1 /*
2 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "helpers/cmp_testlib.h"
13
14 static const char *ir_protected_f;
15 static const char *ir_unprotected_f;
16 static const char *ip_PBM_f;
17
18 typedef struct test_fixture {
19 const char *test_case_name;
20 OSSL_CMP_CTX *cmp_ctx;
21 /* for protection tests */
22 OSSL_CMP_MSG *msg;
23 OSSL_CMP_PKISI *si; /* for error and response messages */
24 EVP_PKEY *pubkey;
25 unsigned char *mem;
26 int memlen;
27 X509 *cert;
28 STACK_OF(X509) *certs;
29 STACK_OF(X509) *chain;
30 int with_ss;
31 int callback_arg;
32 int expected;
33 } CMP_PROTECT_TEST_FIXTURE;
34
35 static OSSL_LIB_CTX *libctx = NULL;
36 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
37
tear_down(CMP_PROTECT_TEST_FIXTURE * fixture)38 static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
39 {
40 OSSL_CMP_CTX_free(fixture->cmp_ctx);
41 OSSL_CMP_MSG_free(fixture->msg);
42 OSSL_CMP_PKISI_free(fixture->si);
43
44 OPENSSL_free(fixture->mem);
45 sk_X509_free(fixture->certs);
46 sk_X509_free(fixture->chain);
47
48 OPENSSL_free(fixture);
49 }
50
set_up(const char * const test_case_name)51 static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
52 {
53 CMP_PROTECT_TEST_FIXTURE *fixture;
54
55 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
56 return NULL;
57 fixture->test_case_name = test_case_name;
58 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
59 tear_down(fixture);
60 return NULL;
61 }
62 return fixture;
63 }
64
65 static EVP_PKEY *loadedprivkey = NULL;
66 static EVP_PKEY *loadedpubkey = NULL;
67 static EVP_PKEY *loadedkey = NULL;
68 static X509 *cert = NULL;
69 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
70 static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
71 static X509 *endentity1 = NULL, *endentity2 = NULL,
72 *root = NULL, *intermediate = NULL;
73
execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE * fixture)74 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
75 {
76 ASN1_BIT_STRING *protection =
77 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
78 int res = TEST_ptr_null(protection);
79
80 ASN1_BIT_STRING_free(protection);
81 return res;
82 }
83
execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE * fixture)84 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
85 {
86 ASN1_BIT_STRING *protection =
87 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
88 int res = TEST_ptr(protection)
89 && TEST_true(ASN1_STRING_cmp(protection,
90 fixture->msg->protection) == 0);
91
92 ASN1_BIT_STRING_free(protection);
93 return res;
94 }
95
96 /*
97 * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
98 * but without the need for a OSSL_CMP_CTX or a X509 certificate
99 */
verify_signature(OSSL_CMP_MSG * msg,ASN1_BIT_STRING * protection,EVP_PKEY * pkey,EVP_MD * digest)100 static int verify_signature(OSSL_CMP_MSG *msg,
101 ASN1_BIT_STRING *protection,
102 EVP_PKEY *pkey, EVP_MD *digest)
103 {
104 OSSL_CMP_PROTECTEDPART prot_part;
105 unsigned char *prot_part_der = NULL;
106 int len;
107 EVP_MD_CTX *ctx = NULL;
108 int res;
109
110 prot_part.header = OSSL_CMP_MSG_get0_header(msg);
111 prot_part.body = msg->body;
112 len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der);
113 res =
114 TEST_int_ge(len, 0)
115 && TEST_ptr(ctx = EVP_MD_CTX_new())
116 && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey))
117 && TEST_int_eq(EVP_DigestVerify(ctx, protection->data,
118 protection->length,
119 prot_part_der, len), 1);
120 /* cleanup */
121 EVP_MD_CTX_free(ctx);
122 OPENSSL_free(prot_part_der);
123 return res;
124 }
125
126 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * fixture)127 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
128 fixture)
129 {
130 ASN1_BIT_STRING *protection =
131 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
132 int ret = (TEST_ptr(protection)
133 && TEST_true(ASN1_STRING_cmp(protection,
134 fixture->msg->protection) == 0)
135 && TEST_true(verify_signature(fixture->msg, protection,
136 fixture->pubkey,
137 fixture->cmp_ctx->digest)));
138
139 ASN1_BIT_STRING_free(protection);
140 return ret;
141 }
142
test_cmp_calc_protection_no_key_no_secret(void)143 static int test_cmp_calc_protection_no_key_no_secret(void)
144 {
145 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
146 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))
147 || !TEST_ptr(fixture->msg->header->protectionAlg =
148 X509_ALGOR_new() /* no specific alg needed here */)) {
149 tear_down(fixture);
150 fixture = NULL;
151 }
152
153 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
154 return result;
155 }
156
test_cmp_calc_protection_pkey(void)157 static int test_cmp_calc_protection_pkey(void)
158 {
159 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
160 fixture->pubkey = loadedpubkey;
161 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
162 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) {
163 tear_down(fixture);
164 fixture = NULL;
165 }
166 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
167 return result;
168 }
169
test_cmp_calc_protection_pbmac(void)170 static int test_cmp_calc_protection_pbmac(void)
171 {
172 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
173
174 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
