]>
Commit | Line | Data |
---|---|---|
3dbc5156 DDO |
1 | /* |
2 | * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright Nokia 2007-2019 | |
4 | * Copyright Siemens AG 2015-2019 | |
5 | * | |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
7 | * this file except in compliance with the License. You can obtain a copy | |
8 | * in the file LICENSE in the source distribution or at | |
9 | * https://www.openssl.org/source/license.html | |
10 | */ | |
11 | ||
12 | #include "cmp_testlib.h" | |
13 | ||
14 | static const char *ir_protected_f; | |
15 | static const char *ir_unprotected_f; | |
16 | static const char *ip_PBM_f; | |
17 | ||
18 | typedef struct test_fixture { | |
19 | const char *test_case_name; | |
20 | OSSL_CMP_CTX *cmp_ctx; | |
21 | /* for protection tests */ | |
22 | OSSL_CMP_MSG *msg; | |
235595c4 | 23 | OSSL_CMP_PKISI *si; /* for error and response messages */ |
3dbc5156 DDO |
24 | ASN1_OCTET_STRING *secret; |
25 | EVP_PKEY *privkey; | |
26 | EVP_PKEY *pubkey; | |
27 | unsigned char *mem; | |
28 | int memlen; | |
29 | X509 *cert; | |
30 | STACK_OF(X509) *certs; | |
31 | STACK_OF(X509) *chain; | |
32 | int callback_arg; | |
33 | int expected; | |
34 | } CMP_PROTECT_TEST_FIXTURE; | |
35 | ||
36 | static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) | |
37 | { | |
38 | OSSL_CMP_CTX_free(fixture->cmp_ctx); | |
39 | OSSL_CMP_MSG_free(fixture->msg); | |
40 | ASN1_OCTET_STRING_free(fixture->secret); | |
41 | OSSL_CMP_PKISI_free(fixture->si); | |
42 | ||
43 | OPENSSL_free(fixture->mem); | |
44 | sk_X509_free(fixture->certs); | |
45 | sk_X509_free(fixture->chain); | |
46 | ||
47 | OPENSSL_free(fixture); | |
48 | } | |
49 | ||
50 | static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) | |
51 | { | |
52 | CMP_PROTECT_TEST_FIXTURE *fixture; | |
53 | ||
54 | if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) | |
55 | return NULL; | |
56 | fixture->test_case_name = test_case_name; | |
57 | if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())) { | |
58 | tear_down(fixture); | |
59 | return NULL; | |
60 | } | |
61 | return fixture; | |
62 | } | |
63 | ||
64 | static EVP_PKEY *loadedprivkey = NULL; | |
65 | static EVP_PKEY *loadedpubkey = NULL; | |
66 | static EVP_PKEY *loadedkey = NULL; | |
67 | static X509 *cert = NULL; | |
68 | static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; | |
69 | static OSSL_CMP_MSG *ir_unprotected, *ir_protected; | |
70 | static X509 *endentity1 = NULL, *endentity2 = NULL, | |
71 | *root = NULL, *intermediate = NULL; | |
72 | ||
73 | static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
74 | { | |
75 | ASN1_BIT_STRING *protection = | |
76 | ossl_cmp_calc_protection(fixture->msg, fixture->secret, | |
77 | fixture->privkey); | |
78 | int res = TEST_ptr_null(protection); | |
79 | ||
80 | ASN1_BIT_STRING_free(protection); | |
81 | return res; | |
82 | } | |
83 | ||
84 | static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
85 | { | |
86 | ASN1_BIT_STRING *protection = | |
87 | ossl_cmp_calc_protection(fixture->msg, fixture->secret, NULL); | |
88 | int res = TEST_ptr(protection) | |
235595c4 DDO |
89 | && TEST_true(ASN1_STRING_cmp(protection, |
90 | fixture->msg->protection) == 0); | |
3dbc5156 DDO |
91 | |
92 | ASN1_BIT_STRING_free(protection); | |
93 | return res; | |
94 | } | |
95 | ||
96 | /* | |
97 | * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, | |
98 | * but without the need for a OSSL_CMP_CTX or a X509 certificate | |
99 | */ | |
100 | static int verify_signature(OSSL_CMP_MSG *msg, | |
101 | ASN1_BIT_STRING *protection, | |
102 | EVP_PKEY *pkey, int digest_nid) | |
103 | { | |
104 | CMP_PROTECTEDPART prot_part; | |
105 | unsigned char *prot_part_der = NULL; | |
106 | int len; | |
107 | EVP_MD_CTX *ctx = NULL; | |
108 | const EVP_MD *digest = EVP_get_digestbynid(digest_nid); | |
109 | int res; | |
110 | ||
111 | prot_part.header = OSSL_CMP_MSG_get0_header(msg); | |
112 | prot_part.body = msg->body; | |
113 | res = | |
