cmp_protect_test.c 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617
  1. /*
  2. * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include "helpers/cmp_testlib.h"
  12. static const char *ir_protected_f;
  13. static const char *ir_unprotected_f;
  14. static const char *ip_PBM_f;
  15. typedef struct test_fixture {
  16. const char *test_case_name;
  17. OSSL_CMP_CTX *cmp_ctx;
  18. /* for protection tests */
  19. OSSL_CMP_MSG *msg;
  20. OSSL_CMP_PKISI *si; /* for error and response messages */
  21. EVP_PKEY *pubkey;
  22. unsigned char *mem;
  23. int memlen;
  24. X509 *cert;
  25. STACK_OF(X509) *certs;
  26. STACK_OF(X509) *chain;
  27. int with_ss;
  28. int callback_arg;
  29. int expected;
  30. } CMP_PROTECT_TEST_FIXTURE;
  31. static OSSL_LIB_CTX *libctx = NULL;
  32. static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
  33. static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
  34. {
  35. OSSL_CMP_CTX_free(fixture->cmp_ctx);
  36. OSSL_CMP_MSG_free(fixture->msg);
  37. OSSL_CMP_PKISI_free(fixture->si);
  38. OPENSSL_free(fixture->mem);
  39. sk_X509_free(fixture->certs);
  40. sk_X509_free(fixture->chain);
  41. OPENSSL_free(fixture);
  42. }
  43. static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
  44. {
  45. CMP_PROTECT_TEST_FIXTURE *fixture;
  46. if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
  47. return NULL;
  48. fixture->test_case_name = test_case_name;
  49. if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
  50. tear_down(fixture);
  51. return NULL;
  52. }
  53. return fixture;
  54. }
  55. static EVP_PKEY *loadedprivkey = NULL;
  56. static EVP_PKEY *loadedpubkey = NULL;
  57. static EVP_PKEY *loadedkey = NULL;
  58. static X509 *cert = NULL;
  59. static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
  60. static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
  61. static X509 *endentity1 = NULL, *endentity2 = NULL,
  62. *root = NULL, *intermediate = NULL;
  63. static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  64. {
  65. ASN1_BIT_STRING *protection =
  66. ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
  67. int res = TEST_ptr_null(protection);
  68. ASN1_BIT_STRING_free(protection);
  69. return res;
  70. }
  71. static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  72. {
  73. ASN1_BIT_STRING *protection =
  74. ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
  75. int res = TEST_ptr(protection)
  76. && TEST_true(ASN1_STRING_cmp(protection,
  77. fixture->msg->protection) == 0);
  78. ASN1_BIT_STRING_free(protection);
  79. return res;
  80. }
  81. /*
  82. * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
  83. * but without the need for a OSSL_CMP_CTX or a X509 certificate
  84. */
  85. static int verify_signature(OSSL_CMP_MSG *msg,
  86. ASN1_BIT_STRING *protection,
  87. EVP_PKEY *pkey, EVP_MD *digest)
  88. {
  89. OSSL_CMP_PROTECTEDPART prot_part;
  90. unsigned char *prot_part_der = NULL;
  91. int len;
  92. EVP_MD_CTX *ctx = NULL;
  93. int res;
  94. prot_part.header = OSSL_CMP_MSG_get0_header(msg);
  95. prot_part.body = msg->body;
  96. len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der);
  97. res =
  98. TEST_int_ge(len, 0)
  99. && TEST_ptr(ctx = EVP_MD_CTX_new())
  100. && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey))
  101. && TEST_int_eq(EVP_DigestVerify(ctx, protection->data,
  102. protection->length,
  103. prot_part_der, len), 1);
  104. /* cleanup */
  105. EVP_MD_CTX_free(ctx);
  106. OPENSSL_free(prot_part_der);
  107. return res;
  108. }
  109. /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
  110. static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
  111. fixture)
  112. {
  113. ASN1_BIT_STRING *protection =
  114. ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
  115. int ret = (TEST_ptr(protection)
  116. && TEST_true(ASN1_STRING_cmp(protection,
  117. fixture->msg->protection) == 0)
  118. && TEST_true(verify_signature(fixture->msg, protection,
  119. fixture->pubkey,
  120. fixture->cmp_ctx->digest)));
  121. ASN1_BIT_STRING_free(protection);
  122. return ret;
  123. }
  124. static int test_cmp_calc_protection_no_key_no_secret(void)
  125. {
  126. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  127. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))
  128. || !TEST_ptr(fixture->msg->header->protectionAlg =
  129. X509_ALGOR_new() /* no specific alg needed here */)) {
  130. tear_down(fixture);
  131. fixture = NULL;
  132. }
  133. EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
  134. return result;
  135. }
  136. static int test_cmp_calc_protection_pkey(void)
  137. {
  138. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  139. fixture->pubkey = loadedpubkey;
  140. if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
  141. || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) {
  142. tear_down(fixture);
  143. fixture = NULL;
  144. }
  145. EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
  146. return result;
  147. }
  148. static int test_cmp_calc_protection_pbmac(void)
  149. {
  150. unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
