cmp_vfy_test.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700
  1. /*
  2. * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include "helpers/cmp_testlib.h"
  12. #include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */
  13. static const char *server_f;
  14. static const char *client_f;
  15. static const char *endentity1_f;
  16. static const char *endentity2_f;
  17. static const char *root_f;
  18. static const char *intermediate_f;
  19. static const char *ir_protected_f;
  20. static const char *ir_unprotected_f;
  21. static const char *ir_rmprotection_f;
  22. static const char *ip_waiting_f;
  23. static const char *instacert_f;
  24. static const char *instaca_f;
  25. static const char *ir_protected_0_extracerts;
  26. static const char *ir_protected_2_extracerts;
  27. typedef struct test_fixture {
  28. const char *test_case_name;
  29. int expected;
  30. OSSL_CMP_CTX *cmp_ctx;
  31. OSSL_CMP_MSG *msg;
  32. X509 *cert;
  33. ossl_cmp_allow_unprotected_cb_t allow_unprotected_cb;
  34. int additional_arg;
  35. } CMP_VFY_TEST_FIXTURE;
  36. static OSSL_LIB_CTX *libctx = NULL;
  37. static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
  38. static void tear_down(CMP_VFY_TEST_FIXTURE *fixture)
  39. {
  40. OSSL_CMP_MSG_free(fixture->msg);
  41. OSSL_CMP_CTX_free(fixture->cmp_ctx);
  42. OPENSSL_free(fixture);
  43. }
  44. static time_t test_time_valid = 0, test_time_after_expiration = 0;
  45. static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
  46. {
  47. X509_STORE *ts;
  48. CMP_VFY_TEST_FIXTURE *fixture;
  49. if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
  50. return NULL;
  51. ts = X509_STORE_new();
  52. fixture->test_case_name = test_case_name;
  53. if (ts == NULL
  54. || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
  55. || !OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, ts)
  56. || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
  57. tear_down(fixture);
  58. X509_STORE_free(ts);
  59. return NULL;
  60. }
  61. X509_VERIFY_PARAM_set_time(X509_STORE_get0_param(ts), test_time_valid);
  62. X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb);
  63. return fixture;
  64. }
  65. static X509 *srvcert = NULL;
  66. static X509 *clcert = NULL;
  67. /* chain */
  68. static X509 *endentity1 = NULL, *endentity2 = NULL,
  69. *intermediate = NULL, *root = NULL;
  70. /* INSTA chain */
  71. static X509 *insta_cert = NULL, *instaca_cert = NULL;
  72. static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
  73. static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection;
  74. static int flip_bit(ASN1_BIT_STRING *bitstr)
  75. {
  76. int bit_num = 7;
  77. int bit = ASN1_BIT_STRING_get_bit(bitstr, bit_num);
  78. return ASN1_BIT_STRING_set_bit(bitstr, bit_num, !bit);
  79. }
  80. static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
  81. {
  82. if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL)
  83. return 0;
  84. if (fixture->expected == 0) {
  85. const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
  86. const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
  87. if (req == NULL || !flip_bit(req->popo->value.signature->signature))
  88. return 0;
  89. }
  90. return TEST_int_eq(fixture->expected,
  91. ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg,
  92. fixture->additional_arg));
  93. }
  94. static int test_verify_popo(void)
  95. {
  96. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  97. fixture->expected = 1;
  98. EXECUTE_TEST(execute_verify_popo_test, tear_down);
  99. return result;
  100. }
  101. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  102. static int test_verify_popo_bad(void)
  103. {
  104. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  105. fixture->expected = 0;
  106. EXECUTE_TEST(execute_verify_popo_test, tear_down);
  107. return result;
  108. }
  109. #endif
  110. /* indirectly checks also OSSL_CMP_validate_msg() */
  111. static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture)
  112. {
  113. int res = TEST_int_eq(fixture->expected,
  114. ossl_cmp_msg_check_update(fixture->cmp_ctx,
  115. fixture->msg, NULL, 0));
  116. X509 *validated = OSSL_CMP_CTX_get0_validatedSrvCert(fixture->cmp_ctx);
  117. return res && (!fixture->expected || TEST_ptr_eq(validated, fixture->cert));
  118. }
  119. static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
  120. {
  121. X509_STORE *ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx);
  122. int res = TEST_int_eq(fixture->expected,
  123. OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
  124. ts, fixture->cert));
  125. OSSL_CMP_CTX_print_errors(fixture->cmp_ctx);
  126. return res;
  127. }
  128. static int test_validate_msg_mac_alg_protection(void)
  129. {
  130. /* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */
  131. const unsigned char sec_1[] = {
  132. '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
  133. 'Q', '-', 'u', 'd', 'N', 'R'
  134. };
  135. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  136. fixture->cert = NULL;
  137. fixture->expected = 1;
  138. if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
  139. sizeof(sec_1)))
  140. || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
  141. tear_down(fixture);
  142. fixture = NULL;
  143. }
  144. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  145. return result;
  146. }
  147. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  148. static int test_validate_msg_mac_alg_protection_bad(void)
  149. {
  150. const unsigned char sec_bad[] = {
  151. '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
  152. 'Q', '-', 'u', 'd', 'N', 'r'
  153. };
  154. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  155. fixture->cert = NULL;
  156. fixture->expected = 0;
  157. if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
  158. sizeof(sec_bad)))
  159. || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
  160. tear_down(fixture);
  161. fixture = NULL;
  162. }
  163. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  164. return result;
  165. }
  166. #endif
  167. static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
  168. {
  169. return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trusted(ctx), cert);
  170. }
  171. static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
  172. {
  173. return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert,
  174. X509_ADD_FLAG_UP_REF);
  175. }
  176. static int test_validate_msg_signature_partial_chain(int expired)
  177. {
  178. X509_STORE *ts;
  179. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  180. fixture->cert = srvcert;
  181. ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx);
  182. fixture->expected = !expired;
  183. if (ts == NULL
  184. || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  185. || !add_trusted(fixture->cmp_ctx, srvcert)) {
  186. tear_down(fixture);
  187. fixture = NULL;
  188. } else {
  189. X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
  190. X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
  191. if (expired)
  192. X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
  193. }
  194. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  195. return result;
  196. }
  197. static int test_validate_msg_signature_trusted_ok(void)
  198. {
  199. return test_validate_msg_signature_partial_chain(0);
  200. }
  201. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  202. static int test_validate_msg_signature_trusted_expired(void)
  203. {
  204. return test_validate_msg_signature_partial_chain(1);
  205. }
  206. #endif
  207. static int test_validate_msg_signature_srvcert_wrong(void)
  208. {
  209. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  210. fixture->expected = 0;
  211. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  212. || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
  213. tear_down(fixture);
  214. fixture = NULL;
  215. }
  216. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  217. return result;
  218. }
  219. static int test_validate_msg_signature_srvcert(int bad_sig)
  220. {
  221. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  222. fixture->cert = srvcert;
  223. fixture->expected = !bad_sig;
  224. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  225. || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
  226. || (bad_sig && !flip_bit(fixture->msg->protection))) {
  227. tear_down(fixture);
  228. fixture = NULL;
  229. }
  230. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  231. return result;
  232. }
  233. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  234. static int test_validate_msg_signature_bad(void)
  235. {
  236. return test_validate_msg_signature_srvcert(1);
  237. }
  238. #endif
  239. static int test_validate_msg_signature_sender_cert_srvcert(void)
  240. {
  241. return test_validate_msg_signature_srvcert(0);
  242. }
  243. static int test_validate_msg_signature_sender_cert_untrusted(void)
  244. {
  245. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  246. fixture->cert = insta_cert;
  247. fixture->expected = 1;
  248. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
  249. || !add_trusted(fixture->cmp_ctx, instaca_cert)
  250. || !add_untrusted(fixture->cmp_ctx, insta_cert)) {
  251. tear_down(fixture);
  252. fixture = NULL;
  253. }
  254. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  255. return result;
  256. }
  257. static int test_validate_msg_signature_sender_cert_trusted(void)
  258. {
  259. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  260. fixture->cert = insta_cert;