114 | TEST_int_ge(len = i2d_CMP_PROTECTEDPART(&prot_part, &prot_part_der), 0) | |
115 | && TEST_ptr(ctx = EVP_MD_CTX_new()) | |
116 | && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) | |
117 | && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, | |
118 | protection->length, | |
119 | prot_part_der, len), 1); | |
120 | /* cleanup */ | |
121 | EVP_MD_CTX_free(ctx); | |
122 | OPENSSL_free(prot_part_der); | |
123 | return res; | |
124 | } | |
125 | ||
126 | /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ | |
127 | static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * | |
128 | fixture) | |
129 | { | |
130 | ASN1_BIT_STRING *protection = | |
131 | ossl_cmp_calc_protection(fixture->msg, NULL, fixture->privkey); | |
132 | int ret = (TEST_ptr(protection) | |
133 | && TEST_true(ASN1_STRING_cmp(protection, | |
134 | fixture->msg->protection) == 0) | |
135 | && TEST_true(verify_signature(fixture->msg, protection, | |
136 | fixture->pubkey, | |
137 | fixture->cmp_ctx->digest))); | |
138 | ||
139 | ASN1_BIT_STRING_free(protection); | |
140 | return ret; | |
141 | } | |
142 | ||
143 | static int test_cmp_calc_protection_no_key_no_secret(void) | |
144 | { | |
145 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
146 | if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f)) | |
147 | || !TEST_ptr(fixture->msg->header->protectionAlg = | |
148 | X509_ALGOR_new() /* no specific alg needed here */)) { | |
149 | tear_down(fixture); | |
150 | fixture = NULL; | |
151 | } | |
152 | ||
153 | EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); | |
154 | return result; | |
155 | } | |
156 | ||
157 | static int test_cmp_calc_protection_pkey(void) | |
158 | { | |
159 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
160 | fixture->pubkey = loadedpubkey; | |
161 | fixture->privkey = loadedprivkey; | |
162 | if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) { | |
163 | tear_down(fixture); | |
164 | fixture = NULL; | |
165 | } | |
166 | EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); | |
167 | return result; | |
168 | } | |
169 | ||
170 | static int test_cmp_calc_protection_pbmac(void) | |
171 | { | |
172 | unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; | |
173 | ||
174 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
175 | if (!TEST_ptr(fixture->secret = ASN1_OCTET_STRING_new()) | |
176 | || !TEST_true(ASN1_OCTET_STRING_set | |
177 | (fixture->secret, sec_insta, sizeof(sec_insta))) | |
178 | || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) { | |
179 | tear_down(fixture); | |
180 | fixture = NULL; | |
181 | } | |
182 | EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); | |
183 | return result; | |
184 | } | |
185 | static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
186 | { | |
187 | return TEST_int_eq(fixture->expected, | |
188 | ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); | |
189 | } | |
190 | ||
191 | #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ | |
192 | OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) | |
193 | static int test_MSG_protect_unprotected_request(void) | |
194 | { | |
195 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
196 | ||
197 | fixture->expected = 1; | |
198 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) | |
199 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { | |
200 | tear_down(fixture); | |
201 | fixture = NULL; | |
202 | } | |
203 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
204 | return result; | |
205 | } | |
206 | ||
207 | static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) | |
208 | { | |
209 | const size_t size = sizeof(rand_data) / 2; | |
210 | ||
211 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
212 | fixture->expected = 1; | |
213 | ||
214 | if (!TEST_ptr(fixture->msg = | |
215 | OSSL_CMP_MSG_dup(ir_unprotected)) | |
216 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) | |
217 | /* | |
218 | * Use half of the 16 bytes of random input | |
219 | * for each reference and secret value | |
220 | */ | |
