1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include <gtest/gtest.h> 17 #include <iostream> 18 #include <string> 19 20 #include <openssl/ssl.h> 21 22 #define private public 23 #include "tls_context.h" 24 #include "tls.h" 25 26 namespace OHOS { 27 namespace NetStack { 28 namespace TlsSocket { 29 namespace { 30 using namespace testing::ext; 31 constexpr const char *PROTOCOL13 = "TLSv1.3"; 32 constexpr const char *PROTOCOL12 = "TLSv1.2"; 33 constexpr const char *PROTOCOL11 = "TLSv1.1"; 34 constexpr const char *CIPHER_SUITE = "AES256-SHA256"; 35 constexpr const char *SIGNATURE_ALGORITHMS = "rsa_pss_rsae_sha256:ECDSA+SHA256"; 36 37 static char g_clientFile[] = 38 "-----BEGIN CERTIFICATE-----\r\n" 39 "MIIDezCCAmMCFD6h5R4QvySV9q9mC6s31qQFLX14MA0GCSqGSIb3DQEBCwUAMHgx\r\n" 40 "CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxDDAKBgNVBAoM\r\n" 41 "A0NPTTEMMAoGA1UECwwDTlNQMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYX\r\n" 42 "emhhbmd6aGV3ZWkwMTAzQDE2My5jb20wHhcNMjIwNDI0MDIwMjU3WhcNMjMwNDI0\r\n" 43 "MDIwMjU3WjB8MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR0QxCzAJBgNVBAcMAlNa\r\n" 44 "MQwwCgYDVQQKDANDT00xDDAKBgNVBAsMA05TUDEPMA0GA1UEAwwGQ0xJRU5UMSYw\r\n" 45 "JAYJKoZIhvcNAQkBFhd6aGFuZ3poZXdlaTAxMDNAMTYzLmNvbTCCASIwDQYJKoZI\r\n" 46 "hvcNAQEBBQADggEPADCCAQoCggEBAKlc63+j5C7tLoaecpdhzzZtLy8iNSi6oLHc\r\n" 47 "+bPib1XWz1zcQ4On5ncGuuLSV2Tyse4tSsDbPycd8b9Teq6gdGrvirtGXau82zAq\r\n" 48 "no+t0mxVtV1r0OkSe+hnIrYKxTE5UDeAM319MSxWlCR0bg0uEAuVBPQpld5A9PQT\r\n" 49 "YCLbv4cTwB0sIKupsnNbrn2AsAlCFd288XeuTN+N87m05cDkprAkqkCJfAtRnejV\r\n" 50 "k+vbS+H6toR3P9PVQJXC77oM7cDOjR8AwpkRRA890XUWoQLwhHXvDpGPwKK+lLnG\r\n" 51 "FswiaHy3silUIOidwk7E/81BOqXSk77oUG6UQrVilkmu6g79VssCAwEAATANBgkq\r\n" 52 "hkiG9w0BAQsFAAOCAQEAOeqp+hFVRs4YB3UjU/3bvAUFQLS97gapCp2lk6jS88jt\r\n" 53 "uNeyvwulOAtZEbcoIIvzzNxvBDOVibTJ6gZU9P9g0WyRu2RTgy+UggNwH8u8KZzM\r\n" 54 "DT8sxuoYvRcEWbOhlNQgACa7AlQSLQifo8nvEMS2i9o8WHoHu42MRDYOHYVIwWXH\r\n" 55 "h6mZzfo+zrPyv3NFlwlWqaNiTGgnGCXzlVK3p5YYqLbNVYpy0U5FBxQ7fITsqcbK\r\n" 56 "PusAAEZzPxm8Epo647M28gNkdEEM/7bqhSTJO+jfkojgyQt2ghlw+NGCmG4dJGZb\r\n" 57 "yA7Z3PBj8aqEwmRUF8SAR1bxWBGk2IYRwgStuwvusg==\r\n" 58 "-----END CERTIFICATE-----\r\n"; 59 60 static char g_caCrtFile[] = 61 "Certificate:\r\n" 62 " Data:\r\n" 63 " Version: 3 (0x2)\r\n" 64 " Serial Number: 1 (0x1)\r\n" 65 " Signature Algorithm: sha256WithRSAEncryption\r\n" 66 " Issuer: C=CN, ST=beijing, O=ahaha Inc, OU=Root CA, CN=ahaha CA\r\n" 67 " Validity\r\n" 68 " Not Before: Aug 23 07:33:55 2022 GMT\r\n" 69 " Not After : Aug 23 07:33:55 2023 GMT\r\n" 70 " Subject: C=CN, ST=beijing, O=ahaha CA Inc, OU=Root CA, CN=ahaha CA\r\n" 71 " Subject Public Key Info:\r\n" 72 " Public Key Algorithm: rsaEncryption\r\n" 73 " RSA Public-Key: (2048 bit)\r\n" 74 " Modulus:\r\n" 75 " 00:9d:df:68:f7:7b:78:0b:21:f3:6f:24:60:ef:ce:\r\n" 76 " 02:90:24:df:c4:d3:f3:e4:26:6c:c7:12:bf:28:cd:\r\n" 77 " 38:2d:3f:ab:76:11:64:ce:6b:f6:07:fd:35:1e:b9:\r\n" 78 " ec:22:72:03:4d:eb:d2:94:49:2d:82:44:6c:72:59:\r\n" 