cmp_protect_test.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564
  1. /*
  2. * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include "cmp_testlib.h"
  12. DEFINE_STACK_OF(X509)
  13. static const char *ir_protected_f;
  14. static const char *ir_unprotected_f;
  15. static const char *ip_PBM_f;
  16. typedef struct test_fixture {
  17. const char *test_case_name;
  18. OSSL_CMP_CTX *cmp_ctx;
  19. /* for protection tests */
  20. OSSL_CMP_MSG *msg;
  21. OSSL_CMP_PKISI *si; /* for error and response messages */
  22. ASN1_OCTET_STRING *secret;
  23. EVP_PKEY *privkey;
  24. EVP_PKEY *pubkey;
  25. unsigned char *mem;
  26. int memlen;
  27. X509 *cert;
  28. STACK_OF(X509) *certs;
  29. STACK_OF(X509) *chain;
  30. int callback_arg;
  31. int expected;
  32. } CMP_PROTECT_TEST_FIXTURE;
  33. static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
  34. {
  35. OSSL_CMP_CTX_free(fixture->cmp_ctx);
  36. OSSL_CMP_MSG_free(fixture->msg);
  37. ASN1_OCTET_STRING_free(fixture->secret);
  38. OSSL_CMP_PKISI_free(fixture->si);
  39. OPENSSL_free(fixture->mem);
  40. sk_X509_free(fixture->certs);
  41. sk_X509_free(fixture->chain);
  42. OPENSSL_free(fixture);
  43. }
  44. static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
  45. {
  46. CMP_PROTECT_TEST_FIXTURE *fixture;
  47. if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
  48. return NULL;
  49. fixture->test_case_name = test_case_name;
  50. if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())) {
  51. tear_down(fixture);
  52. return NULL;
  53. }
  54. return fixture;
  55. }
  56. static EVP_PKEY *loadedprivkey = NULL;
  57. static EVP_PKEY *loadedpubkey = NULL;
  58. static EVP_PKEY *loadedkey = NULL;
  59. static X509 *cert = NULL;
  60. static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
  61. static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
  62. static X509 *endentity1 = NULL, *endentity2 = NULL,
  63. *root = NULL, *intermediate = NULL;
  64. static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  65. {
  66. ASN1_BIT_STRING *protection =
  67. ossl_cmp_calc_protection(fixture->msg, fixture->secret,
  68. fixture->privkey);
  69. int res = TEST_ptr_null(protection);
  70. ASN1_BIT_STRING_free(protection);
  71. return res;
  72. }
  73. static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  74. {
  75. ASN1_BIT_STRING *protection =
  76. ossl_cmp_calc_protection(fixture->msg, fixture->secret, NULL);
  77. int res = TEST_ptr(protection)
  78. && TEST_true(ASN1_STRING_cmp(protection,
  79. fixture->msg->protection) == 0);
  80. ASN1_BIT_STRING_free(protection);
  81. return res;
  82. }
  83. /*
  84. * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
  85. * but without the need for a OSSL_CMP_CTX or a X509 certificate
  86. */
  87. static int verify_signature(OSSL_CMP_MSG *msg,
  88. ASN1_BIT_STRING *protection,
  89. EVP_PKEY *pkey, int digest_nid)
  90. {
  91. OSSL_CMP_PROTECTEDPART prot_part;
  92. unsigned char *prot_part_der = NULL;
  93. int len;
  94. EVP_MD_CTX *ctx = NULL;
  95. const EVP_MD *digest = EVP_get_digestbynid(digest_nid);
  96. int res;
  97. prot_part.header = OSSL_CMP_MSG_get0_header(msg);
  98. prot_part.body = msg->body;
  99. len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der);
  100. res =
  101. TEST_int_ge(len, 0)
  102. && TEST_ptr(ctx = EVP_MD_CTX_new())
  103. && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey))
  104. && TEST_int_eq(EVP_DigestVerify(ctx, protection->data,
  105. protection->length,
  106. prot_part_der, len), 1);
  107. /* cleanup */
  108. EVP_MD_CTX_free(ctx);
  109. OPENSSL_free(prot_part_der);
  110. return res;
  111. }
  112. /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
  113. static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
  114. fixture)
  115. {
  116. ASN1_BIT_STRING *protection =
  117. ossl_cmp_calc_protection(fixture->msg, NULL, fixture->privkey);
  118. int ret = (TEST_ptr(protection)
  119. && TEST_true(ASN1_STRING_cmp(protection,
  120. fixture->msg->protection) == 0)
  121. && TEST_true(verify_signature(fixture->msg, protection,
  122. fixture->pubkey,
  123. fixture->cmp_ctx->digest)));
  124. ASN1_BIT_STRING_free(protection);
  125. return ret;
  126. }
  127. static int test_cmp_calc_protection_no_key_no_secret(void)
  128. {
  129. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  130. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))
  131. || !TEST_ptr(fixture->msg->header->protectionAlg =
  132. X509_ALGOR_new() /* no specific alg needed here */)) {
  133. tear_down(fixture);
  134. fixture = NULL;
  135. }
  136. EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
  137. return result;
  138. }