175 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
176 sec_insta, sizeof(sec_insta)))
177 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) {
178 tear_down(fixture);
179 fixture = NULL;
180 }
181 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
182 return result;
183 }
execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE * fixture)184 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
185 {
186 return TEST_int_eq(fixture->expected,
187 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
188 }
189
190 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
191 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
test_MSG_protect_unprotected_request(void)192 static int test_MSG_protect_unprotected_request(void)
193 {
194 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
195
196 fixture->expected = 1;
197 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
198 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
199 tear_down(fixture);
200 fixture = NULL;
201 }
202 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
203 return result;
204 }
205
test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)206 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
207 {
208 const size_t size = sizeof(rand_data) / 2;
209
210 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
211 fixture->expected = 1;
212
213 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
214 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
215 /*
216 * Use half of the 16 bytes of random input
217 * for each reference and secret value
218 */
219 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
220 rand_data, size))
221 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
222 rand_data + size,
223 size))) {
224 tear_down(fixture);
225 fixture = NULL;
226 }
227 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
228 return result;
229 }
230
test_MSG_protect_with_certificate_and_key(void)231 static int test_MSG_protect_with_certificate_and_key(void)
232 {
233 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
234 fixture->expected = 1;
235
236 if (!TEST_ptr(fixture->msg =
237 OSSL_CMP_MSG_dup(ir_unprotected))
238 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
239 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
240 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
241 tear_down(fixture);
242 fixture = NULL;
243 }
244 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
245 return result;
246 }
247
test_MSG_protect_certificate_based_without_cert(void)248 static int test_MSG_protect_certificate_based_without_cert(void)
249 {
250 OSSL_CMP_CTX *ctx;
251
252 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
253 ctx = fixture->cmp_ctx;
254 fixture->expected = 0;
255 if (!TEST_ptr(fixture->msg =
256 OSSL_CMP_MSG_dup(ir_unprotected))
257 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
258 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) {
259 tear_down(fixture);
260 fixture = NULL;
261 }
262 EVP_PKEY_up_ref(loadedkey);
263 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
264 return result;
265 }
266
test_MSG_protect_no_key_no_secret(void)267 static int test_MSG_protect_no_key_no_secret(void)
268 {
269 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
270 fixture->expected = 0;
271 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
272 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
273 tear_down(fixture);
274 fixture = NULL;
275 }
276 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
277 return result;
278 }
279
test_MSG_protect_pbmac_no_sender(int with_ref)280 static int test_MSG_protect_pbmac_no_sender(int with_ref)
281 {
282 static unsigned char secret[] = { 47, 11, 8, 15 };
283 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
284
285 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
286 fixture->expected = with_ref;
287 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
288 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
289 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
290 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
291 secret, sizeof(secret))
292 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
293 with_ref ? ref : NULL,
294 sizeof(ref)))) {
295 tear_down(fixture);
296 fixture = NULL;
297 }
298 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
299 return result;
300 }
301
test_MSG_protect_pbmac_no_sender_with_ref(void)302 static int test_MSG_protect_pbmac_no_sender_with_ref(void)
303 {
304 return test_MSG_protect_pbmac_no_sender(1);
305 }
306
test_MSG_protect_pbmac_no_sender_no_ref(void)307 static int test_MSG_protect_pbmac_no_sender_no_ref(void)
308 {
309 return test_MSG_protect_pbmac_no_sender(0);
310 }
311
execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE * fixture)312 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
313 {
314 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
315 fixture->msg));
316 }
317
test_MSG_add_extraCerts(void)318 static int test_MSG_add_extraCerts(void)
319 {
320 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
321 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
322 tear_down(fixture);
323 fixture = NULL;
324 }
325 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