  151. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  152. if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  153. sec_insta, sizeof(sec_insta)))
  154. || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) {
  155. tear_down(fixture);
  156. fixture = NULL;
  157. }
  158. EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
  159. return result;
  160. }
  161. static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  162. {
  163. return TEST_int_eq(fixture->expected,
  164. ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
  165. }
  166. #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
  167. OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
  168. static int test_MSG_protect_unprotected_request(void)
  169. {
  170. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  171. fixture->expected = 1;
  172. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  173. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
  174. tear_down(fixture);
  175. fixture = NULL;
  176. }
  177. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  178. return result;
  179. }
  180. static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
  181. {
  182. const size_t size = sizeof(rand_data) / 2;
  183. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  184. fixture->expected = 1;
  185. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  186. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
  187. /*
  188. * Use half of the 16 bytes of random input
  189. * for each reference and secret value
  190. */
  191. || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
  192. rand_data, size))
  193. || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  194. rand_data + size,
  195. size))) {
  196. tear_down(fixture);
  197. fixture = NULL;
  198. }
  199. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  200. return result;
  201. }
  202. static int test_MSG_protect_with_certificate_and_key(void)
  203. {
  204. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  205. fixture->expected = 1;
  206. if (!TEST_ptr(fixture->msg =
  207. OSSL_CMP_MSG_dup(ir_unprotected))
  208. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
  209. || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
  210. || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
  211. tear_down(fixture);
  212. fixture = NULL;
  213. }
  214. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  215. return result;
  216. }
  217. static int test_MSG_protect_certificate_based_without_cert(void)
  218. {
  219. OSSL_CMP_CTX *ctx;
  220. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  221. ctx = fixture->cmp_ctx;
  222. fixture->expected = 0;
  223. if (!TEST_ptr(fixture->msg =
  224. OSSL_CMP_MSG_dup(ir_unprotected))
  225. || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
  226. || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) {
  227. tear_down(fixture);
  228. fixture = NULL;
  229. }
  230. EVP_PKEY_up_ref(loadedkey);
  231. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  232. return result;
  233. }
  234. static int test_MSG_protect_no_key_no_secret(void)
  235. {
  236. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  237. fixture->expected = 0;
  238. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  239. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
  240. tear_down(fixture);
  241. fixture = NULL;
  242. }
  243. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  244. return result;
  245. }
  246. static int test_MSG_protect_pbmac_no_sender(int with_ref)
  247. {
  248. static unsigned char secret[] = { 47, 11, 8, 15 };
  249. static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
  250. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  251. fixture->expected = with_ref;
  252. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  253. || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
  254. || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
  255. || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  256. secret, sizeof(secret))
  257. || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
  258. with_ref ? ref : NULL,
  259. sizeof(ref)))) {
  260. tear_down(fixture);
  261. fixture = NULL;
  262. }
  263. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  264. return result;
  265. }
  266. static int test_MSG_protect_pbmac_no_sender_with_ref(void)
  267. {
  268. return test_MSG_protect_pbmac_no_sender(1);
  269. }
  270. static int test_MSG_protect_pbmac_no_sender_no_ref(void)
  271. {
  272. return test_MSG_protect_pbmac_no_sender(0);
  273. }
  274. static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  275. {
  276. return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
  277. fixture->msg));
  278. }
  279. static int test_MSG_add_extraCerts(void)
  280. {
  281. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  282. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
  283. tear_down(fixture);
  284. fixture = NULL;
  285. }
  286. EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
  287. return result;
  288. }
  289. #ifndef OPENSSL_NO_EC
  290. /* The cert chain tests use EC certs so we skip them in no-ec builds */