79 " 14:ab:e7:0c:72:32:3e:ad:fa:9d:52:da:24:8d:e9:\r\n" 80 " a4:10:d7:dd:34:66:df:7e:e0:0e:66:53:8b:ee:91:\r\n" 81 " 07:9a:ce:2a:85:25:09:77:3d:5f:75:1c:a1:b3:ab:\r\n" 82 " 86:3b:21:28:f8:43:aa:f0:0b:7d:4d:f9:df:85:33:\r\n" 83 " 4a:3b:ff:e4:03:59:25:62:a1:e9:da:92:63:02:93:\r\n" 84 " bd:f9:df:6e:c6:57:a7:d2:e6:7b:37:14:a9:ba:69:\r\n" 85 " 71:0c:c5:4f:66:fe:67:66:5c:8d:d7:04:4d:d7:f3:\r\n" 86 " 0b:c0:0b:7d:49:eb:68:94:28:f6:31:0f:0d:2a:03:\r\n" 87 " 70:a7:97:f9:38:90:36:d4:4b:39:4b:53:a5:2c:32:\r\n" 88 " 72:f2:41:86:32:13:3c:40:2d:3f:e8:63:d3:8c:8a:\r\n" 89 " 83:79:d3:20:f6:bc:cd:97:3e:94:91:4e:3c:74:8d:\r\n" 90 " 9a:fa:29:de:c4:a5:f7:e1:e2:06:55:e6:6c:41:0f:\r\n" 91 " 60:3b:90:de:3a:84:ef:3a:77:79:27:00:23:55:66:\r\n" 92 " ca:81\r\n" 93 " Exponent: 65537 (0x10001)\r\n" 94 " X509v3 extensions:\r\n" 95 " X509v3 Basic Constraints:\r\n" 96 " CA:TRUE\r\n" 97 " Signature Algorithm: sha256WithRSAEncryption\r\n" 98 " 61:3e:39:71:7f:b1:50:dd:71:97:cd:dc:a9:4b:72:96:0a:12:\r\n" 99 " c1:18:fd:35:b5:e0:97:1b:76:58:22:8d:cd:75:51:0f:ba:04:\r\n" 100 " 00:94:6a:46:d5:3a:c5:ac:ea:7d:9c:ec:6f:19:b6:f1:2b:06:\r\n" 101 " e9:bb:cb:49:24:34:0b:55:bd:02:19:24:19:85:bb:e4:a4:80:\r\n" 102 " f4:d6:90:82:7e:81:5c:9b:89:d4:15:ed:3a:b7:a2:37:59:40:\r\n" 103 " db:b4:18:25:90:2e:ae:82:f9:a8:0c:9d:bd:c7:8c:54:85:ed:\r\n" 104 " 07:d1:70:1d:ee:a1:92:bd:12:97:83:4d:9e:9e:b7:01:b5:56:\r\n" 105 " a5:1f:31:6e:a1:48:68:a4:4f:1c:fa:b0:38:27:47:12:eb:55:\r\n" 106 " a3:45:f7:e3:18:ba:d7:85:3c:1f:2c:1e:5e:38:75:5e:80:8a:\r\n" 107 " fd:1c:84:4f:9b:ef:85:b7:79:89:d7:43:eb:d4:fb:c5:51:5b:\r\n" 108 " 84:6f:0e:06:32:54:13:e4:a7:e2:20:2d:b8:fa:2d:09:f8:8f:\r\n" 109 " dd:01:19:39:cc:23:c0:d1:39:19:9a:f7:7c:53:63:bf:ea:be:\r\n" 110 " 04:9b:af:3e:6e:1e:77:c8:b9:0b:78:e9:0e:62:a7:51:db:1e:\r\n" 111 " c0:63:4d:4d:14:ff:ca:44:7f:15:e4:fa:98:1e:3d:58:c2:b6:\r\n" 112 " 5a:64:68:d0\r\n" 113 "-----BEGIN CERTIFICATE-----\r\n" 114 "MIIDazCCAlOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJDTjEQ\r\n" 115 "MA4GA1UECAwHYmVpamluZzEdMBsGA1UECgwUR2xvYmFsIEdvb2dsZSBDQSBJbmMx\r\n" 116 "EDAOBgNVBAsMB1Jvb3QgQ0ExHjAcBgNVBAMMFUdsb2JhbCBHb29nbGUgUm9vdCBD\r\n" 117 "QTAeFw0yMjA4MjMwNzMzNTVaFw0yMzA4MjMwNzMzNTVaMHAxCzAJBgNVBAYTAkNO\r\n" 118 "MRAwDgYDVQQIDAdiZWlqaW5nMR0wGwYDVQQKDBRHbG9iYWwgR29vZ2xlIENBIElu\r\n" 119 "YzEQMA4GA1UECwwHUm9vdCBDQTEeMBwGA1UEAwwVR2xvYmFsIEdvb2dsZSBSb290\r\n" 120 "IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd9o93t4CyHzbyRg\r\n" 121 "784CkCTfxNPz5CZsxxK/KM04LT+rdhFkzmv2B/01HrnsInIDTevSlEktgkRsclkU\r\n" 122 "q+cMcjI+rfqdUtokjemkENfdNGbffuAOZlOL7pEHms4qhSUJdz1fdRyhs6uGOyEo\r\n" 123 "+EOq8At9TfnfhTNKO//kA1klYqHp2pJjApO9+d9uxlen0uZ7NxSpumlxDMVPZv5n\r\n" 124 "ZlyN1wRN2PMLwAt9SetolCj2MQ8NKgNwp5f5OJA21Es5S1OlLDJy8kGGMhM8QC0/\r\n" 125 "6GPTjIqDedMg9rzNlz6UkU48dI2a+inexKX34eIGVeZsQQ9gO5DeOoTvOnd5JwAj\r\n" 126 "VWbKgQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBh\r\n" 127 "Pjlxf7FQ3XGXzdypS3KWChLBGP01teCXG3ZYIo3NdVEPugQAlGpG1TrFrOp9nOxv\r\n" 