1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * Copyright Nokia 2007-2019 4e1051a39Sopenharmony_ci * Copyright Siemens AG 2015-2019 5e1051a39Sopenharmony_ci * 6e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 7e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 8e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 9e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 10e1051a39Sopenharmony_ci */ 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ci#include "helpers/cmp_testlib.h" 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_cistatic const char *ir_protected_f; 15e1051a39Sopenharmony_cistatic const char *ir_unprotected_f; 16e1051a39Sopenharmony_cistatic const char *ip_PBM_f; 17e1051a39Sopenharmony_ci 18e1051a39Sopenharmony_citypedef struct test_fixture { 19e1051a39Sopenharmony_ci const char *test_case_name; 20e1051a39Sopenharmony_ci OSSL_CMP_CTX *cmp_ctx; 21e1051a39Sopenharmony_ci /* for protection tests */ 22e1051a39Sopenharmony_ci OSSL_CMP_MSG *msg; 23e1051a39Sopenharmony_ci OSSL_CMP_PKISI *si; /* for error and response messages */ 24e1051a39Sopenharmony_ci EVP_PKEY *pubkey; 25e1051a39Sopenharmony_ci unsigned char *mem; 26e1051a39Sopenharmony_ci int memlen; 27e1051a39Sopenharmony_ci X509 *cert; 28e1051a39Sopenharmony_ci STACK_OF(X509) *certs; 29e1051a39Sopenharmony_ci STACK_OF(X509) *chain; 30e1051a39Sopenharmony_ci int with_ss; 31e1051a39Sopenharmony_ci int callback_arg; 32e1051a39Sopenharmony_ci int expected; 33e1051a39Sopenharmony_ci} CMP_PROTECT_TEST_FIXTURE; 34e1051a39Sopenharmony_ci 35e1051a39Sopenharmony_cistatic OSSL_LIB_CTX *libctx = NULL; 36e1051a39Sopenharmony_cistatic OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 37e1051a39Sopenharmony_ci 38e1051a39Sopenharmony_cistatic void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) 39e1051a39Sopenharmony_ci{ 40e1051a39Sopenharmony_ci OSSL_CMP_CTX_free(fixture->cmp_ctx); 41e1051a39Sopenharmony_ci OSSL_CMP_MSG_free(fixture->msg); 42e1051a39Sopenharmony_ci OSSL_CMP_PKISI_free(fixture->si); 43e1051a39Sopenharmony_ci 44e1051a39Sopenharmony_ci OPENSSL_free(fixture->mem); 45e1051a39Sopenharmony_ci sk_X509_free(fixture->certs); 46e1051a39Sopenharmony_ci sk_X509_free(fixture->chain); 47e1051a39Sopenharmony_ci 48e1051a39Sopenharmony_ci OPENSSL_free(fixture); 49e1051a39Sopenharmony_ci} 50e1051a39Sopenharmony_ci 51e1051a39Sopenharmony_cistatic CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) 52e1051a39Sopenharmony_ci{ 53e1051a39Sopenharmony_ci CMP_PROTECT_TEST_FIXTURE *fixture; 54e1051a39Sopenharmony_ci 55e1051a39Sopenharmony_ci if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 56e1051a39Sopenharmony_ci return NULL; 57e1051a39Sopenharmony_ci fixture->test_case_name = test_case_name; 58e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) { 59e1051a39Sopenharmony_ci tear_down(fixture); 60e1051a39Sopenharmony_ci return NULL; 61e1051a39Sopenharmony_ci } 62e1051a39Sopenharmony_ci return fixture; 63e1051a39Sopenharmony_ci} 64e1051a39Sopenharmony_ci 65e1051a39Sopenharmony_cistatic EVP_PKEY *loadedprivkey = NULL; 66e1051a39Sopenharmony_cistatic EVP_PKEY *loadedpubkey = NULL; 67e1051a39Sopenharmony_cistatic EVP_PKEY *loadedkey = NULL; 68e1051a39Sopenharmony_cistatic X509 *cert = NULL; 69e1051a39Sopenharmony_cistatic unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 70e1051a39Sopenharmony_cistatic OSSL_CMP_MSG *ir_unprotected, *ir_protected; 71e1051a39Sopenharmony_cistatic X509 *endentity1 = NULL, *endentity2 = NULL, 72e1051a39Sopenharmony_ci *root = NULL, *intermediate = NULL; 73e1051a39Sopenharmony_ci 74e1051a39Sopenharmony_cistatic int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) 75e1051a39Sopenharmony_ci{ 76e1051a39Sopenharmony_ci ASN1_BIT_STRING *protection = 77e1051a39Sopenharmony_ci ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 78e1051a39Sopenharmony_ci int res = TEST_ptr_null(protection); 79e1051a39Sopenharmony_ci 80e1051a39Sopenharmony_ci ASN1_BIT_STRING_free(protection); 81e1051a39Sopenharmony_ci return res; 82e1051a39Sopenharmony_ci} 83e1051a39Sopenharmony_ci 84e1051a39Sopenharmony_cistatic int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) 