221 | || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, | |
222 | rand_data, size)) | |
223 | || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, | |
224 | rand_data + size, | |
225 | size))) { | |
226 | tear_down(fixture); | |
227 | fixture = NULL; | |
228 | } | |
229 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
230 | return result; | |
231 | } | |
232 | ||
233 | static int test_MSG_protect_with_certificate_and_key(void) | |
234 | { | |
235 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
236 | fixture->expected = 1; | |
237 | ||
238 | if (!TEST_ptr(fixture->msg = | |
239 | OSSL_CMP_MSG_dup(ir_unprotected)) | |
240 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) | |
241 | || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) | |
242 | || !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) { | |
243 | tear_down(fixture); | |
244 | fixture = NULL; | |
245 | } | |
246 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
247 | return result; | |
248 | } | |
249 | ||
250 | static int test_MSG_protect_certificate_based_without_cert(void) | |
251 | { | |
252 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
253 | OSSL_CMP_CTX *ctx = fixture->cmp_ctx; | |
254 | ||
255 | fixture->expected = 0; | |
256 | if (!TEST_ptr(fixture->msg = | |
257 | OSSL_CMP_MSG_dup(ir_unprotected)) | |
258 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) | |
259 | || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { | |
260 | tear_down(fixture); | |
261 | fixture = NULL; | |
262 | } | |
263 | EVP_PKEY_up_ref(loadedkey); | |
264 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
265 | return result; | |
266 | } | |
267 | ||
268 | static int test_MSG_protect_no_key_no_secret(void) | |
269 | { | |
270 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
271 | fixture->expected = 0; | |
272 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) | |
273 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { | |
274 | tear_down(fixture); | |
275 | fixture = NULL; | |
276 | } | |
277 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
278 | return result; | |
279 | } | |
280 | ||
281 | static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
282 | { | |
283 | return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, | |
284 | fixture->msg)); | |
285 | } | |
286 | ||
287 | static int test_MSG_add_extraCerts(void) | |
288 | { | |
289 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
290 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { | |
291 | tear_down(fixture); | |
292 | fixture = NULL; | |
293 | } | |
294 | EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); | |
295 | return result; | |
296 | } | |
297 | ||
ef071222 MC |
298 | #ifndef OPENSSL_NO_EC |
299 | /* The cert chain tests use EC certs so we skip them in no-ec builds */ | |
3dbc5156 DDO |
300 | static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) |
301 | { | |
302 | STACK_OF(X509) *result = NULL; | |
303 | int ret = 0; | |
304 | ||
305 | if (TEST_ptr(result = ossl_cmp_build_cert_chain(fixture->certs, | |
306 | fixture->cert))) { | |
307 | /* Check whether chain built is equal to the expected one */ | |
308 | ret = TEST_int_eq(0, STACK_OF_X509_cmp(result, fixture->chain)); | |
309 | sk_X509_pop_free(result, X509_free); | |
310 | } | |
311 | return ret; | |
312 | } | |
313 | ||
314 | static int test_cmp_build_cert_chain(void) | |
315 | { | |
316 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
317 | fixture->cert = endentity2; | |
318 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
319 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
320 | || !TEST_true(sk_X509_push(fixture->certs, endentity1)) | |
321 | || !TEST_true(sk_X509_push(fixture->certs, root)) | |
322 | || !TEST_true(sk_X509_push(fixture->certs, intermediate)) | |
323 | || !TEST_true(sk_X509_push(fixture->chain, endentity2)) | |
324 | || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { | |
325 | tear_down(fixture); | |
326 | fixture = NULL; | |
327 | } | |