128 "GbbxKwbpu8tJJDQLVb0CGSQZhbvkpID01pCCfoFcm4nUFe06t6I3WUDbtBglkC6u\r\n" 129 "gvmoDJ29x4xUhe0H0XAd7qGSvRKXg02enrcBtValHzFuoUhopE8c+rA4J0cS61Wj\r\n" 130 "RffjGLrXhTwfLB5eOHVegIr9HIRPm++Ft3mJ10Pr1PvFUVuEbw4GMlQT5KfiIC24\r\n" 131 "+i0J+I/dARk5zCPA0TkZmvd8U2O/6r4Em68+bh53yLkLeOkOYqdR2x7AY01NFP/K\r\n" 132 "RH8V5PqYHj1YwrZaZGjQ\r\n" 133 "-----END CERTIFICATE-----\r\n"; 134 } // namespace 135 136 class TlsContextTest : public testing::Test { 137 public: SetUpTestCase()138 static void SetUpTestCase() {} 139 TearDownTestCase()140 static void TearDownTestCase() {} 141 SetUp()142 virtual void SetUp() {} 143 TearDown()144 virtual void TearDown() {} 145 }; 146 147 HWTEST_F(TlsContextTest, ContextTest1, TestSize.Level2) 148 { 149 TLSConfiguration configuration; 150 configuration.SetCipherSuite(CIPHER_SUITE); 151 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 152 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 153 154 EXPECT_NE(tlsContext, nullptr); 155 tlsContext->CloseCtx(); 156 } 157 158 HWTEST_F(TlsContextTest, ContextTest2, TestSize.Level2) 159 { 160 std::vector<std::string> protocol; 161 protocol.push_back(PROTOCOL13); 162 protocol.push_back(PROTOCOL12); 163 protocol.push_back(PROTOCOL11); 164 TLSConfiguration configuration; 165 std::vector<std::string> caVec = {g_caCrtFile}; 166 configuration.SetCaCertificate(caVec); 167 configuration.SetProtocol(protocol); 168 configuration.SetCipherSuite(CIPHER_SUITE); 169 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 170 configuration.SetLocalCertificate(g_clientFile); 171 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 172 EXPECT_NE(tlsContext, nullptr); 173 TLSContext::SetMinAndMaxProtocol(tlsContext.get()); 174 bool isInitTlsContext = TLSContext::InitTlsContext(tlsContext.get(), configuration); 175 EXPECT_TRUE(isInitTlsContext); 176 bool isSetCipherList = TLSContext::SetCipherList(tlsContext.get(), configuration); 177 EXPECT_TRUE(isSetCipherList); 178 bool isSetSignatureAlgorithms = TLSContext::SetSignatureAlgorithms(tlsContext.get(), configuration); 179 EXPECT_TRUE(isSetSignatureAlgorithms); 180 TLSContext::GetCiphers(tlsContext.get()); 181 TLSContext::UseRemoteCipher(tlsContext.get()); 182 bool setCaAndVerify = TLSContext::SetCaAndVerify(tlsContext.get(), configuration); 183 EXPECT_TRUE(setCaAndVerify); 184 bool setLocalCert = TLSContext::SetLocalCertificate(tlsContext.get(), configuration); 185 EXPECT_TRUE(setLocalCert); 186 bool setKeyAndCheck = TLSContext::SetKeyAndCheck(tlsContext.get(), configuration); 187 EXPECT_FALSE(setKeyAndCheck); 188 TLSContext::SetVerify(tlsContext.get()); 189 SSL *ssl = tlsContext->CreateSsl(); 190 EXPECT_NE(ssl, nullptr); 191 SSL_free(ssl); 192 ssl = nullptr; 193 tlsContext->CloseCtx(); 194 } 195 196 HWTEST_F(TlsContextTest, InitTlsContext3, TestSize.Level2) 197 { 198 TLSConfiguration configuration; 199 std::string cipherSuite = ""; 200 configuration.SetCipherSuite(cipherSuite); 201 