cmp_protect_test.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588
  1. /*
  2. * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include "cmp_testlib.h"
  12. static const char *ir_protected_f;
  13. static const char *ir_unprotected_f;
  14. static const char *ip_PBM_f;
  15. typedef struct test_fixture {
  16. const char *test_case_name;
  17. OSSL_CMP_CTX *cmp_ctx;
  18. /* for protection tests */
  19. OSSL_CMP_MSG *msg;
  20. OSSL_CMP_PKISI *si; /* for error and response messages */
  21. EVP_PKEY *pubkey;
  22. unsigned char *mem;
  23. int memlen;
  24. X509 *cert;
  25. STACK_OF(X509) *certs;
  26. STACK_OF(X509) *chain;
  27. int callback_arg;
  28. int expected;
  29. } CMP_PROTECT_TEST_FIXTURE;
  30. static OSSL_LIB_CTX *libctx = NULL;
  31. static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
  32. static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
  33. {
  34. OSSL_CMP_CTX_free(fixture->cmp_ctx);
  35. OSSL_CMP_MSG_free(fixture->msg);
  36. OSSL_CMP_PKISI_free(fixture->si);
  37. OPENSSL_free(fixture->mem);
  38. sk_X509_free(fixture->certs);
  39. sk_X509_free(fixture->chain);
  40. OPENSSL_free(fixture);
  41. }
  42. static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
  43. {
  44. CMP_PROTECT_TEST_FIXTURE *fixture;
  45. if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
  46. return NULL;
  47. fixture->test_case_name = test_case_name;
  48. if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
  49. tear_down(fixture);
  50. return NULL;
  51. }
  52. return fixture;
  53. }
  54. static EVP_PKEY *loadedprivkey = NULL;
  55. static EVP_PKEY *loadedpubkey = NULL;
  56. static EVP_PKEY *loadedkey = NULL;
  57. static X509 *cert = NULL;
  58. static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
  59. static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
  60. static X509 *endentity1 = NULL, *endentity2 = NULL,
  61. *root = NULL, *intermediate = NULL;
  62. static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  63. {
  64. ASN1_BIT_STRING *protection =
  65. ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
  66. int res = TEST_ptr_null(protection);
  67. ASN1_BIT_STRING_free(protection);
  68. return res;
  69. }
  70. static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  71. {
  72. ASN1_BIT_STRING *protection =
  73. ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
  74. int res = TEST_ptr(protection)
  75. && TEST_true(ASN1_STRING_cmp(protection,
  76. fixture->msg->protection) == 0);
  77. ASN1_BIT_STRING_free(protection);
  78. return res;
  79. }
  80. /*
  81. * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
  82. * but without the need for a OSSL_CMP_CTX or a X509 certificate
  83. */
  84. static int verify_signature(OSSL_CMP_MSG *msg,
  85. ASN1_BIT_STRING *protection,
  86. EVP_PKEY *pkey, EVP_MD *digest)
  87. {
  88. OSSL_CMP_PROTECTEDPART prot_part;
  89. unsigned char *prot_part_der = NULL;
  90. int len;
  91. EVP_MD_CTX *ctx = NULL;
  92. int res;
  93. prot_part.header = OSSL_CMP_MSG_get0_header(msg);
  94. prot_part.body = msg->body;
  95. len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der);
  96. res =
  97. TEST_int_ge(len, 0)
  98. && TEST_ptr(ctx = EVP_MD_CTX_new())
  99. && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey))
  100. && TEST_int_eq(EVP_DigestVerify(ctx, protection->data,
  101. protection->length,
  102. prot_part_der, len), 1);
  103. /* cleanup */
  104. EVP_MD_CTX_free(ctx);
  105. OPENSSL_free(prot_part_der);
  106. return res;
  107. }
  108. /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
  109. static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
  110. fixture)
  111. {
  112. ASN1_BIT_STRING *protection =
  113. ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
  114. int ret = (TEST_ptr(protection)
  115. && TEST_true(ASN1_STRING_cmp(protection,
  116. fixture->msg->protection) == 0)
  117. && TEST_true(verify_signature(fixture->msg, protection,
  118. fixture->pubkey,
  119. fixture->cmp_ctx->digest)));
  120. ASN1_BIT_STRING_free(protection);
  121. return ret;
  122. }
  123. static int test_cmp_calc_protection_no_key_no_secret(void)
  124. {
  125. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  126. if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))
  127. || !TEST_ptr(fixture->msg->header->protectionAlg =
  128. X509_ALGOR_new() /* no specific alg needed here */)) {
  129. tear_down(fixture);
  130. fixture = NULL;
  131. }
  132. EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
  133. return result;
  134. }
  135. static int test_cmp_calc_protection_pkey(void)
  136. {
  137. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  138. fixture->pubkey = loadedpubkey;
  139. if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
  140. || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) {
  141. tear_down(fixture);
  142. fixture = NULL;
  143. }
