1 1.1 christos /* 2 1.1.1.2 christos * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * Copyright Nokia 2007-2019 4 1.1 christos * Copyright Siemens AG 2015-2019 5 1.1 christos * 6 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 7 1.1 christos * this file except in compliance with the License. You can obtain a copy 8 1.1 christos * in the file LICENSE in the source distribution or at 9 1.1 christos * https://www.openssl.org/source/license.html 10 1.1 christos */ 11 1.1 christos 12 1.1 christos #include "helpers/cmp_testlib.h" 13 1.1 christos 14 1.1 christos static const char *ir_protected_f; 15 1.1 christos static const char *ir_unprotected_f; 16 1.1 christos static const char *ip_PBM_f; 17 1.1 christos 18 1.1 christos typedef struct test_fixture { 19 1.1 christos const char *test_case_name; 20 1.1 christos OSSL_CMP_CTX *cmp_ctx; 21 1.1 christos /* for protection tests */ 22 1.1 christos OSSL_CMP_MSG *msg; 23 1.1 christos OSSL_CMP_PKISI *si; /* for error and response messages */ 24 1.1 christos EVP_PKEY *pubkey; 25 1.1 christos unsigned char *mem; 26 1.1 christos int memlen; 27 1.1 christos X509 *cert; 28 1.1 christos STACK_OF(X509) *certs; 29 1.1 christos STACK_OF(X509) *chain; 30 1.1 christos int with_ss; 31 1.1 christos int callback_arg; 32 1.1 christos int expected; 33 1.1 christos } CMP_PROTECT_TEST_FIXTURE; 34 1.1 christos 35 1.1 christos static OSSL_LIB_CTX *libctx = NULL; 36 1.1 christos static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 37 1.1 christos 38 1.1 christos static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) 39 1.1 christos { 40 1.1.1.3 christos if (fixture != NULL) { 41 1.1.1.3 christos OSSL_CMP_CTX_free(fixture->cmp_ctx); 42 1.1.1.3 christos OSSL_CMP_MSG_free(fixture->msg); 43 1.1.1.3 christos OSSL_CMP_PKISI_free(fixture->si); 44 1.1.1.3 christos 45 1.1.1.3 christos OPENSSL_free(fixture->mem); 46 1.1.1.3 christos sk_X509_free(fixture->certs); 47 1.1.1.3 christos sk_X509_free(fixture->chain); 48 1.1 christos 49 1.1.1.3 christos OPENSSL_free(fixture); 50 1.1.1.3 christos } 51 1.1 christos } 52 1.1 christos 53 1.1 christos static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) 54 1.1 christos { 55 1.1 christos CMP_PROTECT_TEST_FIXTURE *fixture; 56 1.1 christos 57 1.1 christos if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 58 1.1 christos return NULL; 59 1.1 christos fixture->test_case_name = test_case_name; 60 1.1 christos if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) { 61 1.1 christos tear_down(fixture); 62 1.1 christos return NULL; 63 1.1 christos } 64 1.1 christos return fixture; 65 1.1 christos } 66 1.1 christos 67 1.1 christos static EVP_PKEY *loadedprivkey = NULL; 68 1.1 christos static EVP_PKEY *loadedpubkey = NULL; 69 1.1 christos static EVP_PKEY *loadedkey = NULL; 70 1.1 christos static X509 *cert = NULL; 71 1.1 christos static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 72 1.1 christos static OSSL_CMP_MSG *ir_unprotected, *ir_protected; 73 1.1 christos static X509 *endentity1 = NULL, *endentity2 = NULL, 74 1.1 christos *root = NULL, *intermediate = NULL; 75 1.1 christos 76 1.1 christos static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) 77 1.1 christos { 78 1.1 christos ASN1_BIT_STRING *protection = 79 1.1 christos ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 80 1.1 christos int res = TEST_ptr_null(protection); 81 1.1 christos 82 1.1 christos ASN1_BIT_STRING_free(protection); 83 1.1 christos return res; 84 1.1 christos } 85 1.1 christos 86 1.1 christos static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) 87 1.1 christos { 88 1.1 christos ASN1_BIT_STRING *protection = 89 1.1 christos ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 90 1.1 christos int res = TEST_ptr(protection) 91 1.1 christos && TEST_true(ASN1_STRING_cmp(protection, 92 1.1 christos fixture->msg->protection) == 0); 93 1.1 christos 94 1.1 christos ASN1_BIT_STRING_free(protection); 95 1.1 christos return res; 96 1.1 