  261. fixture->expected = 1;
  262. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
  263. || !add_trusted(fixture->cmp_ctx, instaca_cert)
  264. || !add_trusted(fixture->cmp_ctx, insta_cert)) {
  265. tear_down(fixture);
  266. fixture = NULL;
  267. }
  268. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  269. return result;
  270. }
  271. static int test_validate_msg_signature_sender_cert_extracert(void)
  272. {
  273. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  274. fixture->expected = 1;
  275. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx))
  276. || !add_trusted(fixture->cmp_ctx, instaca_cert)) {
  277. tear_down(fixture);
  278. fixture = NULL;
  279. }
  280. fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */
  281. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  282. return result;
  283. }
  284. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  285. static int test_validate_msg_signature_sender_cert_absent(void)
  286. {
  287. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  288. fixture->expected = 0;
  289. if (!TEST_ptr(fixture->msg =
  290. load_pkimsg(ir_protected_0_extracerts, libctx))) {
  291. tear_down(fixture);
  292. fixture = NULL;
  293. }
  294. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  295. return result;
  296. }
  297. #endif
  298. static int test_validate_with_sender(const X509_NAME *name, int expected)
  299. {
  300. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  301. fixture->cert = srvcert;
  302. fixture->expected = expected;
  303. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  304. || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name))
  305. || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) {
  306. tear_down(fixture);
  307. fixture = NULL;
  308. }
  309. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  310. return result;
  311. }
  312. static int test_validate_msg_signature_expected_sender(void)
  313. {
  314. return test_validate_with_sender(X509_get_subject_name(srvcert), 1);
  315. }
  316. static int test_validate_msg_signature_unexpected_sender(void)
  317. {
  318. return test_validate_with_sender(X509_get_subject_name(root), 0);
  319. }
  320. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  321. static int test_validate_msg_unprotected_request(void)
  322. {
  323. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  324. fixture->expected = 0;
  325. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) {
  326. tear_down(fixture);
  327. fixture = NULL;
  328. }
  329. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  330. return result;
  331. }
  332. #endif
  333. static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
  334. {
  335. (*fixture)->cert = endentity2;
  336. (*fixture)->expected = wrong == NULL && !expired;
  337. if (expired) {
  338. X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx);
  339. X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
  340. X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
  341. }
  342. if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
  343. || !add_untrusted((*fixture)->cmp_ctx, endentity1)
  344. || !add_untrusted((*fixture)->cmp_ctx, intermediate)) {
  345. tear_down((*fixture));
  346. (*fixture) = NULL;
  347. }
  348. }
  349. static int test_validate_cert_path_ok(void)
  350. {
  351. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  352. setup_path(&fixture, NULL, 0);
  353. EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
  354. return result;
  355. }
  356. static int test_validate_cert_path_wrong_anchor(void)
  357. {
  358. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  359. setup_path(&fixture, srvcert /* wrong/non-root cert */, 0);
  360. EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
  361. return result;
  362. }
  363. static int test_validate_cert_path_expired(void)
  364. {
  365. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  366. setup_path(&fixture, NULL, 1);
  367. EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
  368. return result;
  369. }
  370. static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture)
  371. {
  372. const OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(fixture->msg);
  373. const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr);
  374. if (!TEST_int_eq(fixture->expected,
  375. ossl_cmp_msg_check_update(fixture->cmp_ctx,
  376. fixture->msg,
  377. fixture->allow_unprotected_cb,
  378. fixture->additional_arg)))
  379. return 0;
  380. if (fixture->expected == 0) /* error expected already during above check */
  381. return 1;
  382. return
  383. TEST_int_eq(0,
  384. ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr),
  385. fixture->cmp_ctx->recipNonce))
  386. && TEST_int_eq(0,
  387. ASN1_OCTET_STRING_cmp(tid,
