]>
Commit | Line | Data |
---|---|---|
7e765f46 | 1 | /* |
da1c088f | 2 | * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. |
7e765f46 DDO |
3 | * Copyright Nokia 2007-2019 |
4 | * Copyright Siemens AG 2015-2019 | |
5 | * | |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
7 | * this file except in compliance with the License. You can obtain a copy | |
8 | * in the file LICENSE in the source distribution or at | |
9 | * https://www.openssl.org/source/license.html | |
10 | */ | |
11 | ||
20f8bc72 | 12 | #include "helpers/cmp_testlib.h" |
7e765f46 | 13 | |
ee56cec7 | 14 | #include "cmp_mock_srv.h" |
7e765f46 | 15 | |
7e765f46 DDO |
16 | static const char *server_key_f; |
17 | static const char *server_cert_f; | |
18 | static const char *client_key_f; | |
19 | static const char *client_cert_f; | |
20 | static const char *pkcs10_f; | |
21 | ||
22 | typedef struct test_fixture { | |
23 | const char *test_case_name; | |
24 | OSSL_CMP_CTX *cmp_ctx; | |
25 | OSSL_CMP_SRV_CTX *srv_ctx; | |
299e0f1e | 26 | int req_type; |
7e765f46 | 27 | int expected; |
7e765f46 DDO |
28 | STACK_OF(X509) *caPubs; |
29 | } CMP_SES_TEST_FIXTURE; | |
30 | ||
b4250010 | 31 | static OSSL_LIB_CTX *libctx = NULL; |
b0248cbc DDO |
32 | static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; |
33 | ||
7e765f46 DDO |
34 | static EVP_PKEY *server_key = NULL; |
35 | static X509 *server_cert = NULL; | |
36 | static EVP_PKEY *client_key = NULL; | |
37 | static X509 *client_cert = NULL; | |
38 | static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; | |
39 | ||
40 | /* | |
41 | * For these unit tests, the client abandons message protection, and for | |
42 | * error messages the mock server does so as well. | |
43 | * Message protection and verification is tested in cmp_lib_test.c | |
44 | */ | |
45 | ||
46 | static void tear_down(CMP_SES_TEST_FIXTURE *fixture) | |
47 | { | |
48 | OSSL_CMP_CTX_free(fixture->cmp_ctx); | |
49 | ossl_cmp_mock_srv_free(fixture->srv_ctx); | |
50 | sk_X509_free(fixture->caPubs); | |
51 | OPENSSL_free(fixture); | |
52 | } | |
53 | ||
54 | static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) | |
55 | { | |
56 | CMP_SES_TEST_FIXTURE *fixture; | |
57 | OSSL_CMP_CTX *srv_cmp_ctx = NULL; | |
58 | OSSL_CMP_CTX *ctx = NULL; /* for client */ | |
59 | ||
60 | if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) | |
61 | return NULL; | |
62 | fixture->test_case_name = test_case_name; | |
b0248cbc | 63 | if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(libctx, NULL)) |
7e765f46 | 64 | || !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1) |
b971d419 | 65 | || !ossl_cmp_mock_srv_set1_refCert(fixture->srv_ctx, client_cert) |
7e765f46 DDO |
66 | || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) |
67 | || (srv_cmp_ctx = | |
68 | OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL | |
63f1883d | 69 | || !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert) |
7e765f46 DDO |
70 | || !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key)) |
71 | goto err; | |
b0248cbc | 72 | if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL)) |
7e765f46 DDO |
73 | || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out) |
74 | || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform) | |
75 | || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx) | |
76 | || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1) | |
77 | || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1) | |
78 | || !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert) | |
79 | || !OSSL_CMP_CTX_set1_pkey(ctx, client_key) | |