christos } 97 1.1 christos 98 1.1 christos /* 99 1.1 christos * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, 100 1.1 christos * but without the need for a OSSL_CMP_CTX or a X509 certificate 101 1.1 christos */ 102 1.1 christos static int verify_signature(OSSL_CMP_MSG *msg, 103 1.1 christos ASN1_BIT_STRING *protection, 104 1.1 christos EVP_PKEY *pkey, EVP_MD *digest) 105 1.1 christos { 106 1.1 christos OSSL_CMP_PROTECTEDPART prot_part; 107 1.1 christos unsigned char *prot_part_der = NULL; 108 1.1 christos int len; 109 1.1 christos EVP_MD_CTX *ctx = NULL; 110 1.1 christos int res; 111 1.1 christos 112 1.1 christos prot_part.header = OSSL_CMP_MSG_get0_header(msg); 113 1.1 christos prot_part.body = msg->body; 114 1.1 christos len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); 115 1.1 christos res = 116 1.1 christos TEST_int_ge(len, 0) 117 1.1 christos && TEST_ptr(ctx = EVP_MD_CTX_new()) 118 1.1 christos && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) 119 1.1 christos && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, 120 1.1 christos protection->length, 121 1.1 christos prot_part_der, len), 1); 122 1.1 christos /* cleanup */ 123 1.1 christos EVP_MD_CTX_free(ctx); 124 1.1 christos OPENSSL_free(prot_part_der); 125 1.1 christos return res; 126 1.1 christos } 127 1.1 christos 128 1.1 christos /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ 129 1.1 christos static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * 130 1.1 christos fixture) 131 1.1 christos { 132 1.1 christos ASN1_BIT_STRING *protection = 133 1.1 christos ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 134 1.1 christos int ret = (TEST_ptr(protection) 135 1.1 christos && TEST_true(ASN1_STRING_cmp(protection, 136 1.1 christos fixture->msg->protection) == 0) 137 1.1 christos && TEST_true(verify_signature(fixture->msg, protection, 138 1.1 christos fixture->pubkey, 139 1.1 christos fixture->cmp_ctx->digest))); 140 1.1 christos 141 1.1 christos ASN1_BIT_STRING_free(protection); 142 1.1 christos return ret; 143 1.1 christos } 144 1.1 christos 145 1.1 christos static int test_cmp_calc_protection_no_key_no_secret(void) 146 1.1 christos { 147 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 148 1.1 christos if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) 149 1.1 christos || !TEST_ptr(fixture->msg->header->protectionAlg = 150 1.1 christos X509_ALGOR_new() /* no specific alg needed here */)) { 151 1.1 christos tear_down(fixture); 152 1.1 christos fixture = NULL; 153 1.1 christos } 154 1.1 christos 155 1.1 christos EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); 156 1.1 christos return result; 157 1.1 christos } 158 1.1 christos 159 1.1 christos static int test_cmp_calc_protection_pkey(void) 160 1.1 christos { 161 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 162 1.1 christos fixture->pubkey = loadedpubkey; 163 1.1 christos if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) 164 1.1 christos || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { 165 1.1 christos tear_down(fixture); 166 1.1 christos fixture = NULL; 167 1.1 christos } 168 1.1 christos EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 169 1.1 christos return result; 170 1.1 christos } 171 1.1 christos 172 1.1 christos static int test_cmp_calc_protection_pbmac(void) 173 1.1 christos { 174 1.1 christos unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; 175 1.1 christos 176 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 177 1.1 christos if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 178 1.1 christos sec_insta, sizeof(sec_insta))) 179 1.1 christos || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { 180 1.1 christos tear_down(fixture); 181 1.1 christos fixture = NULL; 182 1.1 christos } 183 1.1 christos EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); 184 1.1 christos return result; 185 1.1 christos } 186 1.1 christos static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) 