  291. static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  292. {
  293. int ret = 0;
  294. OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
  295. X509_STORE *store;
  296. STACK_OF(X509) *chain =
  297. X509_build_chain(fixture->cert, fixture->certs, NULL,
  298. fixture->with_ss, ctx->libctx, ctx->propq);
  299. if (TEST_ptr(chain)) {
  300. /* Check whether chain built is equal to the expected one */
  301. ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
  302. sk_X509_pop_free(chain, X509_free);
  303. }
  304. if (!ret)
  305. return 0;
  306. if (TEST_ptr(store = X509_STORE_new())
  307. && TEST_true(X509_STORE_add_cert(store, root))) {
  308. X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
  309. X509_V_FLAG_NO_CHECK_TIME);
  310. chain = X509_build_chain(fixture->cert, fixture->certs, store,
  311. fixture->with_ss, ctx->libctx, ctx->propq);
  312. ret = TEST_int_eq(fixture->expected, chain != NULL);
  313. if (ret && chain != NULL) {
  314. /* Check whether chain built is equal to the expected one */
  315. ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
  316. sk_X509_pop_free(chain, X509_free);
  317. }
  318. }
  319. X509_STORE_free(store);
  320. return ret;
  321. }
  322. static int test_cmp_build_cert_chain(void)
  323. {
  324. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  325. fixture->expected = 1;
  326. fixture->with_ss = 0;
  327. fixture->cert = endentity2;
  328. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  329. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  330. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  331. || !TEST_true(sk_X509_push(fixture->certs, root))
  332. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  333. || !TEST_true(sk_X509_push(fixture->chain, endentity2))
  334. || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
  335. tear_down(fixture);
  336. fixture = NULL;
  337. }
  338. if (fixture != NULL) {
  339. result = execute_cmp_build_cert_chain_test(fixture);
  340. fixture->with_ss = 1;
  341. if (result && TEST_true(sk_X509_push(fixture->chain, root)))
  342. result = execute_cmp_build_cert_chain_test(fixture);
  343. }
  344. tear_down(fixture);
  345. return result;
  346. }
  347. static int test_cmp_build_cert_chain_missing_intermediate(void)
  348. {
  349. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  350. fixture->expected = 0;
  351. fixture->with_ss = 0;
  352. fixture->cert = endentity2;
  353. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  354. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  355. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  356. || !TEST_true(sk_X509_push(fixture->certs, root))
  357. || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
  358. tear_down(fixture);
  359. fixture = NULL;
  360. }
  361. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  362. return result;
  363. }
  364. static int test_cmp_build_cert_chain_no_root(void)
  365. {
  366. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  367. fixture->expected = 1;
  368. fixture->with_ss = 0;
  369. fixture->cert = endentity2;
  370. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  371. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  372. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  373. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  374. || !TEST_true(sk_X509_push(fixture->chain, endentity2))
  375. || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
  376. tear_down(fixture);
  377. fixture = NULL;
  378. }
  379. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  380. return result;
  381. }
  382. static int test_cmp_build_cert_chain_only_root(void)
  383. {
  384. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  385. fixture->expected = 1;
  386. fixture->with_ss = 0; /* still chain must include the only cert (root) */
  387. fixture->cert = root;
  388. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  389. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  390. || !TEST_true(sk_X509_push(fixture->certs, root))
  391. || !TEST_true(sk_X509_push(fixture->chain, root))) {
  392. tear_down(fixture);
  393. fixture = NULL;
  394. }
  395. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  396. return result;
  397. }
  398. static int test_cmp_build_cert_chain_no_certs(void)
  399. {
  400. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  401. fixture->expected = 0;
  402. fixture->with_ss = 0;
  403. fixture->cert = endentity2;
  404. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  405. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  406. || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
  407. tear_down(fixture);
  408. fixture = NULL;
  409. }
  410. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  411. return result;
  412. }
  413. #endif /* OPENSSL_NO_EC */
  414. static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  415. {
  416. X509_STORE *store = X509_STORE_new();
  417. STACK_OF(X509) *sk = NULL;
  418. int res = 0;
  419. if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
  420. fixture->certs,
  421. fixture->callback_arg)))
  422. goto err;
  423. sk = X509_STORE_get1_all_certs(store);