  139. static int test_cmp_calc_protection_pkey(void)
  140. {
  141. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  142. fixture->pubkey = loadedpubkey;
  143. fixture->privkey = loadedprivkey;
  144. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) {
  145. tear_down(fixture);
  146. fixture = NULL;
  147. }
  148. EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
  149. return result;
  150. }
  151. static int test_cmp_calc_protection_pbmac(void)
  152. {
  153. unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
  154. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  155. if (!TEST_ptr(fixture->secret = ASN1_OCTET_STRING_new())
  156. || !TEST_true(ASN1_OCTET_STRING_set
  157. (fixture->secret, sec_insta, sizeof(sec_insta)))
  158. || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) {
  159. tear_down(fixture);
  160. fixture = NULL;
  161. }
  162. EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
  163. return result;
  164. }
  165. static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  166. {
  167. return TEST_int_eq(fixture->expected,
  168. ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
  169. }
  170. #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
  171. OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
  172. static int test_MSG_protect_unprotected_request(void)
  173. {
  174. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  175. fixture->expected = 1;
  176. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  177. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
  178. tear_down(fixture);
  179. fixture = NULL;
  180. }
  181. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  182. return result;
  183. }
  184. static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
  185. {
  186. const size_t size = sizeof(rand_data) / 2;
  187. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  188. fixture->expected = 1;
  189. if (!TEST_ptr(fixture->msg =
  190. OSSL_CMP_MSG_dup(ir_unprotected))
  191. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
  192. /*
  193. * Use half of the 16 bytes of random input
  194. * for each reference and secret value
  195. */
  196. || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
  197. rand_data, size))
  198. || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  199. rand_data + size,
  200. size))) {
  201. tear_down(fixture);
  202. fixture = NULL;
  203. }
  204. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  205. return result;
  206. }
  207. static int test_MSG_protect_with_certificate_and_key(void)
  208. {
  209. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  210. fixture->expected = 1;
  211. if (!TEST_ptr(fixture->msg =
  212. OSSL_CMP_MSG_dup(ir_unprotected))
  213. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
  214. || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
  215. || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
  216. tear_down(fixture);
  217. fixture = NULL;
  218. }
  219. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  220. return result;
  221. }
  222. static int test_MSG_protect_certificate_based_without_cert(void)
  223. {
  224. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  225. OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
  226. fixture->expected = 0;
  227. if (!TEST_ptr(fixture->msg =
  228. OSSL_CMP_MSG_dup(ir_unprotected))
  229. || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
  230. || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) {
  231. tear_down(fixture);
  232. fixture = NULL;
  233. }
  234. EVP_PKEY_up_ref(loadedkey);
  235. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  236. return result;
  237. }
  238. static int test_MSG_protect_no_key_no_secret(void)
  239. {
  240. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  241. fixture->expected = 0;
  242. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  243. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
  244. tear_down(fixture);
  245. fixture = NULL;
  246. }
  247. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  248. return result;
  249. }
  250. static int test_MSG_protect_pbmac_no_sender(int with_ref)
  251. {
  252. static unsigned char secret[] = { 47, 11, 8, 15 };
  253. static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
  254. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  255. fixture->expected = with_ref;
  256. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  257. || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
  258. || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
  259. || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  260. secret, sizeof(secret))