85e1051a39Sopenharmony_ci{ 86e1051a39Sopenharmony_ci ASN1_BIT_STRING *protection = 87e1051a39Sopenharmony_ci ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 88e1051a39Sopenharmony_ci int res = TEST_ptr(protection) 89e1051a39Sopenharmony_ci && TEST_true(ASN1_STRING_cmp(protection, 90e1051a39Sopenharmony_ci fixture->msg->protection) == 0); 91e1051a39Sopenharmony_ci 92e1051a39Sopenharmony_ci ASN1_BIT_STRING_free(protection); 93e1051a39Sopenharmony_ci return res; 94e1051a39Sopenharmony_ci} 95e1051a39Sopenharmony_ci 96e1051a39Sopenharmony_ci/* 97e1051a39Sopenharmony_ci * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, 98e1051a39Sopenharmony_ci * but without the need for a OSSL_CMP_CTX or a X509 certificate 99e1051a39Sopenharmony_ci */ 100e1051a39Sopenharmony_cistatic int verify_signature(OSSL_CMP_MSG *msg, 101e1051a39Sopenharmony_ci ASN1_BIT_STRING *protection, 102e1051a39Sopenharmony_ci EVP_PKEY *pkey, EVP_MD *digest) 103e1051a39Sopenharmony_ci{ 104e1051a39Sopenharmony_ci OSSL_CMP_PROTECTEDPART prot_part; 105e1051a39Sopenharmony_ci unsigned char *prot_part_der = NULL; 106e1051a39Sopenharmony_ci int len; 107e1051a39Sopenharmony_ci EVP_MD_CTX *ctx = NULL; 108e1051a39Sopenharmony_ci int res; 109e1051a39Sopenharmony_ci 110e1051a39Sopenharmony_ci prot_part.header = OSSL_CMP_MSG_get0_header(msg); 111e1051a39Sopenharmony_ci prot_part.body = msg->body; 112e1051a39Sopenharmony_ci len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); 113e1051a39Sopenharmony_ci res = 114e1051a39Sopenharmony_ci TEST_int_ge(len, 0) 115e1051a39Sopenharmony_ci && TEST_ptr(ctx = EVP_MD_CTX_new()) 116e1051a39Sopenharmony_ci && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) 117e1051a39Sopenharmony_ci && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, 118e1051a39Sopenharmony_ci protection->length, 119e1051a39Sopenharmony_ci prot_part_der, len), 1); 120e1051a39Sopenharmony_ci /* cleanup */ 121e1051a39Sopenharmony_ci EVP_MD_CTX_free(ctx); 122e1051a39Sopenharmony_ci OPENSSL_free(prot_part_der); 123e1051a39Sopenharmony_ci return res; 124e1051a39Sopenharmony_ci} 125e1051a39Sopenharmony_ci 126e1051a39Sopenharmony_ci/* Calls OSSL_CMP_calc_protection and compares and verifies signature */ 127e1051a39Sopenharmony_cistatic int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * 128e1051a39Sopenharmony_ci fixture) 129e1051a39Sopenharmony_ci{ 130e1051a39Sopenharmony_ci ASN1_BIT_STRING *protection = 131e1051a39Sopenharmony_ci ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 132e1051a39Sopenharmony_ci int ret = (TEST_ptr(protection) 133e1051a39Sopenharmony_ci && TEST_true(ASN1_STRING_cmp(protection, 134e1051a39Sopenharmony_ci fixture->msg->protection) == 0) 135e1051a39Sopenharmony_ci && TEST_true(verify_signature(fixture->msg, protection, 136e1051a39Sopenharmony_ci fixture->pubkey, 137e1051a39Sopenharmony_ci fixture->cmp_ctx->digest))); 138e1051a39Sopenharmony_ci 139e1051a39Sopenharmony_ci ASN1_BIT_STRING_free(protection); 140e1051a39Sopenharmony_ci return ret; 141e1051a39Sopenharmony_ci} 142e1051a39Sopenharmony_ci 143e1051a39Sopenharmony_cistatic int test_cmp_calc_protection_no_key_no_secret(void) 144e1051a39Sopenharmony_ci{ 145e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 146e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) 147e1051a39Sopenharmony_ci || !TEST_ptr(fixture->msg->header->protectionAlg = 148e1051a39Sopenharmony_ci X509_ALGOR_new() /* no specific alg needed here */)) { 149e1051a39Sopenharmony_ci tear_down(fixture); 150e1051a39Sopenharmony_ci fixture = NULL; 151e1051a39Sopenharmony_ci } 152e1051a39Sopenharmony_ci 153e1051a39Sopenharmony_ci EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); 154e1051a39Sopenharmony_ci return result; 155e1051a39Sopenharmony_ci} 156e1051a39Sopenharmony_ci 157e1051a39Sopenharmony_cistatic int test_cmp_calc_protection_pkey(void) 158e1051a39Sopenharmony_ci{ 159e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 160e1051a39Sopenharmony_ci fixture->pubkey = loadedpubkey; 161e1051a39Sopenharmony_ci if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) 162e1051a39Sopenharmony_ci || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { 163e1051a39Sopenharmony_ci tear_down(fixture); 164e1051a39Sopenharmony_ci fixture = NULL; 165e1051a39Sopenharmony_ci } 166e1051a39Sopenharmony_ci EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 167e1051a39Sopenharmony_ci return result; 168e1051a39Sopenharmony_ci} 169e1051a39Sopenharmony_ci 170e1051a39Sopenharmony_cistatic int test_cmp_calc_protection_pbmac(void) 171e1051a39Sopenharmony_ci{ 172e1051a39Sopenharmony_ci unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; 173e1051a39Sopenharmony_ci 174e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 175e1051a39Sopenharmony_ci if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 176e1051a39Sopenharmony_ci sec_insta, sizeof(sec_insta))) 177e1051a39Sopenharmony_ci || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { 178e1051a39Sopenharmony_ci tear_down(fixture); 179e1051a39Sopenharmony_ci fixture = NULL; 180e1051a39Sopenharmony_ci } 181e1051a39Sopenharmony_ci EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); 182e1051a39Sopenharmony_ci return result; 183e1051a39Sopenharmony_ci} 184e1051a39Sopenharmony_cistatic int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) 185e1051a39Sopenharmony_ci{ 186e1051a39Sopenharmony_ci return TEST_int_eq(fixture->expected, 187e1051a39Sopenharmony_ci ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); 188e1051a39Sopenharmony_ci} 189e1051a39Sopenharmony_ci 190e1051a39Sopenharmony_ci#define SET_OPT_UNPROTECTED_SEND(ctx, val) \ 191e1051a39Sopenharmony_ci OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) 192e1051a39Sopenharmony_cistatic int test_MSG_protect_unprotected_request(void) 193e1051a39Sopenharmony_ci{ 194e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 195e1051a39Sopenharmony_ci 196e1051a39Sopenharmony_ci fixture->expected = 1; 197e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 198e1051a39Sopenharmony_ci || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { 199e1051a39Sopenharmony_ci tear_down(fixture); 200e1051a39Sopenharmony_ci fixture = NULL; 201e1051a39Sopenharmony_ci } 202e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_protect_test, tear_down); 203e1051a39Sopenharmony_ci return result; 204e1051a39Sopenharmony_ci} 205e1051a39Sopenharmony_ci 206e1051a39Sopenharmony_cistatic int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) 207e1051a39Sopenharmony_ci{ 208e1051a39Sopenharmony_ci const size_t size = sizeof(rand_data) / 2; 209e1051a39Sopenharmony_ci 210e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 211e1051a39Sopenharmony_ci fixture->expected = 1; 212e1051a39Sopenharmony_ci 213e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 214e1051a39Sopenharmony_ci || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 215e1051a39Sopenharmony_ci /* 216e1051a39Sopenharmony_ci * Use half of the 16 bytes of random input 217e1051a39Sopenharmony_ci * for each reference and secret value 218e1051a39Sopenharmony_ci */ 219e1051a39Sopenharmony_ci || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 220e1051a39Sopenharmony_ci rand_data, size)) 221e1051a39Sopenharmony_ci || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 222e1051a39Sopenharmony_ci rand_data + size, 223e1051a39Sopenharmony_ci size))) { 224e1051a39Sopenharmony_ci tear_down(fixture); 225e1051a39Sopenharmony_ci fixture = NULL; 226e1051a39Sopenharmony_ci } 227e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_protect_test, tear_down); 228e1051a39Sopenharmony_ci return result; 229e1051a39Sopenharmony_ci} 230e1051a39Sopenharmony_ci 231e1051a39Sopenharmony_cistatic int test_MSG_protect_with_certificate_and_key(void) 232e1051a39Sopenharmony_ci{ 233e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 234e1051a39Sopenharmony_ci fixture->expected = 1; 235e1051a39Sopenharmony_ci 236e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = 237e1051a39Sopenharmony_ci OSSL_CMP_MSG_dup(ir_unprotected)) 238e1051a39Sopenharmony_ci || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 239e1051a39Sopenharmony_ci || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) 240e1051a39Sopenharmony_ci || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { 241e1051a39Sopenharmony_ci tear_down(fixture); 242e1051a39Sopenharmony_ci fixture = NULL; 243e1051a39Sopenharmony_ci } 244e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_protect_test, tear_down); 245e1051a39Sopenharmony_ci return result; 246e1051a39Sopenharmony_ci} 247e1051a39Sopenharmony_ci 248e1051a39Sopenharmony_cistatic int test_MSG_protect_certificate_based_without_cert(void) 249e1051a39Sopenharmony_ci{ 250e1051a39Sopenharmony_ci OSSL_CMP_CTX *ctx; 251e1051a39Sopenharmony_ci 252e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 253e1051a39Sopenharmony_ci ctx = fixture->cmp_ctx; 254e1051a39Sopenharmony_ci fixture->expected = 0; 255e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = 256e1051a39Sopenharmony_ci OSSL_CMP_MSG_dup(ir_unprotected)) 257e1051a39Sopenharmony_ci || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) 258e1051a39Sopenharmony_ci || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { 259e1051a39Sopenharmony_ci tear_down(fixture); 260e1051a39Sopenharmony_ci fixture = NULL; 261e1051a39Sopenharmony_ci } 262e1051a39Sopenharmony_ci EVP_PKEY_up_ref(loadedkey); 263e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_protect_test, tear_down); 264e1051a39Sopenharmony_ci return result; 265e1051a39Sopenharmony_ci} 266e1051a39Sopenharmony_ci 267e1051a39Sopenharmony_cistatic int test_MSG_protect_no_key_no_secret(void) 268e1051a39Sopenharmony_ci{ 269e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 270e1051a39Sopenharmony_ci fixture->expected = 0; 271e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 272e1051a39Sopenharmony_ci || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { 273e1051a39Sopenharmony_ci tear_down(fixture); 274e1051a39Sopenharmony_ci fixture = NULL; 275e1051a39Sopenharmony_ci } 276e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_protect_test, tear_down); 277e1051a39Sopenharmony_ci return result; 278e1051a39Sopenharmony_ci} 279e1051a39Sopenharmony_ci 280e1051a39Sopenharmony_cistatic int test_MSG_protect_pbmac_no_sender(int with_ref) 281e1051a39Sopenharmony_ci{ 282e1051a39Sopenharmony_ci static unsigned char secret[] = { 47, 11, 8, 15 }; 283e1051a39Sopenharmony_ci static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; 284e1051a39Sopenharmony_ci 285e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 286e1051a39Sopenharmony_ci fixture->expected = with_ref; 287e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 288e1051a39Sopenharmony_ci || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) 289e1051a39Sopenharmony_ci || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) 290e1051a39Sopenharmony_ci || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 291e1051a39Sopenharmony_ci secret, sizeof(secret)) 292e1051a39Sopenharmony_ci || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 293e1051a39Sopenharmony_ci with_ref ? ref : NULL, 294e1051a39Sopenharmony_ci sizeof(ref)))) { 295e1051a39Sopenharmony_ci tear_down(fixture); 296e1051a39Sopenharmony_ci fixture = NULL; 297e1051a39Sopenharmony_ci } 298e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_protect_test, tear_down); 299e1051a39Sopenharmony_ci return result; 300e1051a39Sopenharmony_ci} 301e1051a39Sopenharmony_ci 302e1051a39Sopenharmony_cistatic int test_MSG_protect_pbmac_no_sender_with_ref(void) 303e1051a39Sopenharmony_ci{ 304e1051a39Sopenharmony_ci return test_MSG_protect_pbmac_no_sender(1); 305e1051a39Sopenharmony_ci} 306e1051a39Sopenharmony_ci 307e1051a39Sopenharmony_cistatic int test_MSG_protect_pbmac_no_sender_no_ref(void) 308e1051a39Sopenharmony_ci{ 309e1051a39Sopenharmony_ci return test_MSG_protect_pbmac_no_sender(0); 310e1051a39Sopenharmony_ci} 311e1051a39Sopenharmony_ci 312e1051a39Sopenharmony_cistatic int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) 313e1051a39Sopenharmony_ci{ 314e1051a39Sopenharmony_ci return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, 315e1051a39Sopenharmony_ci fixture->msg)); 316e1051a39Sopenharmony_ci} 317e1051a39Sopenharmony_ci 318e1051a39Sopenharmony_cistatic int test_MSG_add_extraCerts(void) 319e1051a39Sopenharmony_ci{ 