1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include <gtest/gtest.h> 17 #include <iostream> 18 #include <string> 19 20 #include <openssl/ssl.h> 21 22 #define private public 23 #include "tls_context.h" 24 #include "tls.h" 25 26 namespace OHOS { 27 namespace NetStack { 28 namespace { 29 using namespace testing::ext; 30 constexpr const char *PROTOCOL13 = "TLSv1.3"; 31 constexpr const char *PROTOCOL12 = "TLSv1.2"; 32 constexpr const char *PROTOCOL11 = "TLSv1.1"; 33 constexpr const char *CIPHER_SUITE = "AES256-SHA256"; 34 constexpr const char *SIGNATURE_ALGORITHMS = "rsa_pss_rsae_sha256:ECDSA+SHA256"; 35 36 static char g_clientFile[] = 37 "-----BEGIN CERTIFICATE-----\r\n" 38 "MIIDezCCAmMCFD6h5R4QvySV9q9mC6s31qQFLX14MA0GCSqGSIb3DQEBCwUAMHgx\r\n" 39 "CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoM\r\n" 40 "A0NPTTEMMAoGA1UECwwDTlNQMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYX\r\n" 41 "emhhbmd6aGV3ZWkwMTAzQDE2My5jb20wHhcNMjIwNDI0MDIwMjU3WhcNMjMwNDI0\r\n" 42 "MDIwMjU3WjB8MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR0QxCzAJBgNVBAcMAlNa\r\n" 43 "MQwwCgYDVQQKDANDT00xDDAKBgNVBAsMA05TUDEPMA0GA1UEAwwGQ0xJRU5UMSYw\r\n" 44 "JAYJKoZIhvcNAQkBFhd6aGFuZ3poZXdlaTAxMDNAMTYzLmNvbTCCASIwDQYJKoZI\r\n" 45 "hvcNAQEBBQADggEPADCCAQoCggEBAKlc63+j5C7tLoaecpdhzzZtLy8iNSi6oLHc\r\n" 46 "+bPib1XWz1zcQ4On5ncGuuLSV2Tyse4tSsDbPycd8b9Teq6gdGrvirtGXau82zAq\r\n" 47 "no+t0mxVtV1r0OkSe+hnIrYKxTE5UDeAM319MSxWlCR0bg0uEAuVBPQpld5A9PQT\r\n" 48 "YCLbv4cTwB0sIKupsnNbrn2AsAlCFd288XeuTN+N87m05cDkprAkqkCJfAtRnejV\r\n" 49 "k+vbS+H6toR3P9PVQJXC77oM7cDOjR8AwpkRRA890XUWoQLwhHXvDpGPwKK+lLnG\r\n" 50 "FswiaHy3silUIOidwk7E/81BOqXSk77oUG6UQrVilkmu6g79VssCAwEAATANBgkq\r\n" 51 "hkiG9w0BAQsFAAOCAQEAOeqp+hFVRs4YB3UjU/3bvAUFQLS97gapCp2lk6jS88jt\r\n" 52 "uNeyvwulOAtZEbcoIIvzzNxvBDOVibTJ6gZU9P9g0WyRu2RTgy+UggNwH8u8KZzM\r\n" 53 "DT8sxuoYvRcEWbOhlNQgACa7AlQSLQifo8nvEMS2i9o8WHoHu42MRDYOHYVIwWXH\r\n" 54 "h6mZzfo+zrPyv3NFlwlWqaNiTGgnGCXzlVK3p5YYqLbNVYpy0U5FBxQ7fITsqcbK\r\n" 55 "PusAAEZzPxm8Epo647M28gNkdEEM/7bqhSTJO+jfkojgyQt2ghlw+NGCmG4dJGZb\r\n" 56 "yA7Z3PBj8aqEwmRUF8SAR1bxWBGk2IYRwgStuwvusg==\r\n" 57 "-----END CERTIFICATE-----\r\n"; 58 59 static char g_caCrtFile[] = 60 "Certificate:\r\n" 61 " Data:\r\n" 62 " Version: 3 (0x2)\r\n" 63 " Serial Number: 1 (0x1)\r\n" 64 " Signature Algorithm: sha256WithRSAEncryption\r\n" 65 " Issuer: C=CN, ST=beijing, O=ahaha Inc, OU=Root CA, CN=ahaha CA\r\n" 66 " Validity\r\n" 67 " Not Before: Aug 23 07:33:55 2022 GMT\r\n" 68 " Not After : Aug 23 07:33:55 2023 GMT\r\n" 69 " Subject: C=CN, ST=beijing, O=ahaha CA Inc, OU=Root CA, CN=ahaha