187 1.1 christos { 188 1.1 christos return TEST_int_eq(fixture->expected, 189 1.1 christos ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); 190 1.1 christos } 191 1.1 christos 192 1.1 christos #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ 193 1.1 christos OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) 194 1.1 christos static int test_MSG_protect_unprotected_request(void) 195 1.1 christos { 196 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 197 1.1 christos 198 1.1 christos fixture->expected = 1; 199 1.1 christos if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 200 1.1 christos || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { 201 1.1 christos tear_down(fixture); 202 1.1 christos fixture = NULL; 203 1.1 christos } 204 1.1 christos EXECUTE_TEST(execute_MSG_protect_test, tear_down); 205 1.1 christos return result; 206 1.1 christos } 207 1.1 christos 208 1.1 christos static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) 209 1.1 christos { 210 1.1 christos const size_t size = sizeof(rand_data) / 2; 211 1.1 christos 212 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 213 1.1 christos fixture->expected = 1; 214 1.1 christos 215 1.1 christos if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 216 1.1 christos || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 217 1.1 christos /* 218 1.1 christos * Use half of the 16 bytes of random input 219 1.1 christos * for each reference and secret value 220 1.1 christos */ 221 1.1 christos || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 222 1.1 christos rand_data, size)) 223 1.1 christos || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 224 1.1 christos rand_data + size, 225 1.1 christos size))) { 226 1.1 christos tear_down(fixture); 227 1.1 christos fixture = NULL; 228 1.1 christos } 229 1.1 christos EXECUTE_TEST(execute_MSG_protect_test, tear_down); 230 1.1 christos return result; 231 1.1 christos } 232 1.1 christos 233 1.1 christos static int test_MSG_protect_with_certificate_and_key(void) 234 1.1 christos { 235 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 236 1.1 christos fixture->expected = 1; 237 1.1 christos 238 1.1 christos if (!TEST_ptr(fixture->msg = 239 1.1 christos OSSL_CMP_MSG_dup(ir_unprotected)) 240 1.1 christos || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 241 1.1 christos || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) 242 1.1 christos || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { 243 1.1 christos tear_down(fixture); 244 1.1 christos fixture = NULL; 245 1.1 christos } 246 1.1 christos EXECUTE_TEST(execute_MSG_protect_test, tear_down); 247 1.1 christos return result; 248 1.1 christos } 249 1.1 christos 250 1.1 christos static int test_MSG_protect_certificate_based_without_cert(void) 251 1.1 christos { 252 1.1 christos OSSL_CMP_CTX *ctx; 253 1.1 christos 254 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 255 1.1 christos ctx = fixture->cmp_ctx; 256 1.1 christos fixture->expected = 0; 257 1.1 christos if (!TEST_ptr(fixture->msg = 258 1.1 christos OSSL_CMP_MSG_dup(ir_unprotected)) 259 1.1 christos || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) 260 1.1 christos || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { 261 1.1 christos tear_down(fixture); 262 1.1 christos fixture = NULL; 263 1.1 christos } 264 1.1 christos EVP_PKEY_up_ref(loadedkey); 265 1.1 christos EXECUTE_TEST(execute_MSG_protect_test, tear_down); 266 1.1 christos return result; 267 1.1 christos } 268 1.1 christos 269 1.1 christos static int test_MSG_protect_no_key_no_secret(void) 270 1.1 christos { 271 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 272 1.1 christos fixture->expected = 0; 273 1.1 christos if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 274 1.1 christos || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { 275 1.1 christos tear_down(fixture); 276 1.1 christos fixture = NULL; 277 1.1 christos } 278 1.1 christos