BIO_free(text_buffer); 175 1.1 christos return result; 176 1.1 christos } 177 1.1 christos 178 1.1 christos static int assert_validity(CT_TEST_FIXTURE *fixture, STACK_OF(SCT) *scts, 179 1.1 christos CT_POLICY_EVAL_CTX *policy_ctx) 180 1.1 christos { 181 1.1 christos int invalid_sct_count = 0; 182 1.1 christos int valid_sct_count = 0; 183 1.1 christos int i; 184 1.1 christos 185 1.1 christos if (!TEST_int_ge(SCT_LIST_validate(scts, policy_ctx), 0)) 186 1.1 christos return 0; 187 1.1 christos 188 1.1 christos for (i = 0; i < sk_SCT_num(scts); ++i) { 189 1.1 christos SCT *sct_i = sk_SCT_value(scts, i); 190 1.1 christos 191 1.1 christos switch (SCT_get_validation_status(sct_i)) { 192 1.1 christos case SCT_VALIDATION_STATUS_VALID: 193 1.1 christos ++valid_sct_count; 194 1.1 christos break; 195 1.1 christos case SCT_VALIDATION_STATUS_INVALID: 196 1.1 christos ++invalid_sct_count; 197 1.1 christos break; 198 1.1 christos case SCT_VALIDATION_STATUS_NOT_SET: 199 1.1 christos case SCT_VALIDATION_STATUS_UNKNOWN_LOG: 200 1.1 christos case SCT_VALIDATION_STATUS_UNVERIFIED: 201 1.1 christos case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: 202 1.1 christos /* Ignore other validation statuses. */ 203 1.1 christos break; 204 1.1 christos } 205 1.1 christos } 206 1.1 christos 207 1.1 christos if (!TEST_int_eq(valid_sct_count, fixture->expected_valid_sct_count)) { 208 1.1 christos int unverified_sct_count = sk_SCT_num(scts) - 209 1.1 christos invalid_sct_count - valid_sct_count; 210 1.1 christos 211 1.1 christos TEST_info("%d SCTs failed, %d SCTs unverified", 212 1.1 christos invalid_sct_count, unverified_sct_count); 213 1.1 christos return 0; 214 1.1 christos } 215 1.1 christos 216 1.1 christos return 1; 217 1.1 christos } 218 1.1 christos 219 1.1 christos static int execute_cert_test(CT_TEST_FIXTURE *fixture) 220 1.1 christos { 221 1.1 christos int success = 0; 222 1.1 christos X509 *cert = NULL, *issuer = NULL; 223 1.1 christos STACK_OF(SCT) *scts = NULL; 224 1.1 christos SCT *sct = NULL; 225 1.1 christos char expected_sct_text[CT_TEST_MAX_FILE_SIZE]; 226 1.1 christos int sct_text_len = 0; 227 1.1 christos unsigned char *tls_sct_list = NULL; 228 1.1 christos size_t tls_sct_list_len = 0; 229 1.1 christos CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); 230 1.1 christos 231 1.1 christos if (fixture->sct_text_file != NULL) { 232 1.1 christos sct_text_len = read_text_file(fixture->sct_dir, fixture->sct_text_file, 233 1.1 christos expected_sct_text, 234 1.1 christos CT_TEST_MAX_FILE_SIZE - 1); 235 1.1 christos 236 1.1 christos if (!TEST_int_ge(sct_text_len, 0)) 237 1.1 christos goto end; 238 1.1 christos expected_sct_text[sct_text_len] = '\0'; 239 1.1 christos } 240 1.1 christos 241 1.1 christos CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE( 242 1.1 christos ct_policy_ctx, fixture->ctlog_store); 243 1.1 christos 244 1.1 christos CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture->epoch_time_in_ms); 245 1.1 christos 246 1.1 christos if (fixture->certificate_file != NULL) { 247 1.1 christos int sct_extension_index; 248 1.1 christos int i; 249 1.1 christos X509_EXTENSION *sct_extension = NULL; 250 1.1 christos 251 1.1 christos if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir, 252 1.1 christos fixture->certificate_file))) 253 1.1 christos goto end; 254 1.1 christos 255 1.1 christos CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert); 256 1.1 christos 257 1.1 christos if (fixture->issuer_file != NULL) { 258 1.1 christos if (!TEST_ptr(issuer = load_pem_cert(fixture->certs_dir, 259 1.1 christos fixture->issuer_file))) 260 1.1 christos goto end; 261 1.1 christos CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer); 262 1.1 christos } 263 1.1 christos 264 1.1 christos sct_extension_index = 265 1.1 christos X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); 