  144. EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
  145. return result;
  146. }
  147. static int test_cmp_calc_protection_pbmac(void)
  148. {
  149. unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
  150. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  151. if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  152. sec_insta, sizeof(sec_insta)))
  153. || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) {
  154. tear_down(fixture);
  155. fixture = NULL;
  156. }
  157. EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
  158. return result;
  159. }
  160. static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  161. {
  162. return TEST_int_eq(fixture->expected,
  163. ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
  164. }
  165. #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
  166. OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
  167. static int test_MSG_protect_unprotected_request(void)
  168. {
  169. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  170. fixture->expected = 1;
  171. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  172. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
  173. tear_down(fixture);
  174. fixture = NULL;
  175. }
  176. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  177. return result;
  178. }
  179. static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
  180. {
  181. const size_t size = sizeof(rand_data) / 2;
  182. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  183. fixture->expected = 1;
  184. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  185. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
  186. /*
  187. * Use half of the 16 bytes of random input
  188. * for each reference and secret value
  189. */
  190. || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
  191. rand_data, size))
  192. || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  193. rand_data + size,
  194. size))) {
  195. tear_down(fixture);
  196. fixture = NULL;
  197. }
  198. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  199. return result;
  200. }
  201. static int test_MSG_protect_with_certificate_and_key(void)
  202. {
  203. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  204. fixture->expected = 1;
  205. if (!TEST_ptr(fixture->msg =
  206. OSSL_CMP_MSG_dup(ir_unprotected))
  207. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
  208. || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
  209. || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
  210. tear_down(fixture);
  211. fixture = NULL;
  212. }
  213. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  214. return result;
  215. }
  216. static int test_MSG_protect_certificate_based_without_cert(void)
  217. {
  218. OSSL_CMP_CTX *ctx;
  219. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  220. ctx = fixture->cmp_ctx;
  221. fixture->expected = 0;
  222. if (!TEST_ptr(fixture->msg =
  223. OSSL_CMP_MSG_dup(ir_unprotected))
  224. || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
  225. || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) {
  226. tear_down(fixture);
  227. fixture = NULL;
  228. }
  229. EVP_PKEY_up_ref(loadedkey);
  230. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  231. return result;
  232. }
  233. static int test_MSG_protect_no_key_no_secret(void)
  234. {
  235. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  236. fixture->expected = 0;
  237. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  238. || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
  239. tear_down(fixture);
  240. fixture = NULL;
  241. }
  242. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  243. return result;
  244. }
  245. static int test_MSG_protect_pbmac_no_sender(int with_ref)
  246. {
  247. static unsigned char secret[] = { 47, 11, 8, 15 };
  248. static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
  249. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  250. fixture->expected = with_ref;
  251. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
  252. || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
  253. || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
  254. || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
  255. secret, sizeof(secret))
  256. || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
  257. with_ref ? ref : NULL,
  258. sizeof(ref)))) {
  259. tear_down(fixture);
  260. fixture = NULL;
  261. }
  262. EXECUTE_TEST(execute_MSG_protect_test, tear_down);
  263. return result;
  264. }
  265. static int test_MSG_protect_pbmac_no_sender_with_ref(void)
  266. {
  267. return test_MSG_protect_pbmac_no_sender(1);
  268. }
  269. static int test_MSG_protect_pbmac_no_sender_no_ref(void)
  270. {
  271. return test_MSG_protect_pbmac_no_sender(0);
  272. }
  273. static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  274. {
  275. return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