320e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 321e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { 322e1051a39Sopenharmony_ci tear_down(fixture); 323e1051a39Sopenharmony_ci fixture = NULL; 324e1051a39Sopenharmony_ci } 325e1051a39Sopenharmony_ci EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); 326e1051a39Sopenharmony_ci return result; 327e1051a39Sopenharmony_ci} 328e1051a39Sopenharmony_ci 329e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 330e1051a39Sopenharmony_ci/* The cert chain tests use EC certs so we skip them in no-ec builds */ 331e1051a39Sopenharmony_cistatic int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) 332e1051a39Sopenharmony_ci{ 333e1051a39Sopenharmony_ci int ret = 0; 334e1051a39Sopenharmony_ci OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 335e1051a39Sopenharmony_ci X509_STORE *store; 336e1051a39Sopenharmony_ci STACK_OF(X509) *chain = 337e1051a39Sopenharmony_ci X509_build_chain(fixture->cert, fixture->certs, NULL, 338e1051a39Sopenharmony_ci fixture->with_ss, ctx->libctx, ctx->propq); 339e1051a39Sopenharmony_ci 340e1051a39Sopenharmony_ci if (TEST_ptr(chain)) { 341e1051a39Sopenharmony_ci /* Check whether chain built is equal to the expected one */ 342e1051a39Sopenharmony_ci ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 343e1051a39Sopenharmony_ci sk_X509_pop_free(chain, X509_free); 344e1051a39Sopenharmony_ci } 345e1051a39Sopenharmony_ci if (!ret) 346e1051a39Sopenharmony_ci return 0; 347e1051a39Sopenharmony_ci 348e1051a39Sopenharmony_ci if (TEST_ptr(store = X509_STORE_new()) 349e1051a39Sopenharmony_ci && TEST_true(X509_STORE_add_cert(store, root))) { 350e1051a39Sopenharmony_ci X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), 351e1051a39Sopenharmony_ci X509_V_FLAG_NO_CHECK_TIME); 352e1051a39Sopenharmony_ci chain = X509_build_chain(fixture->cert, fixture->certs, store, 353e1051a39Sopenharmony_ci fixture->with_ss, ctx->libctx, ctx->propq); 354e1051a39Sopenharmony_ci ret = TEST_int_eq(fixture->expected, chain != NULL); 355e1051a39Sopenharmony_ci if (ret && chain != NULL) { 356e1051a39Sopenharmony_ci /* Check whether chain built is equal to the expected one */ 357e1051a39Sopenharmony_ci ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 358e1051a39Sopenharmony_ci sk_X509_pop_free(chain, X509_free); 359e1051a39Sopenharmony_ci } 360e1051a39Sopenharmony_ci } 361e1051a39Sopenharmony_ci X509_STORE_free(store); 362e1051a39Sopenharmony_ci return ret; 363e1051a39Sopenharmony_ci} 364e1051a39Sopenharmony_ci 365e1051a39Sopenharmony_cistatic int test_cmp_build_cert_chain(void) 366e1051a39Sopenharmony_ci{ 367e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 368e1051a39Sopenharmony_ci fixture->expected = 1; 369e1051a39Sopenharmony_ci fixture->with_ss = 0; 370e1051a39Sopenharmony_ci fixture->cert = endentity2; 371e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 372e1051a39Sopenharmony_ci || !TEST_ptr(fixture->chain = sk_X509_new_null()) 373e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 374e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, root)) 375e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 376e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 377e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 378e1051a39Sopenharmony_ci tear_down(fixture); 379e1051a39Sopenharmony_ci fixture = NULL; 380e1051a39Sopenharmony_ci } 381e1051a39Sopenharmony_ci if (fixture != NULL) { 382e1051a39Sopenharmony_ci result = execute_cmp_build_cert_chain_test(fixture); 383e1051a39Sopenharmony_ci fixture->with_ss = 1; 384e1051a39Sopenharmony_ci if (result && TEST_true(sk_X509_push(fixture->chain, root))) 385e1051a39Sopenharmony_ci result = execute_cmp_build_cert_chain_test(fixture); 386e1051a39Sopenharmony_ci } 387e1051a39Sopenharmony_ci tear_down(fixture); 388e1051a39Sopenharmony_ci return result; 389e1051a39Sopenharmony_ci} 390e1051a39Sopenharmony_ci 391e1051a39Sopenharmony_cistatic int test_cmp_build_cert_chain_missing_intermediate(void) 392e1051a39Sopenharmony_ci{ 393e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 394e1051a39Sopenharmony_ci fixture->expected = 0; 