  388. fixture->cmp_ctx->transactionID));
  389. }
  390. static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
  391. int invalid_protection, int allow)
  392. {
  393. return allow;
  394. }
  395. static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
  396. ossl_cmp_allow_unprotected_cb_t cb, int arg,
  397. const unsigned char *trid_data,
  398. const unsigned char *nonce_data)
  399. {
  400. OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx;
  401. int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH;
  402. (*fixture)->expected = expected;
  403. (*fixture)->allow_unprotected_cb = cb;
  404. (*fixture)->additional_arg = arg;
  405. (*fixture)->msg = OSSL_CMP_MSG_dup(ir_rmprotection);
  406. if ((*fixture)->msg == NULL
  407. || (nonce_data != NULL
  408. && !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce,
  409. nonce_data, nonce_len))) {
  410. tear_down((*fixture));
  411. (*fixture) = NULL;
  412. } else if (trid_data != NULL) {
  413. ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
  414. if (trid == NULL
  415. || !ASN1_OCTET_STRING_set(trid, trid_data,
  416. OSSL_CMP_TRANSACTIONID_LENGTH)
  417. || !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) {
  418. tear_down((*fixture));
  419. (*fixture) = NULL;
  420. }
  421. ASN1_OCTET_STRING_free(trid);
  422. }
  423. }
  424. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  425. static int test_msg_check_no_protection_no_cb(void)
  426. {
  427. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  428. setup_check_update(&fixture, 0, NULL, 0, NULL, NULL);
  429. EXECUTE_TEST(execute_msg_check_test, tear_down);
  430. return result;
  431. }
  432. static int test_msg_check_no_protection_restrictive_cb(void)
  433. {
  434. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  435. setup_check_update(&fixture, 0, allow_unprotected, 0, NULL, NULL);
  436. EXECUTE_TEST(execute_msg_check_test, tear_down);
  437. return result;
  438. }
  439. #endif
  440. static int test_msg_check_no_protection_permissive_cb(void)
  441. {
  442. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  443. setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, NULL);
  444. EXECUTE_TEST(execute_msg_check_test, tear_down);
  445. return result;
  446. }
  447. static int test_msg_check_transaction_id(void)
  448. {
  449. /* Transaction id belonging to CMP_IR_rmprotection.der */
  450. const unsigned char trans_id[OSSL_CMP_TRANSACTIONID_LENGTH] = {
  451. 0x39, 0xB6, 0x90, 0x28, 0xC4, 0xBC, 0x7A, 0xF6,
  452. 0xBE, 0xC6, 0x4A, 0x88, 0x97, 0xA6, 0x95, 0x0B
  453. };
  454. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  455. setup_check_update(&fixture, 1, allow_unprotected, 1, trans_id, NULL);
  456. EXECUTE_TEST(execute_msg_check_test, tear_down);
  457. return result;
  458. }
  459. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  460. static int test_msg_check_transaction_id_bad(void)
  461. {
  462. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  463. setup_check_update(&fixture, 0, allow_unprotected, 1, rand_data, NULL);
  464. EXECUTE_TEST(execute_msg_check_test, tear_down);
  465. return result;
  466. }
  467. #endif
  468. static int test_msg_check_recipient_nonce(void)
  469. {
  470. /* Recipient nonce belonging to CMP_IP_ir_rmprotection.der */
  471. const unsigned char rec_nonce[OSSL_CMP_SENDERNONCE_LENGTH] = {
  472. 0x48, 0xF1, 0x71, 0x1F, 0xE5, 0xAF, 0x1C, 0x8B,
  473. 0x21, 0x97, 0x5C, 0x84, 0x74, 0x49, 0xBA, 0x32
  474. };
  475. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  476. setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, rec_nonce);
  477. EXECUTE_TEST(execute_msg_check_test, tear_down);
  478. return result;
  479. }
  480. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  481. static int test_msg_check_recipient_nonce_bad(void)
  482. {
  483. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  484. setup_check_update(&fixture, 0, allow_unprotected, 1, NULL, rand_data);
  485. EXECUTE_TEST(execute_msg_check_test, tear_down);
  486. return result;
  487. }
  488. #endif
  489. void cleanup_tests(void)
  490. {
  491. X509_free(srvcert);
  492. X509_free(clcert);
  493. X509_free(endentity1);
  494. X509_free(endentity2);
  495. X509_free(intermediate);
  496. X509_free(root);
  497. X509_free(insta_cert);
  498. X509_free(instaca_cert);
  499. OSSL_CMP_MSG_free(ir_unprotected);
  500. OSSL_CMP_MSG_free(ir_rmprotection);
  501. OSSL_LIB_CTX_free(libctx);
  502. return;
  503. }
  504. #define USAGE "server.crt client.crt " \
  505. "EndEntity1.crt EndEntity2.crt " \
  506. "Root_CA.crt Intermediate_CA.crt " \
  507. "CMP_IR_protected.der CMP_IR_unprotected.der " \
  508. "IP_waitingStatus_PBM.der IR_rmprotection.der " \
  509. "insta.cert.pem insta_ca.cert.pem " \
