cmp_vfy_test.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696
  1. /*
  2. * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include "helpers/cmp_testlib.h"
  12. #include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */
  13. static const char *server_f;
  14. static const char *client_f;
  15. static const char *endentity1_f;
  16. static const char *endentity2_f;
  17. static const char *root_f;
  18. static const char *intermediate_f;
  19. static const char *ir_protected_f;
  20. static const char *ir_unprotected_f;
  21. static const char *ir_rmprotection_f;
  22. static const char *ip_waiting_f;
  23. static const char *instacert_f;
  24. static const char *instaca_f;
  25. static const char *ir_protected_0_extracerts;
  26. static const char *ir_protected_2_extracerts;
  27. typedef struct test_fixture {
  28. const char *test_case_name;
  29. int expected;
  30. OSSL_CMP_CTX *cmp_ctx;
  31. OSSL_CMP_MSG *msg;
  32. X509 *cert;
  33. ossl_cmp_allow_unprotected_cb_t allow_unprotected_cb;
  34. int additional_arg;
  35. } CMP_VFY_TEST_FIXTURE;
  36. static OSSL_LIB_CTX *libctx = NULL;
  37. static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
  38. static void tear_down(CMP_VFY_TEST_FIXTURE *fixture)
  39. {
  40. OSSL_CMP_MSG_free(fixture->msg);
  41. OSSL_CMP_CTX_free(fixture->cmp_ctx);
  42. OPENSSL_free(fixture);
  43. }
  44. static time_t test_time_valid = 0, test_time_after_expiration = 0;
  45. static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
  46. {
  47. X509_STORE *ts;
  48. CMP_VFY_TEST_FIXTURE *fixture;
  49. if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
  50. return NULL;
  51. ts = X509_STORE_new();
  52. fixture->test_case_name = test_case_name;
  53. if (ts == NULL
  54. || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
  55. || !OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, ts)
  56. || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
  57. tear_down(fixture);
  58. X509_STORE_free(ts);
  59. return NULL;
  60. }
  61. X509_VERIFY_PARAM_set_time(X509_STORE_get0_param(ts), test_time_valid);
  62. X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb);
  63. return fixture;
  64. }
  65. static X509 *srvcert = NULL;
  66. static X509 *clcert = NULL;
  67. /* chain */
  68. static X509 *endentity1 = NULL, *endentity2 = NULL,
  69. *intermediate = NULL, *root = NULL;
  70. /* INSTA chain */
  71. static X509 *insta_cert = NULL, *instaca_cert = NULL;
  72. static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
  73. static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection;
  74. static int flip_bit(ASN1_BIT_STRING *bitstr)
  75. {
  76. int bit_num = 7;
  77. int bit = ASN1_BIT_STRING_get_bit(bitstr, bit_num);
  78. return ASN1_BIT_STRING_set_bit(bitstr, bit_num, !bit);
  79. }
  80. static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
  81. {
  82. if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL)
  83. return 0;
  84. if (fixture->expected == 0) {
  85. const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
  86. const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
  87. if (req == NULL || !flip_bit(req->popo->value.signature->signature))
  88. return 0;
  89. }
  90. return TEST_int_eq(fixture->expected,
  91. ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg,
  92. fixture->additional_arg));
  93. }
  94. static int test_verify_popo(void)
  95. {
  96. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  97. fixture->expected = 1;
  98. EXECUTE_TEST(execute_verify_popo_test, tear_down);
  99. return result;
  100. }
  101. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  102. static int test_verify_popo_bad(void)
  103. {
  104. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  105. fixture->expected = 0;
  106. EXECUTE_TEST(execute_verify_popo_test, tear_down);
  107. return result;
  108. }
  109. #endif
  110. /* indirectly checks also OSSL_CMP_validate_msg() */
  111. static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture)
  112. {
  113. int res = TEST_int_eq(fixture->expected,
  114. ossl_cmp_msg_check_update(fixture->cmp_ctx,
  115. fixture->msg, NULL, 0));
  116. X509 *validated = OSSL_CMP_CTX_get0_validatedSrvCert(fixture->cmp_ctx);
  117. return res && (!fixture->expected || TEST_ptr_eq(validated, fixture->cert));
  118. }
  119. static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
  120. {
  121. X509_STORE *ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx);
  122. int res = TEST_int_eq(fixture->expected,
  123. OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
  124. ts, fixture->cert));
  125. OSSL_CMP_CTX_print_errors(fixture->cmp_ctx);
  126. return res;
  127. }
  128. static int test_validate_msg_mac_alg_protection(void)
  129. {