395e1051a39Sopenharmony_ci fixture->with_ss = 0; 396e1051a39Sopenharmony_ci fixture->cert = endentity2; 397e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 398e1051a39Sopenharmony_ci || !TEST_ptr(fixture->chain = sk_X509_new_null()) 399e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 400e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, root)) 401e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 402e1051a39Sopenharmony_ci tear_down(fixture); 403e1051a39Sopenharmony_ci fixture = NULL; 404e1051a39Sopenharmony_ci } 405e1051a39Sopenharmony_ci EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 406e1051a39Sopenharmony_ci return result; 407e1051a39Sopenharmony_ci} 408e1051a39Sopenharmony_ci 409e1051a39Sopenharmony_cistatic int test_cmp_build_cert_chain_no_root(void) 410e1051a39Sopenharmony_ci{ 411e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 412e1051a39Sopenharmony_ci fixture->expected = 1; 413e1051a39Sopenharmony_ci fixture->with_ss = 0; 414e1051a39Sopenharmony_ci fixture->cert = endentity2; 415e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 416e1051a39Sopenharmony_ci || !TEST_ptr(fixture->chain = sk_X509_new_null()) 417e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 418e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 419e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 420e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 421e1051a39Sopenharmony_ci tear_down(fixture); 422e1051a39Sopenharmony_ci fixture = NULL; 423e1051a39Sopenharmony_ci } 424e1051a39Sopenharmony_ci EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 425e1051a39Sopenharmony_ci return result; 426e1051a39Sopenharmony_ci} 427e1051a39Sopenharmony_ci 428e1051a39Sopenharmony_cistatic int test_cmp_build_cert_chain_only_root(void) 429e1051a39Sopenharmony_ci{ 430e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 431e1051a39Sopenharmony_ci fixture->expected = 1; 432e1051a39Sopenharmony_ci fixture->with_ss = 0; /* still chain must include the only cert (root) */ 433e1051a39Sopenharmony_ci fixture->cert = root; 434e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 435e1051a39Sopenharmony_ci || !TEST_ptr(fixture->chain = sk_X509_new_null()) 436e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, root)) 437e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, root))) { 438e1051a39Sopenharmony_ci tear_down(fixture); 439e1051a39Sopenharmony_ci fixture = NULL; 440e1051a39Sopenharmony_ci } 441e1051a39Sopenharmony_ci EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 442e1051a39Sopenharmony_ci return result; 443e1051a39Sopenharmony_ci} 444e1051a39Sopenharmony_ci 445e1051a39Sopenharmony_cistatic int test_cmp_build_cert_chain_no_certs(void) 446e1051a39Sopenharmony_ci{ 447e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 448e1051a39Sopenharmony_ci fixture->expected = 0; 449e1051a39Sopenharmony_ci fixture->with_ss = 0; 450e1051a39Sopenharmony_ci fixture->cert = endentity2; 451e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 452e1051a39Sopenharmony_ci || !TEST_ptr(fixture->chain = sk_X509_new_null()) 453e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 454e1051a39Sopenharmony_ci tear_down(fixture); 455e1051a39Sopenharmony_ci fixture = NULL; 456e1051a39Sopenharmony_ci } 457e1051a39Sopenharmony_ci EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 458e1051a39Sopenharmony_ci return result; 459e1051a39Sopenharmony_ci} 460e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_EC */ 461e1051a39Sopenharmony_ci 462e1051a39Sopenharmony_cistatic int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) 463e1051a39Sopenharmony_ci{ 464e1051a39Sopenharmony_ci X509_STORE *store = X509_STORE_new(); 465e1051a39Sopenharmony_ci STACK_OF(X509) *sk = NULL; 466e1051a39Sopenharmony_ci int res = 0; 467e1051a39Sopenharmony_ci 468e1051a39Sopenharmony_ci if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, 469e1051a39Sopenharmony_ci fixture->certs, 470e1051a39Sopenharmony_ci fixture->callback_arg))) 471e1051a39Sopenharmony_ci goto err; 472e1051a39Sopenharmony_ci sk = X509_STORE_get1_all_certs(store); 473e1051a39Sopenharmony_ci