e0f1ec3b | 80 | /* client_key is by default used also for newPkey */ |
7e765f46 DDO |
81 | || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert) |
82 | || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) | |
83 | goto err; | |
299e0f1e | 84 | fixture->req_type = -1; |
7e765f46 DDO |
85 | return fixture; |
86 | ||
87 | err: | |
88 | tear_down(fixture); | |
89 | return NULL; | |
90 | } | |
91 | ||
6ea44d07 | 92 | static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixt) |
7e765f46 | 93 | { |
6ea44d07 DDO |
94 | return TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), |
95 | OSSL_CMP_PKISTATUS_unspecified) | |
96 | && TEST_int_eq(OSSL_CMP_exec_RR_ses(fixt->cmp_ctx), | |
97 | fixt->expected == OSSL_CMP_PKISTATUS_accepted) | |
98 | && TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), fixt->expected); | |
7e765f46 DDO |
99 | } |
100 | ||
1c04866c | 101 | static int execute_exec_GENM_ses_test_single(CMP_SES_TEST_FIXTURE *fixture) |
7e765f46 | 102 | { |
6ea44d07 | 103 | OSSL_CMP_CTX *ctx = fixture->cmp_ctx; |
1c04866c DDO |
104 | ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); |
105 | OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL); | |
106 | STACK_OF(OSSL_CMP_ITAV) *itavs; | |
107 | ||
6ea44d07 DDO |
108 | OSSL_CMP_CTX_push0_genm_ITAV(ctx, itav); |
109 | itavs = OSSL_CMP_exec_GENM_ses(ctx); | |
357bfe73 | 110 | |
7e765f46 | 111 | sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); |
6ea44d07 DDO |
112 | return TEST_int_eq(OSSL_CMP_CTX_get_status(ctx), fixture->expected) |
113 | && fixture->expected == OSSL_CMP_PKISTATUS_accepted ? | |
114 | TEST_ptr(itavs) : TEST_ptr_null(itavs); | |
7e765f46 DDO |
115 | } |
116 | ||
1c04866c DDO |
117 | static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) |
118 | { | |
119 | return execute_exec_GENM_ses_test_single(fixture) | |
120 | && OSSL_CMP_CTX_reinit(fixture->cmp_ctx) | |
121 | && execute_exec_GENM_ses_test_single(fixture); | |
122 | } | |
123 | ||
7e765f46 DDO |
124 | static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture) |
125 | { | |
6ea44d07 DDO |
126 | OSSL_CMP_CTX *ctx = fixture->cmp_ctx; |
127 | X509 *res = OSSL_CMP_exec_certreq(ctx, fixture->req_type, NULL); | |
128 | int status = OSSL_CMP_CTX_get_status(ctx); | |
7e765f46 | 129 | |
6f88876d | 130 | OSSL_CMP_CTX_print_errors(ctx); |
6ea44d07 DDO |
131 | if (!TEST_int_eq(status, fixture->expected) |
132 | && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting | |
133 | && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans))) | |
134 | return 0; | |
135 | if (fixture->expected != OSSL_CMP_PKISTATUS_accepted) | |
299e0f1e | 136 | return TEST_ptr_null(res); |
7e765f46 | 137 | |
299e0f1e | 138 | if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0)) |
7e765f46 | 139 | return 0; |
7e765f46 DDO |
140 | if (fixture->caPubs != NULL) { |
141 | STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx); | |
142 | int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0); | |
143 | ||
79b2a2f2 | 144 | OSSL_STACK_OF_X509_free(caPubs); |
7e765f46 DDO |
145 | return ret; |
146 | } | |
147 | return 1; | |
148 | } | |
149 | ||
6ea44d07 | 150 | static int test_exec_RR_ses(int request_error) |
7e765f46 DDO |
151 | { |
152 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
6ea44d07 DDO |
153 | if (request_error) |
154 | OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, NULL); | |
155 | fixture->expected = request_error ? OSSL_CMP_PKISTATUS_request | |
156 | : OSSL_CMP_PKISTATUS_accepted; | |
7e765f46 DDO |
157 | EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); |