  130. /* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */
  131. const unsigned char sec_1[] = {
  132. '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
  133. 'Q', '-', 'u', 'd', 'N', 'R'
  134. };
  135. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  136. fixture->cert = NULL;
  137. fixture->expected = 1;
  138. if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
  139. sizeof(sec_1)))
  140. || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
  141. tear_down(fixture);
  142. fixture = NULL;
  143. }
  144. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  145. return result;
  146. }
  147. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  148. static int test_validate_msg_mac_alg_protection_bad(void)
  149. {
  150. const unsigned char sec_bad[] = {
  151. '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
  152. 'Q', '-', 'u', 'd', 'N', 'r'
  153. };
  154. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  155. fixture->cert = NULL;
  156. fixture->expected = 0;
  157. if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
  158. sizeof(sec_bad)))
  159. || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
  160. tear_down(fixture);
  161. fixture = NULL;
  162. }
  163. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  164. return result;
  165. }
  166. #endif
  167. static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
  168. {
  169. return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trusted(ctx), cert);
  170. }
  171. static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
  172. {
  173. return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert,
  174. X509_ADD_FLAG_UP_REF);
  175. }
  176. static int test_validate_msg_signature_partial_chain(int expired)
  177. {
  178. X509_STORE *ts;
  179. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  180. fixture->cert = srvcert;
  181. ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx);
  182. fixture->expected = !expired;
  183. if (ts == NULL
  184. || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  185. || !add_trusted(fixture->cmp_ctx, srvcert)) {
  186. tear_down(fixture);
  187. fixture = NULL;
  188. } else {
  189. X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
  190. X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
  191. if (expired)
  192. X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
  193. }
  194. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  195. return result;
  196. }
  197. static int test_validate_msg_signature_trusted_ok(void)
  198. {
  199. return test_validate_msg_signature_partial_chain(0);
  200. }
  201. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  202. static int test_validate_msg_signature_trusted_expired(void)
  203. {
  204. return test_validate_msg_signature_partial_chain(1);
  205. }
  206. #endif
  207. static int test_validate_msg_signature_srvcert_wrong(void)
  208. {
  209. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  210. fixture->expected = 0;
  211. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  212. || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
  213. tear_down(fixture);
  214. fixture = NULL;
  215. }
  216. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  217. return result;
  218. }
  219. static int test_validate_msg_signature_srvcert(int bad_sig)
  220. {
  221. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  222. fixture->cert = srvcert;
  223. fixture->expected = !bad_sig;
  224. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  225. || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
  226. || (bad_sig && !flip_bit(fixture->msg->protection))) {
  227. tear_down(fixture);
  228. fixture = NULL;
  229. }
  230. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  231. return result;
  232. }
  233. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  234. static int test_validate_msg_signature_bad(void)
  235. {
  236. return test_validate_msg_signature_srvcert(1);
  237. }
  238. #endif
  239. static int test_validate_msg_signature_sender_cert_srvcert(void)
  240. {
  241. return test_validate_msg_signature_srvcert(0);
  242. }
  243. static int test_validate_msg_signature_sender_cert_untrusted(void)
  244. {
  245. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  246. fixture->cert = insta_cert;
  247. fixture->expected = 1;
  248. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
  249. || !add_trusted(fixture->cmp_ctx, instaca_cert)
  250. || !add_untrusted(fixture->cmp_ctx, insta_cert)) {
  251. tear_down(fixture);
  252. fixture = NULL;
  253. }
  254. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  255. return result;
  256. }
  257. static int test_validate_msg_signature_sender_cert_trusted(void)
  258. {
  259. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  260. fixture->cert = insta_cert;