  510. "IR_protected_0_extraCerts.der " \
  511. "IR_protected_2_extraCerts.der module_name [module_conf_file]\n"
  512. OPT_TEST_DECLARE_USAGE(USAGE)
  513. int setup_tests(void)
  514. {
  515. /* Set test time stamps */
  516. struct tm ts = { 0 };
  517. ts.tm_year = 2018 - 1900; /* 2018 */
  518. ts.tm_mon = 1; /* February */
  519. ts.tm_mday = 18; /* 18th */
  520. test_time_valid = mktime(&ts); /* February 18th 2018 */
  521. ts.tm_year += 10; /* February 18th 2028 */
  522. test_time_after_expiration = mktime(&ts);
  523. if (!test_skip_common_options()) {
  524. TEST_error("Error parsing test options\n");
  525. return 0;
  526. }
  527. RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
  528. if (!TEST_ptr(server_f = test_get_argument(0))
  529. || !TEST_ptr(client_f = test_get_argument(1))
  530. || !TEST_ptr(endentity1_f = test_get_argument(2))
  531. || !TEST_ptr(endentity2_f = test_get_argument(3))
  532. || !TEST_ptr(root_f = test_get_argument(4))
  533. || !TEST_ptr(intermediate_f = test_get_argument(5))
  534. || !TEST_ptr(ir_protected_f = test_get_argument(6))
  535. || !TEST_ptr(ir_unprotected_f = test_get_argument(7))
  536. || !TEST_ptr(ip_waiting_f = test_get_argument(8))
  537. || !TEST_ptr(ir_rmprotection_f = test_get_argument(9))
  538. || !TEST_ptr(instacert_f = test_get_argument(10))
  539. || !TEST_ptr(instaca_f = test_get_argument(11))
  540. || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
  541. || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
  542. TEST_error("usage: cmp_vfy_test %s", USAGE);
  543. return 0;
  544. }
  545. if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 14, USAGE))
  546. return 0;
  547. /* Load certificates for cert chain */
  548. if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
  549. || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
  550. || !TEST_ptr(root = load_cert_pem(root_f, NULL))
  551. || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
  552. goto err;
  553. if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx))
  554. || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx)))
  555. goto err;
  556. /* Load certificates for message validation */
  557. if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx))
  558. || !TEST_ptr(clcert = load_cert_pem(client_f, libctx)))
  559. goto err;
  560. if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
  561. goto err;
  562. if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
  563. || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f,
  564. libctx)))
  565. goto err;
  566. /* Message validation tests */
  567. ADD_TEST(test_verify_popo);
  568. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  569. ADD_TEST(test_verify_popo_bad);
  570. #endif
  571. ADD_TEST(test_validate_msg_signature_trusted_ok);
  572. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  573. ADD_TEST(test_validate_msg_signature_trusted_expired);
  574. #endif
  575. ADD_TEST(test_validate_msg_signature_srvcert_wrong);
  576. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  577. ADD_TEST(test_validate_msg_signature_bad);
  578. #endif
  579. ADD_TEST(test_validate_msg_signature_sender_cert_srvcert);
  580. ADD_TEST(test_validate_msg_signature_sender_cert_untrusted);
  581. ADD_TEST(test_validate_msg_signature_sender_cert_trusted);
  582. ADD_TEST(test_validate_msg_signature_sender_cert_extracert);
  583. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  584. ADD_TEST(test_validate_msg_signature_sender_cert_absent);
  585. #endif
  586. ADD_TEST(test_validate_msg_signature_expected_sender);
  587. ADD_TEST(test_validate_msg_signature_unexpected_sender);
  588. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  589. ADD_TEST(test_validate_msg_unprotected_request);
  590. #endif
  591. ADD_TEST(test_validate_msg_mac_alg_protection);
  592. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  593. ADD_TEST(test_validate_msg_mac_alg_protection_bad);
  594. #endif
  595. /* Cert path validation tests */
  596. ADD_TEST(test_validate_cert_path_ok);
  597. ADD_TEST(test_validate_cert_path_expired);
  598. ADD_TEST(test_validate_cert_path_wrong_anchor);
  599. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  600. ADD_TEST(test_msg_check_no_protection_no_cb);
  601. ADD_TEST(test_msg_check_no_protection_restrictive_cb);
  602. #endif
  603. ADD_TEST(test_msg_check_no_protection_permissive_cb);
  604. ADD_TEST(test_msg_check_transaction_id);
  605. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  606. ADD_TEST(test_msg_check_transaction_id_bad);
  607. #endif
  608. ADD_TEST(test_msg_check_recipient_nonce);
  609. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  610. ADD_TEST(test_msg_check_recipient_nonce_bad);
  611. #endif
  612. return 1;
  613. err:
  614. cleanup_tests();
  615. return 0;
  616. }