158 | return result; | |
159 | } | |
160 | ||
6ea44d07 DDO |
161 | static int test_exec_RR_ses_ok(void) |
162 | { | |
163 | return test_exec_RR_ses(0); | |
164 | } | |
165 | ||
166 | static int test_exec_RR_ses_request_error(void) | |
167 | { | |
168 | return test_exec_RR_ses(1); | |
169 | } | |
170 | ||
7e765f46 DDO |
171 | static int test_exec_RR_ses_receive_error(void) |
172 | { | |
173 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
174 | ossl_cmp_mock_srv_set_statusInfo(fixture->srv_ctx, | |
175 | OSSL_CMP_PKISTATUS_rejection, | |
176 | OSSL_CMP_CTX_FAILINFO_signerNotTrusted, | |
177 | "test string"); | |
6f88876d | 178 | ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, OSSL_CMP_PKIBODY_RR); |
6ea44d07 | 179 | fixture->expected = OSSL_CMP_PKISTATUS_rejection; |
7e765f46 DDO |
180 | EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); |
181 | return result; | |
182 | } | |
183 | ||
184 | static int test_exec_IR_ses(void) | |
185 | { | |
186 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
192bfec4 | 187 | fixture->req_type = OSSL_CMP_PKIBODY_IR; |
6ea44d07 | 188 | fixture->expected = OSSL_CMP_PKISTATUS_accepted; |
7e765f46 DDO |
189 | fixture->caPubs = sk_X509_new_null(); |
190 | sk_X509_push(fixture->caPubs, server_cert); | |
191 | sk_X509_push(fixture->caPubs, server_cert); | |
192 | ossl_cmp_mock_srv_set1_caPubsOut(fixture->srv_ctx, fixture->caPubs); | |
193 | EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); | |
194 | return result; | |
195 | } | |
196 | ||
bedffe17 | 197 | static int test_exec_REQ_ses_poll(int req_type, int check_after, |
192bfec4 RR |
198 | int poll_count, int total_timeout, |
199 | int expect) | |
7e765f46 DDO |
200 | { |
201 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
192bfec4 | 202 | fixture->req_type = req_type; |
6ea44d07 DDO |
203 | fixture->expected = expect; |
204 | ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, check_after); | |
205 | ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, poll_count); | |
206 | OSSL_CMP_CTX_set_option(fixture->cmp_ctx, | |
207 | OSSL_CMP_OPT_TOTAL_TIMEOUT, total_timeout); | |
192bfec4 | 208 | |
bedffe17 | 209 | if (req_type == OSSL_CMP_PKIBODY_IR) { |
192bfec4 RR |
210 | EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); |
211 | } else if (req_type == OSSL_CMP_PKIBODY_GENM) { | |
212 | EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); | |
192bfec4 | 213 | } |
7e765f46 DDO |
214 | return result; |
215 | } | |
216 | ||
6ea44d07 DDO |
217 | static int checkAfter = 1; |
218 | static int test_exec_IR_ses_poll_ok(void) | |
7e765f46 | 219 | { |
bedffe17 | 220 | return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter, 2, 0, |
192bfec4 | 221 | OSSL_CMP_PKISTATUS_accepted); |
6ea44d07 | 222 | } |
7e765f46 | 223 | |
6ea44d07 DDO |
224 | static int test_exec_IR_ses_poll_no_timeout(void) |
225 | { | |
bedffe17 | 226 | return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter, |
192bfec4 RR |
227 | 2 /* pollCount */, checkAfter + 4, |
228 | OSSL_CMP_PKISTATUS_accepted); | |
7e765f46 DDO |
229 | } |
230 | ||
6ea44d07 | 231 | static int test_exec_IR_ses_poll_total_timeout(void) |
7e765f46 | 232 | { |
bedffe17 | 233 | return !test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1, |
192bfec4 RR |
234 | 3 /* pollCount */, checkAfter + 6, |
235 | OSSL_CMP_PKISTATUS_waiting); | |
7e765f46 DDO |
236 | } |
237 | ||
6f88876d | 238 | static int test_exec_CR_ses(int implicit_confirm, int granted, int reject) |
7e765f46 DDO |
239 | { |
240 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