  261. fixture->expected = 1;
  262. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
  263. || !add_trusted(fixture->cmp_ctx, instaca_cert)
  264. || !add_trusted(fixture->cmp_ctx, insta_cert)) {
  265. tear_down(fixture);
  266. fixture = NULL;
  267. }
  268. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  269. return result;
  270. }
  271. static int test_validate_msg_signature_sender_cert_extracert(void)
  272. {
  273. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  274. fixture->expected = 1;
  275. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx))
  276. || !add_trusted(fixture->cmp_ctx, instaca_cert)) {
  277. tear_down(fixture);
  278. fixture = NULL;
  279. }
  280. fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */
  281. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  282. return result;
  283. }
  284. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  285. static int test_validate_msg_signature_sender_cert_absent(void)
  286. {
  287. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  288. fixture->expected = 0;
  289. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) {
  290. tear_down(fixture);
  291. fixture = NULL;
  292. }
  293. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  294. return result;
  295. }
  296. #endif
  297. static int test_validate_with_sender(const X509_NAME *name, int expected)
  298. {
  299. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  300. fixture->cert = srvcert;
  301. fixture->expected = expected;
  302. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
  303. || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name))
  304. || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) {
  305. tear_down(fixture);
  306. fixture = NULL;
  307. }
  308. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  309. return result;
  310. }
  311. static int test_validate_msg_signature_expected_sender(void)
  312. {
  313. return test_validate_with_sender(X509_get_subject_name(srvcert), 1);
  314. }
  315. static int test_validate_msg_signature_unexpected_sender(void)
  316. {
  317. return test_validate_with_sender(X509_get_subject_name(root), 0);
  318. }
  319. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  320. static int test_validate_msg_unprotected_request(void)
  321. {
  322. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  323. fixture->expected = 0;
  324. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) {
  325. tear_down(fixture);
  326. fixture = NULL;
  327. }
  328. EXECUTE_TEST(execute_validate_msg_test, tear_down);
  329. return result;
  330. }
  331. #endif
  332. static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
  333. {
  334. (*fixture)->cert = endentity2;
  335. (*fixture)->expected = wrong == NULL && !expired;
  336. if (expired) {
  337. X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx);
  338. X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
  339. X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
  340. }
  341. if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
  342. || !add_untrusted((*fixture)->cmp_ctx, endentity1)
  343. || !add_untrusted((*fixture)->cmp_ctx, intermediate)) {
  344. tear_down((*fixture));
  345. (*fixture) = NULL;
  346. }
  347. }
  348. static int test_validate_cert_path_ok(void)
  349. {
  350. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  351. setup_path(&fixture, NULL, 0);
  352. EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
  353. return result;
  354. }
  355. static int test_validate_cert_path_wrong_anchor(void)
  356. {
  357. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  358. setup_path(&fixture, srvcert /* wrong/non-root cert */, 0);
  359. EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
  360. return result;
  361. }
  362. static int test_validate_cert_path_expired(void)
  363. {
  364. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  365. setup_path(&fixture, NULL, 1);
  366. EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
  367. return result;
  368. }
  369. static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture)
  370. {
  371. const OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(fixture->msg);
  372. const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr);
  373. if (!TEST_int_eq(fixture->expected,
  374. ossl_cmp_msg_check_update(fixture->cmp_ctx,
  375. fixture->msg,
  376. fixture->allow_unprotected_cb,
  377. fixture->additional_arg)))
  378. return 0;
  379. if (fixture->expected == 0) /* error expected already during above check */
  380. return 1;
  381. return
  382. TEST_int_eq(0,
  383. ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr),
  384. fixture->cmp_ctx->recipNonce))
  385. && TEST_int_eq(0,
  386. ASN1_OCTET_STRING_cmp(tid,