EXECUTE_TEST(execute_MSG_protect_test, tear_down); 279 1.1 christos return result; 280 1.1 christos } 281 1.1 christos 282 1.1 christos static int test_MSG_protect_pbmac_no_sender(int with_ref) 283 1.1 christos { 284 1.1 christos static unsigned char secret[] = { 47, 11, 8, 15 }; 285 1.1 christos static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; 286 1.1 christos 287 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 288 1.1 christos fixture->expected = with_ref; 289 1.1 christos if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 290 1.1 christos || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) 291 1.1 christos || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) 292 1.1 christos || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 293 1.1 christos secret, sizeof(secret)) 294 1.1 christos || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 295 1.1 christos with_ref ? ref : NULL, 296 1.1 christos sizeof(ref)))) { 297 1.1 christos tear_down(fixture); 298 1.1 christos fixture = NULL; 299 1.1 christos } 300 1.1 christos EXECUTE_TEST(execute_MSG_protect_test, tear_down); 301 1.1 christos return result; 302 1.1 christos } 303 1.1 christos 304 1.1 christos static int test_MSG_protect_pbmac_no_sender_with_ref(void) 305 1.1 christos { 306 1.1 christos return test_MSG_protect_pbmac_no_sender(1); 307 1.1 christos } 308 1.1 christos 309 1.1 christos static int test_MSG_protect_pbmac_no_sender_no_ref(void) 310 1.1 christos { 311 1.1 christos return test_MSG_protect_pbmac_no_sender(0); 312 1.1 christos } 313 1.1 christos 314 1.1 christos static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) 315 1.1 christos { 316 1.1 christos return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, 317 1.1 christos fixture->msg)); 318 1.1 christos } 319 1.1 christos 320 1.1 christos static int test_MSG_add_extraCerts(void) 321 1.1 christos { 322 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 323 1.1 christos if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { 324 1.1 christos tear_down(fixture); 325 1.1 christos fixture = NULL; 326 1.1 christos } 327 1.1 christos EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); 328 1.1 christos return result; 329 1.1 christos } 330 1.1 christos 331 1.1 christos #ifndef OPENSSL_NO_EC 332 1.1 christos /* The cert chain tests use EC certs so we skip them in no-ec builds */ 333 1.1 christos static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) 334 1.1 christos { 335 1.1 christos int ret = 0; 336 1.1 christos OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 337 1.1 christos X509_STORE *store; 338 1.1 christos STACK_OF(X509) *chain = 339 1.1 christos X509_build_chain(fixture->cert, fixture->certs, NULL, 340 1.1 christos fixture->with_ss, ctx->libctx, ctx->propq); 341 1.1 christos 342 1.1 christos if (TEST_ptr(chain)) { 343 1.1 christos /* Check whether chain built is equal to the expected one */ 344 1.1 christos ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 345 1.1 christos sk_X509_pop_free(chain, X509_free); 346 1.1 christos } 347 1.1 christos if (!ret) 348 1.1 christos return 0; 349 1.1 christos 350 1.1 christos if (TEST_ptr(store = X509_STORE_new()) 351 1.1 christos && TEST_true(X509_STORE_add_cert(store, root))) { 352 1.1 christos X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), 353 1.1 christos X509_V_FLAG_NO_CHECK_TIME); 354 1.1 christos chain = X509_build_chain(fixture->cert, fixture->certs, store, 355 1.1 christos fixture->with_ss, ctx->libctx, ctx->propq); 356 1.1 christos ret = TEST_int_eq(fixture->expected, chain != NULL); 357 1.1 christos if (ret && chain != NULL) { 358 1.1 christos /* Check whether chain built is equal to the expected one */ 359 1.1 christos ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 360 1.1 christos sk_X509_pop_free(chain, X509_free); 361 1.1 christos } 362 1.1 christos } 363 1.1 christos X509_STORE_free(store); 364 1.1 christos return ret; 365 1.1 christos } 366 1.1 christos 