if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) 474e1051a39Sopenharmony_ci goto err; 475e1051a39Sopenharmony_ci res = 1; 476e1051a39Sopenharmony_ci err: 477e1051a39Sopenharmony_ci X509_STORE_free(store); 478e1051a39Sopenharmony_ci sk_X509_pop_free(sk, X509_free); 479e1051a39Sopenharmony_ci return res; 480e1051a39Sopenharmony_ci 481e1051a39Sopenharmony_ci} 482e1051a39Sopenharmony_ci 483e1051a39Sopenharmony_cistatic int test_X509_STORE(void) 484e1051a39Sopenharmony_ci{ 485e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 486e1051a39Sopenharmony_ci fixture->callback_arg = 0; /* self-issued allowed */ 487e1051a39Sopenharmony_ci if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 488e1051a39Sopenharmony_ci || !sk_X509_push(fixture->certs, endentity1) 489e1051a39Sopenharmony_ci || !sk_X509_push(fixture->certs, endentity2) 490e1051a39Sopenharmony_ci || !sk_X509_push(fixture->certs, root) 491e1051a39Sopenharmony_ci || !sk_X509_push(fixture->certs, intermediate) 492e1051a39Sopenharmony_ci || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { 493e1051a39Sopenharmony_ci tear_down(fixture); 494e1051a39Sopenharmony_ci fixture = NULL; 495e1051a39Sopenharmony_ci } 496e1051a39Sopenharmony_ci EXECUTE_TEST(execute_X509_STORE_test, tear_down); 497e1051a39Sopenharmony_ci return result; 498e1051a39Sopenharmony_ci} 499e1051a39Sopenharmony_ci 500e1051a39Sopenharmony_cistatic int test_X509_STORE_only_self_issued(void) 501e1051a39Sopenharmony_ci{ 502e1051a39Sopenharmony_ci SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 503e1051a39Sopenharmony_ci fixture->certs = sk_X509_new_null(); 504e1051a39Sopenharmony_ci fixture->chain = sk_X509_new_null(); 505e1051a39Sopenharmony_ci fixture->callback_arg = 1; /* only self-issued */ 506e1051a39Sopenharmony_ci if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) 507e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, endentity2)) 508e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, root)) 509e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 510e1051a39Sopenharmony_ci || !TEST_true(sk_X509_push(fixture->chain, root))) { 511e1051a39Sopenharmony_ci tear_down(fixture); 512e1051a39Sopenharmony_ci fixture = NULL; 513e1051a39Sopenharmony_ci } 514e1051a39Sopenharmony_ci EXECUTE_TEST(execute_X509_STORE_test, tear_down); 515e1051a39Sopenharmony_ci return result; 516e1051a39Sopenharmony_ci} 517e1051a39Sopenharmony_ci 518e1051a39Sopenharmony_ci 519e1051a39Sopenharmony_civoid cleanup_tests(void) 520e1051a39Sopenharmony_ci{ 521e1051a39Sopenharmony_ci EVP_PKEY_free(loadedprivkey); 522e1051a39Sopenharmony_ci EVP_PKEY_free(loadedpubkey); 523e1051a39Sopenharmony_ci EVP_PKEY_free(loadedkey); 524e1051a39Sopenharmony_ci X509_free(cert); 525e1051a39Sopenharmony_ci X509_free(endentity1); 526e1051a39Sopenharmony_ci X509_free(endentity2); 527e1051a39Sopenharmony_ci X509_free(root); 528e1051a39Sopenharmony_ci X509_free(intermediate); 529e1051a39Sopenharmony_ci OSSL_CMP_MSG_free(ir_protected); 530e1051a39Sopenharmony_ci OSSL_CMP_MSG_free(ir_unprotected); 531e1051a39Sopenharmony_ci OSSL_PROVIDER_unload(default_null_provider); 532e1051a39Sopenharmony_ci OSSL_PROVIDER_unload(provider); 533e1051a39Sopenharmony_ci OSSL_LIB_CTX_free(libctx); 534e1051a39Sopenharmony_ci} 535e1051a39Sopenharmony_ci 536e1051a39Sopenharmony_ci#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ 537e1051a39Sopenharmony_ci "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ 538e1051a39Sopenharmony_ci "Intermediate_CA.crt module_name [module_conf_file]\n" 539e1051a39Sopenharmony_ciOPT_TEST_DECLARE_USAGE(USAGE) 540e1051a39Sopenharmony_ci 541e1051a39Sopenharmony_ciint setup_tests(void) 542e1051a39Sopenharmony_ci{ 543e1051a39Sopenharmony_ci char *server_f; 544e1051a39Sopenharmony_ci char *server_key_f; 545e1051a39Sopenharmony_ci char *server_cert_f; 546e1051a39Sopenharmony_ci char *endentity1_f; 547e1051a39Sopenharmony_ci char *endentity2_f; 548e1051a39Sopenharmony_ci char *root_f; 549e1051a39Sopenharmony_ci char *intermediate_f; 550e1051a39Sopenharmony_ci 551e1051a39Sopenharmony_ci if (!test_skip_common_options()) { 552e1051a39Sopenharmony_ci TEST_error("Error