  387. fixture->cmp_ctx->transactionID));
  388. }
  389. static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
  390. int invalid_protection, int allow)
  391. {
  392. return allow;
  393. }
  394. static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
  395. ossl_cmp_allow_unprotected_cb_t cb, int arg,
  396. const unsigned char *trid_data,
  397. const unsigned char *nonce_data)
  398. {
  399. OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx;
  400. int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH;
  401. (*fixture)->expected = expected;
  402. (*fixture)->allow_unprotected_cb = cb;
  403. (*fixture)->additional_arg = arg;
  404. (*fixture)->msg = OSSL_CMP_MSG_dup(ir_rmprotection);
  405. if ((*fixture)->msg == NULL
  406. || (nonce_data != NULL
  407. && !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce,
  408. nonce_data, nonce_len))) {
  409. tear_down((*fixture));
  410. (*fixture) = NULL;
  411. } else if (trid_data != NULL) {
  412. ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
  413. if (trid == NULL
  414. || !ASN1_OCTET_STRING_set(trid, trid_data,
  415. OSSL_CMP_TRANSACTIONID_LENGTH)
  416. || !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) {
  417. tear_down((*fixture));
  418. (*fixture) = NULL;
  419. }
  420. ASN1_OCTET_STRING_free(trid);
  421. }
  422. }
  423. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  424. static int test_msg_check_no_protection_no_cb(void)
  425. {
  426. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  427. setup_check_update(&fixture, 0, NULL, 0, NULL, NULL);
  428. EXECUTE_TEST(execute_msg_check_test, tear_down);
  429. return result;
  430. }
  431. static int test_msg_check_no_protection_restrictive_cb(void)
  432. {
  433. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  434. setup_check_update(&fixture, 0, allow_unprotected, 0, NULL, NULL);
  435. EXECUTE_TEST(execute_msg_check_test, tear_down);
  436. return result;
  437. }
  438. #endif
  439. static int test_msg_check_no_protection_permissive_cb(void)
  440. {
  441. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  442. setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, NULL);
  443. EXECUTE_TEST(execute_msg_check_test, tear_down);
  444. return result;
  445. }
  446. static int test_msg_check_transaction_id(void)
  447. {
  448. /* Transaction id belonging to CMP_IR_rmprotection.der */
  449. const unsigned char trans_id[OSSL_CMP_TRANSACTIONID_LENGTH] = {
  450. 0x39, 0xB6, 0x90, 0x28, 0xC4, 0xBC, 0x7A, 0xF6,
  451. 0xBE, 0xC6, 0x4A, 0x88, 0x97, 0xA6, 0x95, 0x0B
  452. };
  453. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  454. setup_check_update(&fixture, 1, allow_unprotected, 1, trans_id, NULL);
  455. EXECUTE_TEST(execute_msg_check_test, tear_down);
  456. return result;
  457. }
  458. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  459. static int test_msg_check_transaction_id_bad(void)
  460. {
  461. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  462. setup_check_update(&fixture, 0, allow_unprotected, 1, rand_data, NULL);
  463. EXECUTE_TEST(execute_msg_check_test, tear_down);
  464. return result;
  465. }
  466. #endif
  467. static int test_msg_check_recipient_nonce(void)
  468. {
  469. /* Recipient nonce belonging to CMP_IP_ir_rmprotection.der */
  470. const unsigned char rec_nonce[OSSL_CMP_SENDERNONCE_LENGTH] = {
  471. 0x48, 0xF1, 0x71, 0x1F, 0xE5, 0xAF, 0x1C, 0x8B,
  472. 0x21, 0x97, 0x5C, 0x84, 0x74, 0x49, 0xBA, 0x32
  473. };
  474. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  475. setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, rec_nonce);
  476. EXECUTE_TEST(execute_msg_check_test, tear_down);
  477. return result;
  478. }
  479. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  480. static int test_msg_check_recipient_nonce_bad(void)
  481. {
  482. SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
  483. setup_check_update(&fixture, 0, allow_unprotected, 1, NULL, rand_data);
  484. EXECUTE_TEST(execute_msg_check_test, tear_down);
  485. return result;
  486. }
  487. #endif
  488. void cleanup_tests(void)
  489. {
  490. X509_free(srvcert);
  491. X509_free(clcert);
  492. X509_free(endentity1);
  493. X509_free(endentity2);
  494. X509_free(intermediate);
  495. X509_free(root);
  496. X509_free(insta_cert);
  497. X509_free(instaca_cert);
  498. OSSL_CMP_MSG_free(ir_unprotected);
  499. OSSL_CMP_MSG_free(ir_rmprotection);
  500. OSSL_LIB_CTX_free(libctx);
  501. return;
  502. }
  503. #define USAGE "server.crt client.crt " \
  504. "EndEntity1.crt EndEntity2.crt " \
  505. "Root_CA.crt Intermediate_CA.crt " \
  506. "CMP_IR_protected.der CMP_IR_unprotected.der " \
  507. "IP_waitingStatus_PBM.der IR_rmprotection.der " \
  508. "insta.cert.pem insta_ca.cert.pem " \