367 1.1 christos static int test_cmp_build_cert_chain(void) 368 1.1 christos { 369 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 370 1.1 christos fixture->expected = 1; 371 1.1 christos fixture->with_ss = 0; 372 1.1 christos fixture->cert = endentity2; 373 1.1 christos if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 374 1.1 christos || !TEST_ptr(fixture->chain = sk_X509_new_null()) 375 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 376 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, root)) 377 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 378 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 379 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 380 1.1 christos tear_down(fixture); 381 1.1 christos fixture = NULL; 382 1.1 christos } 383 1.1 christos if (fixture != NULL) { 384 1.1 christos result = execute_cmp_build_cert_chain_test(fixture); 385 1.1 christos fixture->with_ss = 1; 386 1.1 christos if (result && TEST_true(sk_X509_push(fixture->chain, root))) 387 1.1 christos result = execute_cmp_build_cert_chain_test(fixture); 388 1.1 christos } 389 1.1 christos tear_down(fixture); 390 1.1 christos return result; 391 1.1 christos } 392 1.1 christos 393 1.1 christos static int test_cmp_build_cert_chain_missing_intermediate(void) 394 1.1 christos { 395 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 396 1.1 christos fixture->expected = 0; 397 1.1 christos fixture->with_ss = 0; 398 1.1 christos fixture->cert = endentity2; 399 1.1 christos if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 400 1.1 christos || !TEST_ptr(fixture->chain = sk_X509_new_null()) 401 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 402 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, root)) 403 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 404 1.1 christos tear_down(fixture); 405 1.1 christos fixture = NULL; 406 1.1 christos } 407 1.1 christos EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 408 1.1 christos return result; 409 1.1 christos } 410 1.1 christos 411 1.1 christos static int test_cmp_build_cert_chain_no_root(void) 412 1.1 christos { 413 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 414 1.1 christos fixture->expected = 1; 415 1.1 christos fixture->with_ss = 0; 416 1.1 christos fixture->cert = endentity2; 417 1.1 christos if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 418 1.1 christos || !TEST_ptr(fixture->chain = sk_X509_new_null()) 419 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 420 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 421 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 422 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 423 1.1 christos tear_down(fixture); 424 1.1 christos fixture = NULL; 425 1.1 christos } 426 1.1 christos EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 427 1.1 christos return result; 428 1.1 christos } 429 1.1 christos 430 1.1 christos static int test_cmp_build_cert_chain_only_root(void) 431 1.1 christos { 432 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 433 1.1 christos fixture->expected = 1; 434 1.1 christos fixture->with_ss = 0; /* still chain must include the only cert (root) */ 435 1.1 christos fixture->cert = root; 436 1.1 christos if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 437 1.1 christos || !TEST_ptr(fixture->chain = sk_X509_new_null()) 438 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, root)) 439 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, root))) { 440 1.1 christos tear_down(fixture); 441 1.1 christos fixture = NULL; 442 1.1 christos } 443 1.1 christos EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 444 1.1 christos return result; 445 1.1 christos } 446 1.1 christos 447 1.1 christos static int test_cmp_build_cert_chain_no_certs(void) 448 1.1 christos { 449 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 450 1.1 christos fixture->expected = 0; 451 1.1 christos fixture->with_ss = 0; 452 1.1 christos