  276. fixture->msg));
  277. }
  278. static int test_MSG_add_extraCerts(void)
  279. {
  280. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  281. if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
  282. tear_down(fixture);
  283. fixture = NULL;
  284. }
  285. EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
  286. return result;
  287. }
  288. #ifndef OPENSSL_NO_EC
  289. /* The cert chain tests use EC certs so we skip them in no-ec builds */
  290. static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  291. {
  292. int ret = 0;
  293. OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
  294. X509_STORE *store;
  295. STACK_OF(X509) *chain =
  296. ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL,
  297. fixture->certs, fixture->cert);
  298. if (TEST_ptr(chain)) {
  299. /* Check whether chain built is equal to the expected one */
  300. ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
  301. sk_X509_pop_free(chain, X509_free);
  302. }
  303. if (!ret)
  304. return 0;
  305. if (TEST_ptr(store = X509_STORE_new())
  306. && TEST_true(X509_STORE_add_cert(store, root))) {
  307. X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
  308. X509_V_FLAG_NO_CHECK_TIME);
  309. chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq,
  310. store, fixture->certs, fixture->cert);
  311. ret = TEST_int_eq(fixture->expected, chain != NULL);
  312. if (ret && chain != NULL) {
  313. /* Check whether chain built is equal to the expected one */
  314. ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
  315. sk_X509_pop_free(chain, X509_free);
  316. }
  317. }
  318. X509_STORE_free(store);
  319. return ret;
  320. }
  321. static int test_cmp_build_cert_chain(void)
  322. {
  323. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  324. fixture->expected = 1;
  325. fixture->cert = endentity2;
  326. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  327. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  328. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  329. || !TEST_true(sk_X509_push(fixture->certs, root))
  330. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  331. || !TEST_true(sk_X509_push(fixture->chain, endentity2))
  332. || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
  333. tear_down(fixture);
  334. fixture = NULL;
  335. }
  336. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  337. return result;
  338. }
  339. static int test_cmp_build_cert_chain_missing_intermediate(void)
  340. {
  341. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  342. fixture->expected = 0;
  343. fixture->cert = endentity2;
  344. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  345. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  346. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  347. || !TEST_true(sk_X509_push(fixture->certs, root))
  348. || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
  349. tear_down(fixture);
  350. fixture = NULL;
  351. }
  352. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  353. return result;
  354. }
  355. static int test_cmp_build_cert_chain_no_root(void)
  356. {
  357. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  358. fixture->expected = 1;
  359. fixture->cert = endentity2;
  360. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  361. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  362. || !TEST_true(sk_X509_push(fixture->certs, endentity1))
  363. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  364. || !TEST_true(sk_X509_push(fixture->chain, endentity2))
  365. || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
  366. tear_down(fixture);
  367. fixture = NULL;
  368. }
  369. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  370. return result;
  371. }
  372. static int test_cmp_build_cert_chain_no_certs(void)
  373. {
  374. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  375. fixture->expected = 0;
  376. fixture->cert = endentity2;
  377. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  378. || !TEST_ptr(fixture->chain = sk_X509_new_null())
  379. || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
  380. tear_down(fixture);
  381. fixture = NULL;
  382. }
  383. EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
  384. return result;
  385. }
  386. #endif /* OPENSSL_NO_EC */
  387. static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
  388. {
  389. X509_STORE *store = X509_STORE_new();
  390. STACK_OF(X509) *sk = NULL;
  391. int res = 0;
  392. if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
  393. fixture->certs,
  394. fixture->callback_arg)))
  395. goto err;
  396. sk = X509_STORE_get1_all_certs(store);
  397. if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
  398. goto err;
  399. res = 1;
  400. err:
  401. X509_STORE_free(store);
  402. sk_X509_pop_free(sk, X509_free);
  403. return res;
  404. }
  405. static int test_X509_STORE(void)