parsing test options\n"); 553e1051a39Sopenharmony_ci return 0; 554e1051a39Sopenharmony_ci } 555e1051a39Sopenharmony_ci 556e1051a39Sopenharmony_ci RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 557e1051a39Sopenharmony_ci if (!TEST_ptr(server_f = test_get_argument(0)) 558e1051a39Sopenharmony_ci || !TEST_ptr(ir_protected_f = test_get_argument(1)) 559e1051a39Sopenharmony_ci || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) 560e1051a39Sopenharmony_ci || !TEST_ptr(ip_PBM_f = test_get_argument(3)) 561e1051a39Sopenharmony_ci || !TEST_ptr(server_cert_f = test_get_argument(4)) 562e1051a39Sopenharmony_ci || !TEST_ptr(server_key_f = test_get_argument(5)) 563e1051a39Sopenharmony_ci || !TEST_ptr(endentity1_f = test_get_argument(6)) 564e1051a39Sopenharmony_ci || !TEST_ptr(endentity2_f = test_get_argument(7)) 565e1051a39Sopenharmony_ci || !TEST_ptr(root_f = test_get_argument(8)) 566e1051a39Sopenharmony_ci || !TEST_ptr(intermediate_f = test_get_argument(9))) { 567e1051a39Sopenharmony_ci TEST_error("usage: cmp_protect_test %s", USAGE); 568e1051a39Sopenharmony_ci return 0; 569e1051a39Sopenharmony_ci } 570e1051a39Sopenharmony_ci 571e1051a39Sopenharmony_ci if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) 572e1051a39Sopenharmony_ci return 0; 573e1051a39Sopenharmony_ci 574e1051a39Sopenharmony_ci if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) 575e1051a39Sopenharmony_ci || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) 576e1051a39Sopenharmony_ci return 0; 577e1051a39Sopenharmony_ci 578e1051a39Sopenharmony_ci if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) 579e1051a39Sopenharmony_ci return 0; 580e1051a39Sopenharmony_ci if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) 581e1051a39Sopenharmony_ci loadedpubkey = loadedprivkey; 582e1051a39Sopenharmony_ci if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) 583e1051a39Sopenharmony_ci || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) 584e1051a39Sopenharmony_ci return 0; 585e1051a39Sopenharmony_ci if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 586e1051a39Sopenharmony_ci || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 587e1051a39Sopenharmony_ci || !TEST_ptr(root = load_cert_pem(root_f, libctx)) 588e1051a39Sopenharmony_ci || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 589e1051a39Sopenharmony_ci return 0; 590e1051a39Sopenharmony_ci if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 591e1051a39Sopenharmony_ci return 0; 592e1051a39Sopenharmony_ci 593e1051a39Sopenharmony_ci /* Message protection tests */ 594e1051a39Sopenharmony_ci ADD_TEST(test_cmp_calc_protection_no_key_no_secret); 595e1051a39Sopenharmony_ci ADD_TEST(test_cmp_calc_protection_pkey); 596e1051a39Sopenharmony_ci ADD_TEST(test_cmp_calc_protection_pbmac); 597e1051a39Sopenharmony_ci 598e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); 599e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_with_certificate_and_key); 600e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_certificate_based_without_cert); 601e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_unprotected_request); 602e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_no_key_no_secret); 603e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); 604e1051a39Sopenharmony_ci ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); 605e1051a39Sopenharmony_ci ADD_TEST(test_MSG_add_extraCerts); 606e1051a39Sopenharmony_ci 607e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 608e1051a39Sopenharmony_ci ADD_TEST(test_cmp_build_cert_chain); 609e1051a39Sopenharmony_ci ADD_TEST(test_cmp_build_cert_chain_only_root); 610e1051a39Sopenharmony_ci ADD_TEST(test_cmp_build_cert_chain_no_root); 611e1051a39Sopenharmony_ci ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); 612e1051a39Sopenharmony_ci ADD_TEST(test_cmp_build_cert_chain_no_certs); 613e1051a39Sopenharmony_ci#endif 614e1051a39Sopenharmony_ci 615e1051a39Sopenharmony_ci ADD_TEST(test_X509_STORE); 616e1051a39Sopenharmony_ci ADD_TEST(test_X509_STORE_only_self_issued); 617e1051a39Sopenharmony_ci 618e1051a39Sopenharmony_ci return 1; 619e1051a39Sopenharmony_ci} 620