fixture->cert = endentity2; 453 1.1 christos if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 454 1.1 christos || !TEST_ptr(fixture->chain = sk_X509_new_null()) 455 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 456 1.1 christos tear_down(fixture); 457 1.1 christos fixture = NULL; 458 1.1 christos } 459 1.1 christos EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 460 1.1 christos return result; 461 1.1 christos } 462 1.1 christos #endif /* OPENSSL_NO_EC */ 463 1.1 christos 464 1.1 christos static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) 465 1.1 christos { 466 1.1 christos X509_STORE *store = X509_STORE_new(); 467 1.1 christos STACK_OF(X509) *sk = NULL; 468 1.1 christos int res = 0; 469 1.1 christos 470 1.1 christos if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, 471 1.1 christos fixture->certs, 472 1.1 christos fixture->callback_arg))) 473 1.1 christos goto err; 474 1.1 christos sk = X509_STORE_get1_all_certs(store); 475 1.1 christos if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) 476 1.1 christos goto err; 477 1.1 christos res = 1; 478 1.1 christos err: 479 1.1 christos X509_STORE_free(store); 480 1.1 christos sk_X509_pop_free(sk, X509_free); 481 1.1 christos return res; 482 1.1 christos 483 1.1 christos } 484 1.1 christos 485 1.1 christos static int test_X509_STORE(void) 486 1.1 christos { 487 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 488 1.1 christos fixture->callback_arg = 0; /* self-issued allowed */ 489 1.1 christos if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 490 1.1 christos || !sk_X509_push(fixture->certs, endentity1) 491 1.1 christos || !sk_X509_push(fixture->certs, endentity2) 492 1.1 christos || !sk_X509_push(fixture->certs, root) 493 1.1 christos || !sk_X509_push(fixture->certs, intermediate) 494 1.1 christos || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { 495 1.1 christos tear_down(fixture); 496 1.1 christos fixture = NULL; 497 1.1 christos } 498 1.1 christos EXECUTE_TEST(execute_X509_STORE_test, tear_down); 499 1.1 christos return result; 500 1.1 christos } 501 1.1 christos 502 1.1 christos static int test_X509_STORE_only_self_issued(void) 503 1.1 christos { 504 1.1 christos SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 505 1.1 christos fixture->certs = sk_X509_new_null(); 506 1.1 christos fixture->chain = sk_X509_new_null(); 507 1.1 christos fixture->callback_arg = 1; /* only self-issued */ 508 1.1 christos if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) 509 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, endentity2)) 510 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, root)) 511 1.1 christos || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 512 1.1 christos || !TEST_true(sk_X509_push(fixture->chain, root))) { 513 1.1 christos tear_down(fixture); 514 1.1 christos fixture = NULL; 515 1.1 christos } 516 1.1 christos EXECUTE_TEST(execute_X509_STORE_test, tear_down); 517 1.1 christos return result; 518 1.1 christos } 519 1.1 christos 520 1.1 christos 521 1.1 christos void cleanup_tests(void) 522 1.1 christos { 523 1.1 christos EVP_PKEY_free(loadedprivkey); 524 1.1 christos EVP_PKEY_free(loadedpubkey); 525 1.1 christos EVP_PKEY_free(loadedkey); 526 1.1 christos X509_free(cert); 527 1.1 christos X509_free(endentity1); 528 1.1 christos X509_free(endentity2); 529 1.1 christos X509_free(root); 530 1.1 christos X509_free(intermediate); 531 1.1 christos OSSL_CMP_MSG_free(ir_protected); 532 1.1 christos OSSL_CMP_MSG_free(ir_unprotected); 533 1.1.1.2 christos OSSL_PROVIDER_unload(default_null_provider); 534 1.1.1.2 christos OSSL_PROVIDER_unload(provider); 535 1.1 christos OSSL_LIB_CTX_free(libctx); 536 1.1 christos } 537 1.1 christos 538 1.1 christos #define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ 539 1.1 christos "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ 540 1.1 christos "Intermediate_CA.crt module_name [module_conf_file]\n" 541 1.1 christos