266 1.1 christos sct_extension = X509_get_ext(cert, sct_extension_index); 267 1.1 christos if (fixture->expected_sct_count > 0) { 268 1.1 christos if (!TEST_ptr(sct_extension)) 269 1.1 christos goto end; 270 1.1 christos 271 1.1 christos if (fixture->sct_text_file 272 1.1 christos && !compare_extension_printout(sct_extension, 273 1.1 christos expected_sct_text)) 274 1.1 christos goto end; 275 1.1 christos 276 1.1 christos scts = X509V3_EXT_d2i(sct_extension); 277 1.1 christos for (i = 0; i < sk_SCT_num(scts); ++i) { 278 1.1 christos SCT *sct_i = sk_SCT_value(scts, i); 279 1.1 christos 280 1.1 christos if (!TEST_int_eq(SCT_get_source(sct_i), 281 1.1 christos SCT_SOURCE_X509V3_EXTENSION)) { 282 1.1 christos goto end; 283 1.1 christos } 284 1.1 christos } 285 1.1 christos 286 1.1 christos if (fixture->test_validity) { 287 1.1 christos if (!assert_validity(fixture, scts, ct_policy_ctx)) 288 1.1 christos goto end; 289 1.1 christos } 290 1.1 christos } else if (!TEST_ptr_null(sct_extension)) { 291 1.1 christos goto end; 292 1.1 christos } 293 1.1 christos } 294 1.1 christos 295 1.1 christos if (fixture->tls_sct_list != NULL) { 296 1.1 christos const unsigned char *p = fixture->tls_sct_list; 297 1.1 christos 298 1.1 christos if (!TEST_ptr(o2i_SCT_LIST(&scts, &p, fixture->tls_sct_list_len))) 299 1.1 christos goto end; 300 1.1 christos 301 1.1 christos if (fixture->test_validity && cert != NULL) { 302 1.1 christos if (!assert_validity(fixture, scts, ct_policy_ctx)) 303 1.1 christos goto end; 304 1.1 christos } 305 1.1 christos 306 1.1 christos if (fixture->sct_text_file 307 1.1 christos && !compare_sct_list_printout(scts, expected_sct_text)) { 308 1.1 christos goto end; 309 1.1 christos } 310 1.1 christos 311 1.1 christos tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list); 312 1.1 christos if (!TEST_mem_eq(fixture->tls_sct_list, fixture->tls_sct_list_len, 313 1.1 christos tls_sct_list, tls_sct_list_len)) 314 1.1 christos goto end; 315 1.1 christos } 316 1.1 christos success = 1; 317 1.1 christos 318 1.1 christos end: 319 1.1 christos X509_free(cert); 320 1.1 christos X509_free(issuer); 321 1.1 christos SCT_LIST_free(scts); 322 1.1 christos SCT_free(sct); 323 1.1 christos CT_POLICY_EVAL_CTX_free(ct_policy_ctx); 324 1.1 christos OPENSSL_free(tls_sct_list); 325 1.1 christos return success; 326 1.1 christos } 327 1.1 christos 328 1.1 christos # define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) 329 1.1 christos # define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) 330 1.1 christos 331 1.1 christos static int test_no_scts_in_certificate(void) 332 1.1 christos { 333 1.1 christos SETUP_CT_TEST_FIXTURE(); 334 1.1 christos if (fixture == NULL) 335 1.1 christos return 0; 336 1.1 christos fixture->certs_dir = certs_dir; 337 1.1 christos fixture->certificate_file = "leaf.pem"; 338 1.1 christos fixture->issuer_file = "subinterCA.pem"; 339 1.1 christos fixture->expected_sct_count = 0; 340 1.1 christos EXECUTE_CT_TEST(); 341 1.1 christos return result; 342 1.1 christos } 343 1.1 christos 344 1.1 christos static int test_one_sct_in_certificate(void) 345 1.1 christos { 346 1.1 christos SETUP_CT_TEST_FIXTURE(); 347 1.1 christos if (fixture == NULL) 348 1.1 christos return 0; 349 1.1 christos fixture->certs_dir = certs_dir; 350 1.1 christos fixture->certificate_file = "embeddedSCTs1.pem"; 351 1.1 christos fixture->issuer_file = "embeddedSCTs1_issuer.pem"; 352 1.1 christos fixture->expected_sct_count = 1; 353 1.1 christos fixture->sct_dir = certs_dir; 354 1.1 christos fixture->sct_text_file = "embeddedSCTs1.sct"; 355 1.1 christos EXECUTE_CT_TEST(); 356 1.1 christos return result; 357 1.1 christos } 358 1.1 christos 359 1.1 christos static int test_multiple_scts_in_certificate(void) 360 1.1 christos { 361 1.1 christos SETUP_CT_TEST_FIXTURE(); 362 1.1 christos