328 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
329 | return result; | |
330 | } | |
331 | ||
332 | static int test_cmp_build_cert_chain_missing_intermediate(void) | |
333 | { | |
334 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
335 | fixture->cert = endentity2; | |
336 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
337 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
338 | || !TEST_true(sk_X509_push(fixture->certs, endentity1)) | |
339 | || !TEST_true(sk_X509_push(fixture->certs, root)) | |
340 | || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { | |
341 | tear_down(fixture); | |
342 | fixture = NULL; | |
343 | } | |
344 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
345 | return result; | |
346 | } | |
347 | ||
348 | static int test_cmp_build_cert_chain_missing_root(void) | |
349 | { | |
350 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
351 | fixture->cert = endentity2; | |
352 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
353 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
354 | || !TEST_true(sk_X509_push(fixture->certs, endentity1)) | |
355 | || !TEST_true(sk_X509_push(fixture->certs, intermediate)) | |
356 | || !TEST_true(sk_X509_push(fixture->chain, endentity2)) | |
357 | || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { | |
358 | tear_down(fixture); | |
359 | fixture = NULL; | |
360 | } | |
361 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
362 | return result; | |
363 | } | |
364 | ||
365 | static int test_cmp_build_cert_chain_no_certs(void) | |
366 | { | |
367 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
368 | fixture->cert = endentity2; | |
369 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
370 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
371 | || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { | |
372 | tear_down(fixture); | |
373 | fixture = NULL; | |
374 | } | |
375 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
376 | return result; | |
377 | } | |
ef071222 | 378 | #endif /* OPENSSL_NO_EC */ |
3dbc5156 DDO |
379 | |
380 | static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
381 | { | |
382 | X509_STORE *store = X509_STORE_new(); | |
383 | STACK_OF(X509) *sk = NULL; | |
384 | int res = 0; | |
385 | ||
386 | if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, | |
387 | fixture->certs, | |
388 | fixture->callback_arg))) | |
389 | goto err; | |
390 | sk = ossl_cmp_X509_STORE_get1_certs(store); | |
391 | if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) | |
392 | goto err; | |
393 | res = 1; | |
394 | err: | |
395 | X509_STORE_free(store); | |
396 | sk_X509_pop_free(sk, X509_free); | |
397 | return res; | |
398 | ||
399 | } | |
400 | ||
401 | static int test_X509_STORE(void) | |
402 | { | |
403 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
235595c4 | 404 | fixture->callback_arg = 0; /* self-issued allowed */ |
3dbc5156 DDO |
405 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) |
406 | || !sk_X509_push(fixture->certs, endentity1) | |
407 | || !sk_X509_push(fixture->certs, endentity2) | |
408 | || !sk_X509_push(fixture->certs, root) | |
409 | || !sk_X509_push(fixture->certs, intermediate) | |
410 | || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { | |
411 | tear_down(fixture); | |
412 | fixture = NULL; | |
413 | } | |
414 | EXECUTE_TEST(execute_X509_STORE_test, tear_down); | |
415 | return result; | |
416 | } | |
417 | ||
235595c4 | 418 | static int test_X509_STORE_only_self_issued(void) |
3dbc5156 DDO |
419 | { |
420 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
421 | fixture->certs = sk_X509_new_null(); | |
422 | fixture->chain = sk_X509_new_null(); | |
235595c4 | 423 | fixture->callback_arg = 1; /* only self-issued */ |
3dbc5156 DDO |
424 | if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) |
425 | || !TEST_true(sk_X509_push(fixture->certs, endentity2)) | |
426 | || !TEST_true(sk_X509_push(fixture->certs, root)) | |
427 | || !TEST_true(sk_X509_push(fixture->certs, intermediate)) | |