  261. || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
  262. with_ref ? ref : NULL,
  263. sizeof(ref)))) {
  264. tear_down(fixture);
  265. fixture = NULL;
  266. }
  267. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  268. return result;
  269. }
  270. static int test_MSG_protect_pbmac_no_sender_with_ref(void)
  271. {
  272. return test_MSG_protect_pbmac_no_sender(1);
  273. }
  274. static int test_MSG_protect_pbmac_no_sender_no_ref(void)
  275. {
  276. return test_MSG_protect_pbmac_no_sender(0);
  277. }
  278. static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  279. {
  280. return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
  281. fixture->msg));
  282. }
  283. static int test_MSG_add_extraCerts(void)
  284. {
  285. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  286. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
  287. tear_down(fixture);
  288. fixture = NULL;
  289. }
  290. EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
  291. return result;
  292. }
  293. #ifndef OPENSSL_NO_EC
  294. /* The cert chain tests use EC certs so we skip them in no-ec builds */
  295. static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  296. {
  297. STACK_OF(X509) *result = NULL;
  298. int ret = 0;
  299. if (TEST_ptr(result = ossl_cmp_build_cert_chain(fixture->certs,
  300. fixture->cert))) {
  301. /* Check whether chain built is equal to the expected one */
  302. ret = TEST_int_eq(0, STACK_OF_X509_cmp(result, fixture->chain));
  303. sk_X509_pop_free(result, X509_free);
  304. }
  305. return ret;
  306. }
  307. static int test_cmp_build_cert_chain(void)
  308. {
  309. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  310. fixture->cert = endentity2;
  311. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  312. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  313. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  314. || !TEST_true(sk_X509_push(fixture->certs, root))
  315. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  316. || !TEST_true(sk_X509_push(fixture->chain, endentity2))
  317. || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
  318. tear_down(fixture);
  319. fixture = NULL;
  320. }
  321. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  322. return result;
  323. }
  324. static int test_cmp_build_cert_chain_missing_intermediate(void)
  325. {
  326. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  327. fixture->cert = endentity2;
  328. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  329. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  330. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  331. || !TEST_true(sk_X509_push(fixture->certs, root))
  332. || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
  333. tear_down(fixture);
  334. fixture = NULL;
  335. }
  336. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  337. return result;
  338. }
  339. static int test_cmp_build_cert_chain_missing_root(void)
  340. {
  341. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  342. fixture->cert = endentity2;
  343. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  344. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  345. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  346. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  347. || !TEST_true(sk_X509_push(fixture->chain, endentity2))
  348. || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
  349. tear_down(fixture);
  350. fixture = NULL;
  351. }
  352. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  353. return result;
  354. }
  355. static int test_cmp_build_cert_chain_no_certs(void)
  356. {
  357. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  358. fixture->cert = endentity2;
  359. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  360. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  361. || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
  362. tear_down(fixture);
  363. fixture = NULL;
  364. }
  365. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  366. return result;
  367. }
  368. #endif /* OPENSSL_NO_EC */
  369. static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  370. {
  371. X509_STORE *store = X509_STORE_new();
  372. STACK_OF(X509) *sk = NULL;
  373. int res = 0;
  374. if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
  375. fixture->certs,
  376. fixture->callback_arg)))
  377. goto err;
  378. sk = X509_STORE_get1_all_certs(store);
  379. if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
  380. goto err;
  381. res = 1;
  382. err:
  383. X509_STORE_free(store);
  384. sk_X509_pop_free(sk, X509_free);
  385. return res;
  386. }
  387. static int test_X509_STORE(void)
  388. {