326 return result;
327 }
328
329 #ifndef OPENSSL_NO_EC
330 /* The cert chain tests use EC certs so we skip them in no-ec builds */
execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE * fixture)331 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
332 {
333 int ret = 0;
334 OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
335 X509_STORE *store;
336 STACK_OF(X509) *chain =
337 X509_build_chain(fixture->cert, fixture->certs, NULL,
338 fixture->with_ss, ctx->libctx, ctx->propq);
339
340 if (TEST_ptr(chain)) {
341 /* Check whether chain built is equal to the expected one */
342 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
343 sk_X509_pop_free(chain, X509_free);
344 }
345 if (!ret)
346 return 0;
347
348 if (TEST_ptr(store = X509_STORE_new())
349 && TEST_true(X509_STORE_add_cert(store, root))) {
350 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
351 X509_V_FLAG_NO_CHECK_TIME);
352 chain = X509_build_chain(fixture->cert, fixture->certs, store,
353 fixture->with_ss, ctx->libctx, ctx->propq);
354 ret = TEST_int_eq(fixture->expected, chain != NULL);
355 if (ret && chain != NULL) {
356 /* Check whether chain built is equal to the expected one */
357 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
358 sk_X509_pop_free(chain, X509_free);
359 }
360 }
361 X509_STORE_free(store);
362 return ret;
363 }
364
test_cmp_build_cert_chain(void)365 static int test_cmp_build_cert_chain(void)
366 {
367 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
368 fixture->expected = 1;
369 fixture->with_ss = 0;
370 fixture->cert = endentity2;
371 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
372 || !TEST_ptr(fixture->chain = sk_X509_new_null())
373 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
374 || !TEST_true(sk_X509_push(fixture->certs, root))
375 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
376 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
377 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
378 tear_down(fixture);
379 fixture = NULL;
380 }
381 if (fixture != NULL) {
382 result = execute_cmp_build_cert_chain_test(fixture);
383 fixture->with_ss = 1;
384 if (result && TEST_true(sk_X509_push(fixture->chain, root)))
385 result = execute_cmp_build_cert_chain_test(fixture);
386 }
387 tear_down(fixture);
388 return result;
389 }
390
test_cmp_build_cert_chain_missing_intermediate(void)391 static int test_cmp_build_cert_chain_missing_intermediate(void)
392 {
393 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
394 fixture->expected = 0;
395 fixture->with_ss = 0;
396 fixture->cert = endentity2;
397 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
398 || !TEST_ptr(fixture->chain = sk_X509_new_null())
399 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
400 || !TEST_true(sk_X509_push(fixture->certs, root))
401 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
402 tear_down(fixture);
403 fixture = NULL;
404 }
405 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
406 return result;
407 }
408
test_cmp_build_cert_chain_no_root(void)409 static int test_cmp_build_cert_chain_no_root(void)
410 {
411 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
412 fixture->expected = 1;
413 fixture->with_ss = 0;
414 fixture->cert = endentity2;
415 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
416 || !TEST_ptr(fixture->chain = sk_X509_new_null())
417 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
418 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
419 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
420 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
421 tear_down(fixture);
422 fixture = NULL;
423 }
424 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
425 return result;
426 }
427
test_cmp_build_cert_chain_only_root(void)428 static int test_cmp_build_cert_chain_only_root(void)
429 {
430 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
431 fixture->expected = 1;
432 fixture->with_ss = 0; /* still chain must include the only cert (root) */
433 fixture->cert = root;
434 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
435 || !TEST_ptr(fixture->chain = sk_X509_new_null())
436 || !TEST_true(sk_X509_push(fixture->certs, root))
437 || !TEST_true(sk_X509_push(fixture->chain, root))) {
438 tear_down(fixture);
439 fixture = NULL;
440 }
441 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
442 return result;
443 }
444
test_cmp_build_cert_chain_no_certs(void)445 static int test_cmp_build_cert_chain_no_certs(void)
446 {
447 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
448 fixture->expected = 0;
449 fixture->with_ss = 0;
450 fixture->cert = endentity2;
451 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
452 || !TEST_ptr(fixture->chain = sk_X509_new_null())
453 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
454 tear_down(fixture);
455 fixture = NULL;
456 }
457 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
458 return result;
459 }
460 #endif /* OPENSSL_NO_EC */
461
execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE * fixture)462 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
463 {
464 X509_STORE *store = X509_STORE_new();
465 STACK_OF(X509) *sk = NULL;
466 int res = 0;
467
468 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