if (fixture == NULL) 363 1.1 christos return 0; 364 1.1 christos fixture->certs_dir = certs_dir; 365 1.1 christos fixture->certificate_file = "embeddedSCTs3.pem"; 366 1.1 christos fixture->issuer_file = "embeddedSCTs3_issuer.pem"; 367 1.1 christos fixture->expected_sct_count = 3; 368 1.1 christos fixture->sct_dir = certs_dir; 369 1.1 christos fixture->sct_text_file = "embeddedSCTs3.sct"; 370 1.1 christos EXECUTE_CT_TEST(); 371 1.1 christos return result; 372 1.1 christos } 373 1.1 christos 374 1.1 christos static int test_verify_one_sct(void) 375 1.1 christos { 376 1.1 christos SETUP_CT_TEST_FIXTURE(); 377 1.1 christos if (fixture == NULL) 378 1.1 christos return 0; 379 1.1 christos fixture->certs_dir = certs_dir; 380 1.1 christos fixture->certificate_file = "embeddedSCTs1.pem"; 381 1.1 christos fixture->issuer_file = "embeddedSCTs1_issuer.pem"; 382 1.1 christos fixture->expected_sct_count = fixture->expected_valid_sct_count = 1; 383 1.1 christos fixture->test_validity = 1; 384 1.1 christos EXECUTE_CT_TEST(); 385 1.1 christos return result; 386 1.1 christos } 387 1.1 christos 388 1.1 christos static int test_verify_multiple_scts(void) 389 1.1 christos { 390 1.1 christos SETUP_CT_TEST_FIXTURE(); 391 1.1 christos if (fixture == NULL) 392 1.1 christos return 0; 393 1.1 christos fixture->certs_dir = certs_dir; 394 1.1 christos fixture->certificate_file = "embeddedSCTs3.pem"; 395 1.1 christos fixture->issuer_file = "embeddedSCTs3_issuer.pem"; 396 1.1 christos fixture->expected_sct_count = fixture->expected_valid_sct_count = 3; 397 1.1 christos fixture->test_validity = 1; 398 1.1 christos EXECUTE_CT_TEST(); 399 1.1 christos return result; 400 1.1 christos } 401 1.1 christos 402 1.1 christos static int test_verify_fails_for_future_sct(void) 403 1.1 christos { 404 1.1 christos SETUP_CT_TEST_FIXTURE(); 405 1.1 christos if (fixture == NULL) 406 1.1 christos return 0; 407 1.1 christos fixture->epoch_time_in_ms = 1365094800000ULL; /* Apr 4 17:00:00 2013 GMT */ 408 1.1 christos fixture->certs_dir = certs_dir; 409 1.1 christos fixture->certificate_file = "embeddedSCTs1.pem"; 410 1.1 christos fixture->issuer_file = "embeddedSCTs1_issuer.pem"; 411 1.1 christos fixture->expected_sct_count = 1; 412 1.1 christos fixture->expected_valid_sct_count = 0; 413 1.1 christos fixture->test_validity = 1; 414 1.1 christos EXECUTE_CT_TEST(); 415 1.1 christos return result; 416 1.1 christos } 417 1.1 christos 418 1.1 christos static int test_decode_tls_sct(void) 419 1.1 christos { 420 1.1 christos const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */ 421 1.1 christos "\x00\x76" 422 1.1 christos "\x00" /* version */ 423 1.1 christos /* log ID */ 424 1.1 christos "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79" 425 1.1 christos "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64" 426 1.1 christos "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */ 427 1.1 christos "\x00\x00" /* extensions length */ 428 1.1 christos "" /* extensions */ 429 1.1 christos "\x04\x03" /* hash and signature algorithms */ 430 1.1 christos "\x00\x47" /* signature length */ 431 1.1 christos /* signature */ 432 1.1 christos "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6" 433 1.1 christos "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2" 434 1.1 christos "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB" 435 1.1 christos "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89" 436 1.1 christos "\xED\xBF\x08"; 437 1.1 christos 438 1.1 christos SETUP_CT_TEST_FIXTURE(); 439 1.1 christos if (fixture == NULL) 440 1.1 christos return 0; 441 1.1 christos fixture->tls_sct_list = tls_sct_list; 442 1.1 christos fixture->tls_sct_list_len = 0x7a; 443 1.1 christos fixture->sct_dir = ct_dir; 444 1.1 christos fixture->sct_text_file = "tls1.sct"; 445 1.1 christos EXECUTE_CT_TEST(); 446 1.1 christos return