CA\r\n" 70 " Subject Public Key Info:\r\n" 71 " Public Key Algorithm: rsaEncryption\r\n" 72 " RSA Public-Key: (2048 bit)\r\n" 73 " Modulus:\r\n" 74 " 00:9d:df:68:f7:7b:78:0b:21:f3:6f:24:60:ef:ce:\r\n" 75 " 02:90:24:df:c4:d3:f3:e4:26:6c:c7:12:bf:28:cd:\r\n" 76 " 38:2d:3f:ab:76:11:64:ce:6b:f6:07:fd:35:1e:b9:\r\n" 77 " ec:22:72:03:4d:eb:d2:94:49:2d:82:44:6c:72:59:\r\n" 78 " 14:ab:e7:0c:72:32:3e:ad:fa:9d:52:da:24:8d:e9:\r\n" 79 " a4:10:d7:dd:34:66:df:7e:e0:0e:66:53:8b:ee:91:\r\n" 80 " 07:9a:ce:2a:85:25:09:77:3d:5f:75:1c:a1:b3:ab:\r\n" 81 " 86:3b:21:28:f8:43:aa:f0:0b:7d:4d:f9:df:85:33:\r\n" 82 " 4a:3b:ff:e4:03:59:25:62:a1:e9:da:92:63:02:93:\r\n" 83 " bd:f9:df:6e:c6:57:a7:d2:e6:7b:37:14:a9:ba:69:\r\n" 84 " 71:0c:c5:4f:66:fe:67:66:5c:8d:d7:04:4d:d7:f3:\r\n" 85 " 0b:c0:0b:7d:49:eb:68:94:28:f6:31:0f:0d:2a:03:\r\n" 86 " 70:a7:97:f9:38:90:36:d4:4b:39:4b:53:a5:2c:32:\r\n" 87 " 72:f2:41:86:32:13:3c:40:2d:3f:e8:63:d3:8c:8a:\r\n" 88 " 83:79:d3:20:f6:bc:cd:97:3e:94:91:4e:3c:74:8d:\r\n" 89 " 9a:fa:29:de:c4:a5:f7:e1:e2:06:55:e6:6c:41:0f:\r\n" 90 " 60:3b:90:de:3a:84:ef:3a:77:79:27:00:23:55:66:\r\n" 91 " ca:81\r\n" 92 " Exponent: 65537 (0x10001)\r\n" 93 " X509v3 extensions:\r\n" 94 " X509v3 Basic Constraints:\r\n" 95 " CA:TRUE\r\n" 96 " Signature Algorithm: sha256WithRSAEncryption\r\n" 97 " 61:3e:39:71:7f:b1:50:dd:71:97:cd:dc:a9:4b:72:96:0a:12:\r\n" 98 " c1:18:fd:35:b5:e0:97:1b:76:58:22:8d:cd:75:51:0f:ba:04:\r\n" 99 " 00:94:6a:46:d5:3a:c5:ac:ea:7d:9c:ec:6f:19:b6:f1:2b:06:\r\n" 100 " e9:bb:cb:49:24:34:0b:55:bd:02:19:24:19:85:bb:e4:a4:80:\r\n" 101 " f4:d6:90:82:7e:81:5c:9b:89:d4:15:ed:3a:b7:a2:37:59:40:\r\n" 102 " db:b4:18:25:90:2e:ae:82:f9:a8:0c:9d:bd:c7:8c:54:85:ed:\r\n" 103 " 07:d1:70:1d:ee:a1:92:bd:12:97:83:4d:9e:9e:b7:01:b5:56:\r\n" 104 " a5:1f:31:6e:a1:48:68:a4:4f:1c:fa:b0:38:27:47:12:eb:55:\r\n" 105 " a3:45:f7:e3:18:ba:d7:85:3c:1f:2c:1e:5e:38:75:5e:80:8a:\r\n" 106 " fd:1c:84:4f:9b:ef:85:b7:79:89:d7:43:eb:d4:fb:c5:51:5b:\r\n" 107 " 84:6f:0e:06:32:54:13:e4:a7:e2:20:2d:b8:fa:2d:09:f8:8f:\r\n" 108 " dd:01:19:39:cc:23:c0:d1:39:19:9a:f7:7c:53:63:bf:ea:be:\r\n" 109 " 04:9b:af:3e:6e:1e:77:c8:b9:0b:78:e9:0e:62:a7:51:db:1e:\r\n" 110 " c0:63:4d:4d:14:ff:ca:44:7f:15:e4:fa:98:1e:3d:58:c2:b6:\r\n" 111 " 5a:64:68:d0\r\n" 112 "-----BEGIN CERTIFICATE-----\r\n" 113 "MIIDazCCAlOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJDTjEQ\r\n" 114 "MA4GA1UECAwHYmVpamluZzEdMBsGA1UECgwUR2xvYmFsIEdvb2dsZSBDQSBJbmMx\r\n" 115 "EDAOBgNVBAsMB1Jvb3QgQ0ExHjAcBgNVBAMMFUdsb2JhbCBHb29nbGUgUm9vdCBD\r\n" 116 "QTAeFw0yMjA4MjMwNzMzNTVaFw0yMzA4MjMwNzMzNTVaMHAxCzAJBgNVBAYTAkNO\r\n" 