428 | || !TEST_true(sk_X509_push(fixture->chain, root))) { | |
429 | tear_down(fixture); | |
430 | fixture = NULL; | |
431 | } | |
432 | EXECUTE_TEST(execute_X509_STORE_test, tear_down); | |
433 | return result; | |
434 | } | |
435 | ||
436 | ||
437 | void cleanup_tests(void) | |
438 | { | |
439 | EVP_PKEY_free(loadedprivkey); | |
440 | EVP_PKEY_free(loadedpubkey); | |
441 | EVP_PKEY_free(loadedkey); | |
442 | X509_free(cert); | |
443 | X509_free(endentity1); | |
444 | X509_free(endentity2); | |
445 | X509_free(root); | |
446 | X509_free(intermediate); | |
447 | OSSL_CMP_MSG_free(ir_protected); | |
448 | OSSL_CMP_MSG_free(ir_unprotected); | |
449 | ||
450 | } | |
451 | ||
452 | int setup_tests(void) | |
453 | { | |
454 | char *server_f; | |
455 | char *server_key_f; | |
456 | char *server_cert_f; | |
457 | char *endentity1_f; | |
458 | char *endentity2_f; | |
459 | char *root_f; | |
460 | char *intermediate_f; | |
461 | ||
8d242823 MC |
462 | if (!test_skip_common_options()) { |
463 | TEST_error("Error parsing test options\n"); | |
464 | return 0; | |
465 | } | |
466 | ||
3dbc5156 DDO |
467 | RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); |
468 | if (!TEST_ptr(server_f = test_get_argument(0)) | |
469 | || !TEST_ptr(ir_protected_f = test_get_argument(1)) | |
470 | || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) | |
471 | || !TEST_ptr(ip_PBM_f = test_get_argument(3)) | |
472 | || !TEST_ptr(server_cert_f = test_get_argument(4)) | |
473 | || !TEST_ptr(server_key_f = test_get_argument(5)) | |
474 | || !TEST_ptr(endentity1_f = test_get_argument(6)) | |
475 | || !TEST_ptr(endentity2_f = test_get_argument(7)) | |
476 | || !TEST_ptr(root_f = test_get_argument(8)) | |
477 | || !TEST_ptr(intermediate_f = test_get_argument(9))) { | |
478 | TEST_error("usage: cmp_protect_test server.pem " | |
479 | "IR_protected.der IR_unprotected.der IP_PBM.der " | |
480 | "server.crt server.pem" | |
481 | "EndEntity1.crt EndEntity2.crt " | |
482 | "Root_CA.crt Intermediate_CA.crt\n"); | |
483 | return 0; | |
484 | } | |
485 | if (!TEST_ptr(loadedkey = load_pem_key(server_key_f)) | |
486 | || !TEST_ptr(cert = load_pem_cert(server_cert_f))) | |
487 | return 0; | |
488 | ||
489 | if (!TEST_ptr(loadedprivkey = load_pem_key(server_f))) | |
490 | return 0; | |
491 | if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) | |
492 | loadedpubkey = loadedprivkey; | |
493 | if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) | |
494 | || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) | |
495 | return 0; | |
496 | if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f)) | |
497 | || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f)) | |
498 | || !TEST_ptr(root = load_pem_cert(root_f)) | |
499 | || !TEST_ptr(intermediate = load_pem_cert(intermediate_f))) | |
500 | return 0; | |
501 | if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) | |
502 | return 0; | |
503 | ||
504 | /* Message protection tests */ | |
505 | ADD_TEST(test_cmp_calc_protection_no_key_no_secret); | |
506 | ADD_TEST(test_cmp_calc_protection_pkey); | |
507 | ADD_TEST(test_cmp_calc_protection_pbmac); | |
508 | ||
509 | ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); | |
510 | ADD_TEST(test_MSG_protect_with_certificate_and_key); | |
511 | ADD_TEST(test_MSG_protect_certificate_based_without_cert); | |
512 | ADD_TEST(test_MSG_protect_unprotected_request); | |
513 | ADD_TEST(test_MSG_protect_no_key_no_secret); | |
514 | ||
515 | ADD_TEST(test_MSG_add_extraCerts); | |
516 | ||
ef071222 | 517 | #ifndef OPENSSL_NO_EC |
3dbc5156 DDO |
518 | ADD_TEST(test_cmp_build_cert_chain); |
519 | ADD_TEST(test_cmp_build_cert_chain_missing_root); | |
520 | ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); | |
521 | ADD_TEST(test_cmp_build_cert_chain_no_certs); | |
ef071222 | 522 | #endif |
3dbc5156 DDO |
523 | |
524 | ADD_TEST(test_X509_STORE); | |
235595c4 | 525 | ADD_TEST(test_X509_STORE_only_self_issued); |
3dbc5156 DDO |
526 | |
527 | return 1; | |
528 | } |