  406. {
  407. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  408. fixture->callback_arg = 0; /* self-issued allowed */
  409. if (!TEST_ptr(fixture->certs = sk_X509_new_null())
  410. || !sk_X509_push(fixture->certs, endentity1)
  411. || !sk_X509_push(fixture->certs, endentity2)
  412. || !sk_X509_push(fixture->certs, root)
  413. || !sk_X509_push(fixture->certs, intermediate)
  414. || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
  415. tear_down(fixture);
  416. fixture = NULL;
  417. }
  418. EXECUTE_TEST(execute_X509_STORE_test, tear_down);
  419. return result;
  420. }
  421. static int test_X509_STORE_only_self_issued(void)
  422. {
  423. SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
  424. fixture->certs = sk_X509_new_null();
  425. fixture->chain = sk_X509_new_null();
  426. fixture->callback_arg = 1; /* only self-issued */
  427. if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
  428. || !TEST_true(sk_X509_push(fixture->certs, endentity2))
  429. || !TEST_true(sk_X509_push(fixture->certs, root))
  430. || !TEST_true(sk_X509_push(fixture->certs, intermediate))
  431. || !TEST_true(sk_X509_push(fixture->chain, root))) {
  432. tear_down(fixture);
  433. fixture = NULL;
  434. }
  435. EXECUTE_TEST(execute_X509_STORE_test, tear_down);
  436. return result;
  437. }
  438. void cleanup_tests(void)
  439. {
  440. EVP_PKEY_free(loadedprivkey);
  441. EVP_PKEY_free(loadedpubkey);
  442. EVP_PKEY_free(loadedkey);
  443. X509_free(cert);
  444. X509_free(endentity1);
  445. X509_free(endentity2);
  446. X509_free(root);
  447. X509_free(intermediate);
  448. OSSL_CMP_MSG_free(ir_protected);
  449. OSSL_CMP_MSG_free(ir_unprotected);
  450. OSSL_LIB_CTX_free(libctx);
  451. }
  452. #define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
  453. "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
  454. "Intermediate_CA.crt module_name [module_conf_file]\n"
  455. OPT_TEST_DECLARE_USAGE(USAGE)
  456. int setup_tests(void)
  457. {
  458. char *server_f;
  459. char *server_key_f;
  460. char *server_cert_f;
  461. char *endentity1_f;
  462. char *endentity2_f;
  463. char *root_f;
  464. char *intermediate_f;
  465. if (!test_skip_common_options()) {
  466. TEST_error("Error parsing test options\n");
  467. return 0;
  468. }
  469. RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
  470. if (!TEST_ptr(server_f = test_get_argument(0))
  471. || !TEST_ptr(ir_protected_f = test_get_argument(1))
  472. || !TEST_ptr(ir_unprotected_f = test_get_argument(2))
  473. || !TEST_ptr(ip_PBM_f = test_get_argument(3))
  474. || !TEST_ptr(server_cert_f = test_get_argument(4))
  475. || !TEST_ptr(server_key_f = test_get_argument(5))
  476. || !TEST_ptr(endentity1_f = test_get_argument(6))
  477. || !TEST_ptr(endentity2_f = test_get_argument(7))
  478. || !TEST_ptr(root_f = test_get_argument(8))
  479. || !TEST_ptr(intermediate_f = test_get_argument(9))) {
  480. TEST_error("usage: cmp_protect_test %s", USAGE);
  481. return 0;
  482. }
  483. if (!test_get_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
  484. return 0;
  485. if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx))
  486. || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx)))
  487. return 0;
  488. if (!TEST_ptr(loadedprivkey = load_pem_key(server_f, libctx)))
  489. return 0;
  490. if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
  491. loadedpubkey = loadedprivkey;
  492. if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
  493. || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
  494. return 0;
  495. if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
  496. || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
  497. || !TEST_ptr(root = load_pem_cert(root_f, libctx))
  498. || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
  499. return 0;
  500. if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
  501. return 0;
  502. /* Message protection tests */
  503. ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
  504. ADD_TEST(test_cmp_calc_protection_pkey);
  505. ADD_TEST(test_cmp_calc_protection_pbmac);
  506. ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
  507. ADD_TEST(test_MSG_protect_with_certificate_and_key);
  508. ADD_TEST(test_MSG_protect_certificate_based_without_cert);
  509. ADD_TEST(test_MSG_protect_unprotected_request);
  510. ADD_TEST(test_MSG_protect_no_key_no_secret);
  511. ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
  512. ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
  513. ADD_TEST(test_MSG_add_extraCerts);
  514. #ifndef OPENSSL_NO_EC
  515. ADD_TEST(test_cmp_build_cert_chain);
  516. ADD_TEST(test_cmp_build_cert_chain_no_root);
  517. ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
  518. ADD_TEST(test_cmp_build_cert_chain_no_certs);
  519. #endif
  520. ADD_TEST(test_X509_STORE);
  521. ADD_TEST(test_X509_STORE_only_self_issued);
  522. return 1;
  523. }