117 "MRAwDgYDVQQIDAdiZWlqaW5nMR0wGwYDVQQKDBRHbG9iYWwgR29vZ2xlIENBIElu\r\n" 118 "YzEQMA4GA1UECwwHUm9vdCBDQTEeMBwGA1UEAwwVR2xvYmFsIEdvb2dsZSBSb290\r\n" 119 "IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd9o93t4CyHzbyRg\r\n" 120 "784CkCTfxNPz5CZsxxK/KM04LT+rdhFkzmv2B/01HrnsInIDTevSlEktgkRsclkU\r\n" 121 "q+cMcjI+rfqdUtokjemkENfdNGbffuAOZlOL7pEHms4qhSUJdz1fdRyhs6uGOyEo\r\n" 122 "+EOq8At9TfnfhTNKO//kA1klYqHp2pJjApO9+d9uxlen0uZ7NxSpumlxDMVPZv5n\r\n" 123 "ZlyN1wRN2PMLwAt9SetolCj2MQ8NKgNwp5f5OJA21Es5S1OlLDJy8kGGMhM8QC0/\r\n" 124 "6GPTjIqDedMg9rzNlz6UkU48dI2a+inexKX34eIGVeZsQQ9gO5DeOoTvOnd5JwAj\r\n" 125 "VWbKgQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBh\r\n" 126 "Pjlxf7FQ3XGXzdypS3KWChLBGP01teCXG3ZYIo3NdVEPugQAlGpG1TrFrOp9nOxv\r\n" 127 "GbbxKwbpu8tJJDQLVb0CGSQZhbvkpID01pCCfoFcm4nUFe06t6I3WUDbtBglkC6u\r\n" 128 "gvmoDJ29x4xUhe0H0XAd7qGSvRKXg02enrcBtValHzFuoUhopE8c+rA4J0cS61Wj\r\n" 129 "RffjGLrXhTwfLB5eOHVegIr9HIRPm++Ft3mJ10Pr1PvFUVuEbw4GMlQT5KfiIC24\r\n" 130 "+i0J+I/dARk5zCPA0TkZmvd8U2O/6r4Em68+bh53yLkLeOkOYqdR2x7AY01NFP/K\r\n" 131 "RH8V5PqYHj1YwrZaZGjQ\r\n" 132 "-----END CERTIFICATE-----\r\n"; 133 } // namespace 134 135 class TlsContextTest : public testing::Test { 136 public: SetUpTestCase()137 static void SetUpTestCase() {} 138 TearDownTestCase()139 static void TearDownTestCase() {} 140 SetUp()141 virtual void SetUp() {} 142 TearDown()143 virtual void TearDown() {} 144 }; 145 146 HWTEST_F(TlsContextTest, ContextTest1, TestSize.Level2) 147 { 148 TLSConfiguration configuration; 149 configuration.SetCipherSuite(CIPHER_SUITE); 150 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 151 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 152 153 EXPECT_NE(tlsContext, nullptr); 154 tlsContext->CloseCtx(); 155 } 156 157 HWTEST_F(TlsContextTest, ContextTest2, TestSize.Level2) 158 { 159 std::vector<std::string> protocol; 160 protocol.push_back(PROTOCOL13); 161 protocol.push_back(PROTOCOL12); 162 protocol.push_back(PROTOCOL11); 163 TLSConfiguration configuration; 164 std::vector<std::string> caVec = {g_caCrtFile}; 165 configuration.SetCaCertificate(caVec); 166 configuration.SetProtocol(protocol); 167 configuration.SetCipherSuite(CIPHER_SUITE); 168 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 169 configuration.SetLocalCertificate(g_clientFile); 170 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 171 EXPECT_NE(tlsContext, nullptr); 172 TLSContext::SetMinAndMaxProtocol(tlsContext.get()); 173 bool isInitTlsContext = TLSContext::InitTlsContext(tlsContext.get(), configuration); 174 EXPECT_TRUE(isInitTlsContext); 