OPT_TEST_DECLARE_USAGE(USAGE) 542 1.1 christos 543 1.1 christos int setup_tests(void) 544 1.1 christos { 545 1.1 christos char *server_f; 546 1.1 christos char *server_key_f; 547 1.1 christos char *server_cert_f; 548 1.1 christos char *endentity1_f; 549 1.1 christos char *endentity2_f; 550 1.1 christos char *root_f; 551 1.1 christos char *intermediate_f; 552 1.1 christos 553 1.1 christos if (!test_skip_common_options()) { 554 1.1 christos TEST_error("Error parsing test options\n"); 555 1.1 christos return 0; 556 1.1 christos } 557 1.1 christos 558 1.1 christos RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 559 1.1 christos if (!TEST_ptr(server_f = test_get_argument(0)) 560 1.1 christos || !TEST_ptr(ir_protected_f = test_get_argument(1)) 561 1.1 christos || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) 562 1.1 christos || !TEST_ptr(ip_PBM_f = test_get_argument(3)) 563 1.1 christos || !TEST_ptr(server_cert_f = test_get_argument(4)) 564 1.1 christos || !TEST_ptr(server_key_f = test_get_argument(5)) 565 1.1 christos || !TEST_ptr(endentity1_f = test_get_argument(6)) 566 1.1 christos || !TEST_ptr(endentity2_f = test_get_argument(7)) 567 1.1 christos || !TEST_ptr(root_f = test_get_argument(8)) 568 1.1 christos || !TEST_ptr(intermediate_f = test_get_argument(9))) { 569 1.1 christos TEST_error("usage: cmp_protect_test %s", USAGE); 570 1.1 christos return 0; 571 1.1 christos } 572 1.1 christos 573 1.1 christos if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) 574 1.1 christos return 0; 575 1.1 christos 576 1.1 christos if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) 577 1.1 christos || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) 578 1.1 christos return 0; 579 1.1 christos 580 1.1 christos if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) 581 1.1 christos return 0; 582 1.1 christos if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) 583 1.1 christos loadedpubkey = loadedprivkey; 584 1.1 christos if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) 585 1.1 christos || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) 586 1.1 christos return 0; 587 1.1 christos if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 588 1.1 christos || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 589 1.1 christos || !TEST_ptr(root = load_cert_pem(root_f, libctx)) 590 1.1 christos || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 591 1.1 christos return 0; 592 1.1 christos if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 593 1.1 christos return 0; 594 1.1 christos 595 1.1 christos /* Message protection tests */ 596 1.1 christos ADD_TEST(test_cmp_calc_protection_no_key_no_secret); 597 1.1 christos ADD_TEST(test_cmp_calc_protection_pkey); 598 1.1 christos ADD_TEST(test_cmp_calc_protection_pbmac); 599 1.1 christos 600 1.1 christos ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); 601 1.1 christos ADD_TEST(test_MSG_protect_with_certificate_and_key); 602 1.1 christos ADD_TEST(test_MSG_protect_certificate_based_without_cert); 603 1.1 christos ADD_TEST(test_MSG_protect_unprotected_request); 604 1.1 christos ADD_TEST(test_MSG_protect_no_key_no_secret); 605 1.1 christos ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); 606 1.1 christos ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); 607 1.1 christos ADD_TEST(test_MSG_add_extraCerts); 608 1.1 christos 609 1.1 christos #ifndef OPENSSL_NO_EC 610 1.1 christos ADD_TEST(test_cmp_build_cert_chain); 611 1.1 christos ADD_TEST(test_cmp_build_cert_chain_only_root); 612 1.1 christos ADD_TEST(test_cmp_build_cert_chain_no_root); 613 1.1 christos ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); 614 1.1 christos ADD_TEST(test_cmp_build_cert_chain_no_certs); 615 1.1 christos #endif 616 1.1 christos 617 1.1 christos ADD_TEST(test_X509_STORE); 618 1.1 christos ADD_TEST(test_X509_STORE_only_self_issued); 619 1.1 christos 620 1.1 christos return 1; 621 1.1 christos } 622
Indexes created Wed Mar 04 05:31:52 UTC 2026