result; 447 1.1 christos } 448 1.1 christos 449 1.1 christos static int test_encode_tls_sct(void) 450 1.1 christos { 451 1.1 christos const char log_id[] = "3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4LvT9012Q="; 452 1.1 christos const uint64_t timestamp = 1; 453 1.1 christos const char extensions[] = ""; 454 1.1 christos const char signature[] = "BAMARzBAMiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUwKI+j5" 455 1.1 christos "eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8I"; 456 1.1 christos SCT *sct = NULL; 457 1.1 christos 458 1.1 christos SETUP_CT_TEST_FIXTURE(); 459 1.1 christos if (fixture == NULL) 460 1.1 christos return 0; 461 1.1 christos 462 1.1 christos fixture->sct_list = sk_SCT_new_null(); 463 1.1 christos if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, 464 1.1 christos CT_LOG_ENTRY_TYPE_X509, timestamp, 465 1.1 christos extensions, signature))) 466 1.1 christos 467 1.1 christos return 0; 468 1.1 christos 469 1.1 christos sk_SCT_push(fixture->sct_list, sct); 470 1.1 christos fixture->sct_dir = ct_dir; 471 1.1 christos fixture->sct_text_file = "tls1.sct"; 472 1.1 christos EXECUTE_CT_TEST(); 473 1.1 christos return result; 474 1.1 christos } 475 1.1 christos 476 1.1 christos /* 477 1.1 christos * Tests that the CT_POLICY_EVAL_CTX default time is approximately now. 478 1.1 christos * Allow +-10 minutes, as it may compensate for clock skew. 479 1.1 christos */ 480 1.1 christos static int test_default_ct_policy_eval_ctx_time_is_now(void) 481 1.1 christos { 482 1.1 christos int success = 0; 483 1.1 christos CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); 484 1.1 christos const time_t default_time = 485 1.1 christos (time_t)(CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / 1000); 486 1.1 christos const time_t time_tolerance = 600; /* 10 minutes */ 487 1.1 christos 488 1.1 christos if (!TEST_time_t_le(abs((int)difftime(time(NULL), default_time)), 489 1.1 christos time_tolerance)) 490 1.1 christos goto end; 491 1.1 christos 492 1.1 christos success = 1; 493 1.1 christos end: 494 1.1 christos CT_POLICY_EVAL_CTX_free(ct_policy_ctx); 495 1.1 christos return success; 496 1.1 christos } 497 1.1 christos 498 1.1 christos static int test_ctlog_from_base64(void) 499 1.1 christos { 500 1.1 christos CTLOG *ctlogp = NULL; 501 1.1 christos const char notb64[] = "\01\02\03\04"; 502 1.1 christos const char pad[] = "===="; 503 1.1 christos const char name[] = "name"; 504 1.1 christos 505 1.1 christos /* We expect these to both fail! */ 506 1.1 christos if (!TEST_true(!CTLOG_new_from_base64(&ctlogp, notb64, name)) 507 1.1 christos || !TEST_true(!CTLOG_new_from_base64(&ctlogp, pad, name))) 508 1.1 christos return 0; 509 1.1 christos return 1; 510 1.1 christos } 511 1.1 christos #endif 512 1.1 christos 513 1.1 christos int setup_tests(void) 514 1.1 christos { 515 1.1 christos #ifndef OPENSSL_NO_CT 516 1.1 christos if ((ct_dir = getenv("CT_DIR")) == NULL) 517 1.1 christos ct_dir = "ct"; 518 1.1 christos if ((certs_dir = getenv("CERTS_DIR")) == NULL) 519 1.1 christos certs_dir = "certs"; 520 1.1 christos 521 1.1 christos ADD_TEST(test_no_scts_in_certificate); 522 1.1 christos ADD_TEST(test_one_sct_in_certificate); 523 1.1 christos ADD_TEST(test_multiple_scts_in_certificate); 524 1.1 christos ADD_TEST(test_verify_one_sct); 525 1.1 christos ADD_TEST(test_verify_multiple_scts); 526 1.1 christos ADD_TEST(test_verify_fails_for_future_sct); 527 1.1 christos ADD_TEST(test_decode_tls_sct); 528 1.1 christos ADD_TEST(test_encode_tls_sct); 529 1.1 christos ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now); 530 1.1 christos ADD_TEST(test_ctlog_from_base64); 531 1.1 christos #else 532 1.1 christos printf("No CT support\n"); 533 1.1 christos #endif 534 1.1 christos return 1; 535 1.1 christos } 536
Indexes created Mon Mar 02 05:31:46 UTC 2026