  509. "IR_protected_0_extraCerts.der " \
  510. "IR_protected_2_extraCerts.der module_name [module_conf_file]\n"
  511. OPT_TEST_DECLARE_USAGE(USAGE)
  512. int setup_tests(void)
  513. {
  514. /* Set test time stamps */
  515. struct tm ts = { 0 };
  516. ts.tm_year = 2018 - 1900; /* 2018 */
  517. ts.tm_mon = 1; /* February */
  518. ts.tm_mday = 18; /* 18th */
  519. test_time_valid = mktime(&ts); /* February 18th 2018 */
  520. ts.tm_year += 10; /* February 18th 2028 */
  521. test_time_after_expiration = mktime(&ts);
  522. if (!test_skip_common_options()) {
  523. TEST_error("Error parsing test options\n");
  524. return 0;
  525. }
  526. RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
  527. if (!TEST_ptr(server_f = test_get_argument(0))
  528. || !TEST_ptr(client_f = test_get_argument(1))
  529. || !TEST_ptr(endentity1_f = test_get_argument(2))
  530. || !TEST_ptr(endentity2_f = test_get_argument(3))
  531. || !TEST_ptr(root_f = test_get_argument(4))
  532. || !TEST_ptr(intermediate_f = test_get_argument(5))
  533. || !TEST_ptr(ir_protected_f = test_get_argument(6))
  534. || !TEST_ptr(ir_unprotected_f = test_get_argument(7))
  535. || !TEST_ptr(ip_waiting_f = test_get_argument(8))
  536. || !TEST_ptr(ir_rmprotection_f = test_get_argument(9))
  537. || !TEST_ptr(instacert_f = test_get_argument(10))
  538. || !TEST_ptr(instaca_f = test_get_argument(11))
  539. || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
  540. || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
  541. TEST_error("usage: cmp_vfy_test %s", USAGE);
  542. return 0;
  543. }
  544. if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 14, USAGE))
  545. return 0;
  546. /* Load certificates for cert chain */
  547. if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
  548. || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
  549. || !TEST_ptr(root = load_cert_pem(root_f, NULL))
  550. || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
  551. goto err;
  552. if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx))
  553. || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx)))
  554. goto err;
  555. /* Load certificates for message validation */
  556. if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx))
  557. || !TEST_ptr(clcert = load_cert_pem(client_f, libctx)))
  558. goto err;
  559. if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
  560. goto err;
  561. if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
  562. || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
  563. goto err;
  564. /* Message validation tests */
  565. ADD_TEST(test_verify_popo);
  566. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  567. ADD_TEST(test_verify_popo_bad);
  568. #endif
  569. ADD_TEST(test_validate_msg_signature_trusted_ok);
  570. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  571. ADD_TEST(test_validate_msg_signature_trusted_expired);
  572. #endif
  573. ADD_TEST(test_validate_msg_signature_srvcert_wrong);
  574. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  575. ADD_TEST(test_validate_msg_signature_bad);
  576. #endif
  577. ADD_TEST(test_validate_msg_signature_sender_cert_srvcert);
  578. ADD_TEST(test_validate_msg_signature_sender_cert_untrusted);
  579. ADD_TEST(test_validate_msg_signature_sender_cert_trusted);
  580. ADD_TEST(test_validate_msg_signature_sender_cert_extracert);
  581. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  582. ADD_TEST(test_validate_msg_signature_sender_cert_absent);
  583. #endif
  584. ADD_TEST(test_validate_msg_signature_expected_sender);
  585. ADD_TEST(test_validate_msg_signature_unexpected_sender);
  586. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  587. ADD_TEST(test_validate_msg_unprotected_request);
  588. #endif
  589. ADD_TEST(test_validate_msg_mac_alg_protection);
  590. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  591. ADD_TEST(test_validate_msg_mac_alg_protection_bad);
  592. #endif
  593. /* Cert path validation tests */
  594. ADD_TEST(test_validate_cert_path_ok);
  595. ADD_TEST(test_validate_cert_path_expired);
  596. ADD_TEST(test_validate_cert_path_wrong_anchor);
  597. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  598. ADD_TEST(test_msg_check_no_protection_no_cb);
  599. ADD_TEST(test_msg_check_no_protection_restrictive_cb);
  600. #endif
  601. ADD_TEST(test_msg_check_no_protection_permissive_cb);
  602. ADD_TEST(test_msg_check_transaction_id);
  603. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  604. ADD_TEST(test_msg_check_transaction_id_bad);
  605. #endif
  606. ADD_TEST(test_msg_check_recipient_nonce);
  607. #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  608. ADD_TEST(test_msg_check_recipient_nonce_bad);
  609. #endif
  610. return 1;
  611. err:
  612. cleanup_tests();
  613. return 0;
  614. }