  389. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  390. fixture->callback_arg = 0; /* self-issued allowed */
  391. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  392. || !sk_X509_push(fixture->certs, endentity1)
  393. || !sk_X509_push(fixture->certs, endentity2)
  394. || !sk_X509_push(fixture->certs, root)
  395. || !sk_X509_push(fixture->certs, intermediate)
  396. || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
  397. tear_down(fixture);
  398. fixture = NULL;
  399. }
  400. EXECUTE_TEST(execute_X509_STORE_test, tear_down);
  401. return result;
  402. }
  403. static int test_X509_STORE_only_self_issued(void)
  404. {
  405. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  406. fixture->certs = sk_X509_new_null();
  407. fixture->chain = sk_X509_new_null();
  408. fixture->callback_arg = 1; /* only self-issued */
  409. if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
  410. || !TEST_true(sk_X509_push(fixture->certs, endentity2))
  411. || !TEST_true(sk_X509_push(fixture->certs, root))
  412. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  413. || !TEST_true(sk_X509_push(fixture->chain, root))) {
  414. tear_down(fixture);
  415. fixture = NULL;
  416. }
  417. EXECUTE_TEST(execute_X509_STORE_test, tear_down);
  418. return result;
  419. }
  420. void cleanup_tests(void)
  421. {
  422. EVP_PKEY_free(loadedprivkey);
  423. EVP_PKEY_free(loadedpubkey);
  424. EVP_PKEY_free(loadedkey);
  425. X509_free(cert);
  426. X509_free(endentity1);
  427. X509_free(endentity2);
  428. X509_free(root);
  429. X509_free(intermediate);
  430. OSSL_CMP_MSG_free(ir_protected);
  431. OSSL_CMP_MSG_free(ir_unprotected);
  432. }
  433. int setup_tests(void)
  434. {
  435. char *server_f;
  436. char *server_key_f;
  437. char *server_cert_f;
  438. char *endentity1_f;
  439. char *endentity2_f;
  440. char *root_f;
  441. char *intermediate_f;
  442. if (!test_skip_common_options()) {
  443. TEST_error("Error parsing test options\n");
  444. return 0;
  445. }
  446. RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
  447. if (!TEST_ptr(server_f = test_get_argument(0))
  448. || !TEST_ptr(ir_protected_f = test_get_argument(1))
  449. || !TEST_ptr(ir_unprotected_f = test_get_argument(2))
  450. || !TEST_ptr(ip_PBM_f = test_get_argument(3))
  451. || !TEST_ptr(server_cert_f = test_get_argument(4))
  452. || !TEST_ptr(server_key_f = test_get_argument(5))
  453. || !TEST_ptr(endentity1_f = test_get_argument(6))
  454. || !TEST_ptr(endentity2_f = test_get_argument(7))
  455. || !TEST_ptr(root_f = test_get_argument(8))
  456. || !TEST_ptr(intermediate_f = test_get_argument(9))) {
  457. TEST_error("usage: cmp_protect_test server.pem "
  458. "IR_protected.der IR_unprotected.der IP_PBM.der "
  459. "server.crt server.pem"
  460. "EndEntity1.crt EndEntity2.crt "
  461. "Root_CA.crt Intermediate_CA.crt\n");
  462. return 0;
  463. }
  464. if (!TEST_ptr(loadedkey = load_pem_key(server_key_f))
  465. || !TEST_ptr(cert = load_pem_cert(server_cert_f)))
  466. return 0;
  467. if (!TEST_ptr(loadedprivkey = load_pem_key(server_f)))
  468. return 0;
  469. if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
  470. loadedpubkey = loadedprivkey;
  471. if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
  472. || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
  473. return 0;
  474. if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f))
  475. || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f))
  476. || !TEST_ptr(root = load_pem_cert(root_f))
  477. || !TEST_ptr(intermediate = load_pem_cert(intermediate_f)))
  478. return 0;
  479. if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
  480. return 0;
  481. /* Message protection tests */
  482. ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
  483. ADD_TEST(test_cmp_calc_protection_pkey);
  484. ADD_TEST(test_cmp_calc_protection_pbmac);
  485. ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
  486. ADD_TEST(test_MSG_protect_with_certificate_and_key);
  487. ADD_TEST(test_MSG_protect_certificate_based_without_cert);
  488. ADD_TEST(test_MSG_protect_unprotected_request);
  489. ADD_TEST(test_MSG_protect_no_key_no_secret);
  490. ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
  491. ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
  492. ADD_TEST(test_MSG_add_extraCerts);
  493. #ifndef OPENSSL_NO_EC
  494. ADD_TEST(test_cmp_build_cert_chain);
  495. ADD_TEST(test_cmp_build_cert_chain_missing_root);
  496. ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
  497. ADD_TEST(test_cmp_build_cert_chain_no_certs);
  498. #endif
  499. ADD_TEST(test_X509_STORE);
  500. ADD_TEST(test_X509_STORE_only_self_issued);
  501. return 1;
  502. }