  424. if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
  425. goto err;
  426. res = 1;
  427. err:
  428. X509_STORE_free(store);
  429. sk_X509_pop_free(sk, X509_free);
  430. return res;
  431. }
  432. static int test_X509_STORE(void)
  433. {
  434. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  435. fixture->callback_arg = 0; /* self-issued allowed */
  436. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  437. || !sk_X509_push(fixture->certs, endentity1)
  438. || !sk_X509_push(fixture->certs, endentity2)
  439. || !sk_X509_push(fixture->certs, root)
  440. || !sk_X509_push(fixture->certs, intermediate)
  441. || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
  442. tear_down(fixture);
  443. fixture = NULL;
  444. }
  445. EXECUTE_TEST(execute_X509_STORE_test, tear_down);
  446. return result;
  447. }
  448. static int test_X509_STORE_only_self_issued(void)
  449. {
  450. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  451. fixture->certs = sk_X509_new_null();
  452. fixture->chain = sk_X509_new_null();
  453. fixture->callback_arg = 1; /* only self-issued */
  454. if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
  455. || !TEST_true(sk_X509_push(fixture->certs, endentity2))
  456. || !TEST_true(sk_X509_push(fixture->certs, root))
  457. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  458. || !TEST_true(sk_X509_push(fixture->chain, root))) {
  459. tear_down(fixture);
  460. fixture = NULL;
  461. }
  462. EXECUTE_TEST(execute_X509_STORE_test, tear_down);
  463. return result;
  464. }
  465. void cleanup_tests(void)
  466. {
  467. EVP_PKEY_free(loadedprivkey);
  468. EVP_PKEY_free(loadedpubkey);
  469. EVP_PKEY_free(loadedkey);
  470. X509_free(cert);
  471. X509_free(endentity1);
  472. X509_free(endentity2);
  473. X509_free(root);
  474. X509_free(intermediate);
  475. OSSL_CMP_MSG_free(ir_protected);
  476. OSSL_CMP_MSG_free(ir_unprotected);
  477. OSSL_LIB_CTX_free(libctx);
  478. }
  479. #define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
  480. "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
  481. "Intermediate_CA.crt module_name [module_conf_file]\n"
  482. OPT_TEST_DECLARE_USAGE(USAGE)
  483. int setup_tests(void)
  484. {
  485. char *server_f;
  486. char *server_key_f;
  487. char *server_cert_f;
  488. char *endentity1_f;
  489. char *endentity2_f;
  490. char *root_f;
  491. char *intermediate_f;
  492. if (!test_skip_common_options()) {
  493. TEST_error("Error parsing test options\n");
  494. return 0;
  495. }
  496. RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
  497. if (!TEST_ptr(server_f = test_get_argument(0))
  498. || !TEST_ptr(ir_protected_f = test_get_argument(1))
  499. || !TEST_ptr(ir_unprotected_f = test_get_argument(2))
  500. || !TEST_ptr(ip_PBM_f = test_get_argument(3))
  501. || !TEST_ptr(server_cert_f = test_get_argument(4))
  502. || !TEST_ptr(server_key_f = test_get_argument(5))
  503. || !TEST_ptr(endentity1_f = test_get_argument(6))
  504. || !TEST_ptr(endentity2_f = test_get_argument(7))
  505. || !TEST_ptr(root_f = test_get_argument(8))
  506. || !TEST_ptr(intermediate_f = test_get_argument(9))) {
  507. TEST_error("usage: cmp_protect_test %s", USAGE);
  508. return 0;
  509. }
  510. if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
  511. return 0;
  512. if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx))
  513. || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)))
  514. return 0;
  515. if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx)))
  516. return 0;
  517. if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
  518. loadedpubkey = loadedprivkey;
  519. if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
  520. || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
  521. return 0;
  522. if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
  523. || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
  524. || !TEST_ptr(root = load_cert_pem(root_f, libctx))
  525. || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
  526. return 0;
  527. if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
  528. return 0;
  529. /* Message protection tests */
  530. ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
  531. ADD_TEST(test_cmp_calc_protection_pkey);
  532. ADD_TEST(test_cmp_calc_protection_pbmac);
  533. ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
  534. ADD_TEST(test_MSG_protect_with_certificate_and_key);
  535. ADD_TEST(test_MSG_protect_certificate_based_without_cert);
  536. ADD_TEST(test_MSG_protect_unprotected_request);
  537. ADD_TEST(test_MSG_protect_no_key_no_secret);
  538. ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
  539. ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
  540. ADD_TEST(test_MSG_add_extraCerts);
  541. #ifndef OPENSSL_NO_EC
  542. ADD_TEST(test_cmp_build_cert_chain);
  543. ADD_TEST(test_cmp_build_cert_chain_only_root);
  544. ADD_TEST(test_cmp_build_cert_chain_no_root);
  545. ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
  546. ADD_TEST(test_cmp_build_cert_chain_no_certs);
  547. #endif
  548. ADD_TEST(test_X509_STORE);
  549. ADD_TEST(test_X509_STORE_only_self_issued);
  550. return 1;
  551. }