469 fixture->certs,
470 fixture->callback_arg)))
471 goto err;
472 sk = X509_STORE_get1_all_certs(store);
473 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
474 goto err;
475 res = 1;
476 err:
477 X509_STORE_free(store);
478 sk_X509_pop_free(sk, X509_free);
479 return res;
480
481 }
482
test_X509_STORE(void)483 static int test_X509_STORE(void)
484 {
485 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
486 fixture->callback_arg = 0; /* self-issued allowed */
487 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
488 || !sk_X509_push(fixture->certs, endentity1)
489 || !sk_X509_push(fixture->certs, endentity2)
490 || !sk_X509_push(fixture->certs, root)
491 || !sk_X509_push(fixture->certs, intermediate)
492 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
493 tear_down(fixture);
494 fixture = NULL;
495 }
496 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
497 return result;
498 }
499
test_X509_STORE_only_self_issued(void)500 static int test_X509_STORE_only_self_issued(void)
501 {
502 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
503 fixture->certs = sk_X509_new_null();
504 fixture->chain = sk_X509_new_null();
505 fixture->callback_arg = 1; /* only self-issued */
506 if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
507 || !TEST_true(sk_X509_push(fixture->certs, endentity2))
508 || !TEST_true(sk_X509_push(fixture->certs, root))
509 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
510 || !TEST_true(sk_X509_push(fixture->chain, root))) {
511 tear_down(fixture);
512 fixture = NULL;
513 }
514 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
515 return result;
516 }
517
518
cleanup_tests(void)519 void cleanup_tests(void)
520 {
521 EVP_PKEY_free(loadedprivkey);
522 EVP_PKEY_free(loadedpubkey);
523 EVP_PKEY_free(loadedkey);
524 X509_free(cert);
525 X509_free(endentity1);
526 X509_free(endentity2);
527 X509_free(root);
528 X509_free(intermediate);
529 OSSL_CMP_MSG_free(ir_protected);
530 OSSL_CMP_MSG_free(ir_unprotected);
531 OSSL_PROVIDER_unload(default_null_provider);
532 OSSL_PROVIDER_unload(provider);
533 OSSL_LIB_CTX_free(libctx);
534 }
535
536 #define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
537 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
538 "Intermediate_CA.crt module_name [module_conf_file]\n"
OPT_TEST_DECLARE_USAGE(USAGE)539 OPT_TEST_DECLARE_USAGE(USAGE)
540
541 int setup_tests(void)
542 {
543 char *server_f;
544 char *server_key_f;
545 char *server_cert_f;
546 char *endentity1_f;
547 char *endentity2_f;
548 char *root_f;
549 char *intermediate_f;
550
551 if (!test_skip_common_options()) {
552 TEST_error("Error parsing test options\n");
553 return 0;
554 }
555
556 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
557 if (!TEST_ptr(server_f = test_get_argument(0))
558 || !TEST_ptr(ir_protected_f = test_get_argument(1))
559 || !TEST_ptr(ir_unprotected_f = test_get_argument(2))
560 || !TEST_ptr(ip_PBM_f = test_get_argument(3))
561 || !TEST_ptr(server_cert_f = test_get_argument(4))
562 || !TEST_ptr(server_key_f = test_get_argument(5))
563 || !TEST_ptr(endentity1_f = test_get_argument(6))
564 || !TEST_ptr(endentity2_f = test_get_argument(7))
565 || !TEST_ptr(root_f = test_get_argument(8))
566 || !TEST_ptr(intermediate_f = test_get_argument(9))) {
567 TEST_error("usage: cmp_protect_test %s", USAGE);
568 return 0;
569 }
570
571 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
572 return 0;
573
574 if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx))
575 || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)))
576 return 0;
577
578 if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx)))
579 return 0;
580 if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
581 loadedpubkey = loadedprivkey;
582 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
583 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
584 return 0;
585 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
586 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
587 || !TEST_ptr(root = load_cert_pem(root_f, libctx))
588 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
589 return 0;
590 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
591 return 0;
592
593 /* Message protection tests */
594 ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
595 ADD_TEST(test_cmp_calc_protection_pkey);
596 ADD_TEST(test_cmp_calc_protection_pbmac);
597
598 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
599 ADD_TEST(test_MSG_protect_with_certificate_and_key);
600 ADD_TEST(test_MSG_protect_certificate_based_without_cert);
601 ADD_TEST(test_MSG_protect_unprotected_request);
602 ADD_TEST(test_MSG_protect_no_key_no_secret);
603 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
604 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
605 ADD_TEST(test_MSG_add_extraCerts);
606
607 #ifndef OPENSSL_NO_EC
608 ADD_TEST(test_cmp_build_cert_chain);
609 ADD_TEST(test_cmp_build_cert_chain_only_root);
610 ADD_TEST(test_cmp_build_cert_chain_no_root);
611 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
612 ADD_TEST(test_cmp_build_cert_chain_no_certs);
613 #endif
614
615 ADD_TEST(test_X509_STORE);
616 ADD_TEST(test_X509_STORE_only_self_issued);
617
618 return 1;
619 }
620