175 bool isSetCipherList = TLSContext::SetCipherList(tlsContext.get(), configuration); 176 EXPECT_TRUE(isSetCipherList); 177 bool isSetSignatureAlgorithms = TLSContext::SetSignatureAlgorithms(tlsContext.get(), configuration); 178 EXPECT_TRUE(isSetSignatureAlgorithms); 179 TLSContext::GetCiphers(tlsContext.get()); 180 TLSContext::UseRemoteCipher(tlsContext.get()); 181 bool setCaAndVerify = TLSContext::SetCaAndVerify(tlsContext.get(), configuration); 182 EXPECT_TRUE(setCaAndVerify); 183 bool setLocalCert = TLSContext::SetLocalCertificate(tlsContext.get(), configuration); 184 EXPECT_TRUE(setLocalCert); 185 bool setKeyAndCheck = TLSContext::SetKeyAndCheck(tlsContext.get(), configuration); 186 EXPECT_FALSE(setKeyAndCheck); 187 TLSContext::SetVerify(tlsContext.get()); 188 SSL *ssl = tlsContext->CreateSsl(); 189 EXPECT_NE(ssl, nullptr); 190 SSL_free(ssl); 191 ssl = nullptr; 192 tlsContext->CloseCtx(); 193 } 194 195 HWTEST_F(TlsContextTest, ContextNullTest, TestSize.Level2) 196 { 197 std::vector<std::string> protocol; 198 protocol.push_back(PROTOCOL13); 199 protocol.push_back(PROTOCOL12); 200 protocol.push_back(PROTOCOL11); 201 TLSConfiguration configuration; 202 std::vector<std::string> caVec = {g_caCrtFile}; 203 configuration.SetCaCertificate(caVec); 204 configuration.SetProtocol(protocol); 205 configuration.SetCipherSuite(CIPHER_SUITE); 206 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 207 configuration.SetLocalCertificate(g_clientFile); 208 std::unique_ptr<TLSContext> tlsContext = nullptr; 209 EXPECT_EQ(tlsContext, nullptr); 210 TLSContext::SetMinAndMaxProtocol(tlsContext.get()); 211 bool isInitTlsContext = TLSContext::InitTlsContext(tlsContext.get(), configuration); 212 EXPECT_FALSE(isInitTlsContext); 213 bool isSetCipherList = TLSContext::SetCipherList(tlsContext.get(), configuration); 214 EXPECT_FALSE(isSetCipherList); 215 bool isSetSignatureAlgorithms = TLSContext::SetSignatureAlgorithms(tlsContext.get(), configuration); 216 EXPECT_FALSE(isSetSignatureAlgorithms); 217 TLSContext::GetCiphers(tlsContext.get()); 218 TLSContext::UseRemoteCipher(tlsContext.get()); 219 bool setCaAndVerify = TLSContext::SetCaAndVerify(tlsContext.get(), configuration); 220 EXPECT_FALSE(setCaAndVerify); 221 bool setLocalCert = TLSContext::SetLocalCertificate(tlsContext.get(), configuration); 222 EXPECT_FALSE(setLocalCert); 223 bool setKeyAndCheck = TLSContext::SetKeyAndCheck(tlsContext.get(), configuration); 224 EXPECT_FALSE(setKeyAndCheck); 225 TLSContext::SetVerify(tlsContext.get()); 226 } 227 } // namespace NetStack 228 } // namespace OHOS