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 202 203 EXPECT_NE(tlsContext, nullptr); 204 tlsContext->CloseCtx(); 205 } 206 207 HWTEST_F(TlsContextTest, InitTlsContext4, TestSize.Level2) 208 { 209 TLSConfiguration configuration; 210 std::string signatureAlgorithms = ""; 211 configuration.SetCipherSuite(CIPHER_SUITE); 212 configuration.SetSignatureAlgorithms(signatureAlgorithms); 213 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 214 215 EXPECT_NE(tlsContext, nullptr); 216 tlsContext->CloseCtx(); 217 } 218 219 HWTEST_F(TlsContextTest, ContextNullTest, TestSize.Level2) 220 { 221 std::vector<std::string> protocol; 222 protocol.push_back(PROTOCOL13); 223 protocol.push_back(PROTOCOL12); 224 protocol.push_back(PROTOCOL11); 225 TLSConfiguration configuration; 226 std::vector<std::string> caVec = {g_caCrtFile}; 227 configuration.SetCaCertificate(caVec); 228 configuration.SetProtocol(protocol); 229 configuration.SetCipherSuite(CIPHER_SUITE); 230 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 231 configuration.SetLocalCertificate(g_clientFile); 232 std::unique_ptr<TLSContext> tlsContext = nullptr; 233 EXPECT_EQ(tlsContext, nullptr); 234 TLSContext::SetMinAndMaxProtocol(tlsContext.get()); 235 bool isInitTlsContext = TLSContext::InitTlsContext(tlsContext.get(), configuration); 236 EXPECT_FALSE(isInitTlsContext); 237 bool isSetCipherList = TLSContext::SetCipherList(tlsContext.get(), configuration); 238 EXPECT_FALSE(isSetCipherList); 239 bool isSetSignatureAlgorithms = TLSContext::SetSignatureAlgorithms(tlsContext.get(), configuration); 240 EXPECT_FALSE(isSetSignatureAlgorithms); 241 TLSContext::GetCiphers(tlsContext.get()); 242 TLSContext::UseRemoteCipher(tlsContext.get()); 243 bool setCaAndVerify = TLSContext::SetCaAndVerify(tlsContext.get(), configuration); 244 EXPECT_FALSE(setCaAndVerify); 245 bool setLocalCert = TLSContext::SetLocalCertificate(tlsContext.get(), configuration); 246 EXPECT_FALSE(setLocalCert); 247 bool setKeyAndCheck = TLSContext::SetKeyAndCheck(tlsContext.get(), configuration); 248 EXPECT_FALSE(setKeyAndCheck); 249 TLSContext::SetVerify(tlsContext.get()); 250 } 251 252 HWTEST_F(TlsContextTest, ContextFailTest1, TestSize.Level2) 253 { 254 std::vector<std::string> protocol; 255 protocol.push_back("1.3"); 256 protocol.push_back("1.2"); 257 TLSConfiguration configuration; 258 std::vector<std::string> caVec = {g_caCrtFile}; 259 configuration.SetCaCertificate(caVec); 260 configuration.SetProtocol(protocol); 261 configuration.SetCipherSuite(CIPHER_SUITE); 262 configuration.SetSignatureAlgorithms(SIGNATURE_ALGORITHMS); 263 configuration.SetLocalCertificate("certificate"); 264 SecureData key("key"); 265 SecureData keyPass("123456"); 266 configuration.SetPrivateKey(key, keyPass); 267 std::unique_ptr<TLSContext> tlsContext = TLSContext::CreateConfiguration(configuration); 268 EXPECT_NE(tlsContext, nullptr); 269 } 270 } // namespace TlsSocket 271 } // namespace NetStack 272 } // namespace OHOS