192bfec4 | 241 | fixture->req_type = OSSL_CMP_PKIBODY_CR; |
7e765f46 | 242 | OSSL_CMP_CTX_set_option(fixture->cmp_ctx, |
6ea44d07 DDO |
243 | OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm); |
244 | OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted); | |
6f88876d DDO |
245 | ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, |
246 | reject ? OSSL_CMP_PKIBODY_CERTCONF : -1); | |
247 | fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection | |
248 | : OSSL_CMP_PKISTATUS_accepted; | |
7e765f46 DDO |
249 | EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); |
250 | return result; | |
251 | } | |
252 | ||
6ea44d07 DDO |
253 | static int test_exec_CR_ses_explicit_confirm(void) |
254 | { | |
6f88876d DDO |
255 | return test_exec_CR_ses(0, 0, 0) |
256 | && test_exec_CR_ses(0, 0, 1 /* reject */); | |
6ea44d07 DDO |
257 | } |
258 | ||
259 | static int test_exec_CR_ses_implicit_confirm(void) | |
260 | { | |
6f88876d DDO |
261 | return test_exec_CR_ses(1, 0, 0) |
262 | && test_exec_CR_ses(1, 1 /* granted */, 0); | |
6ea44d07 DDO |
263 | } |
264 | ||
e0f1ec3b | 265 | static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified) |
7e765f46 DDO |
266 | { |
267 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
192bfec4 | 268 | fixture->req_type = OSSL_CMP_PKIBODY_KUR; |
e0f1ec3b DDO |
269 | /* ctx->oldCert has already been set */ |
270 | ||
6ea44d07 DDO |
271 | if (transfer_error) |
272 | OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); | |
e0f1ec3b DDO |
273 | if (pubkey) { |
274 | EVP_PKEY *key = raverified /* wrong key */ ? server_key : client_key; | |
275 | ||
276 | EVP_PKEY_up_ref(key); | |
277 | OSSL_CMP_CTX_set0_newPkey(fixture->cmp_ctx, 0 /* not priv */, key); | |
278 | OSSL_CMP_SRV_CTX_set_accept_raverified(fixture->srv_ctx, 1); | |
279 | } | |
280 | if (pubkey || raverified) | |
281 | OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_POPO_METHOD, | |
282 | OSSL_CRMF_POPO_RAVERIFIED); | |
283 | fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : | |
284 | raverified ? OSSL_CMP_PKISTATUS_rejection : OSSL_CMP_PKISTATUS_accepted; | |
7e765f46 DDO |
285 | EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); |
286 | return result; | |
287 | } | |
288 | ||
6ea44d07 DDO |
289 | static int test_exec_KUR_ses_ok(void) |
290 | { | |
e0f1ec3b | 291 | return test_exec_KUR_ses(0, 0, 0); |
6ea44d07 DDO |
292 | } |
293 | ||
294 | static int test_exec_KUR_ses_transfer_error(void) | |
295 | { | |
e0f1ec3b DDO |
296 | return test_exec_KUR_ses(1, 0, 0); |
297 | } | |
298 | ||
299 | static int test_exec_KUR_ses_wrong_popo(void) | |
300 | { | |
301 | #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* cf ossl_cmp_verify_popo() */ | |
302 | return test_exec_KUR_ses(0, 0, 1); | |
303 | #else | |
304 | return 1; | |
305 | #endif | |
306 | } | |
307 | ||
308 | static int test_exec_KUR_ses_pub(void) | |
309 | { | |
310 | return test_exec_KUR_ses(0, 1, 0); | |
311 | } | |
312 | ||
313 | static int test_exec_KUR_ses_wrong_pub(void) | |
314 | { | |
315 | return test_exec_KUR_ses(0, 1, 1); | |
6ea44d07 DDO |
316 | } |
317 | ||
6f88876d DDO |
318 | static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, |
319 | const char **txt) | |
320 | { | |
321 | int *reject = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); | |
322 | ||
323 | if (*reject) { | |
324 | *txt = "not to my taste"; | |
325 | fail_info = OSSL_CMP_PKIFAILUREINFO_badCertTemplate; | |
326 | } | |
327 | return fail_info; | |
328 | } | |
329 | ||
330 | static int test_exec_P10CR_ses(int reject) | |
7e765f46 | 331 | { |
6f88876d DDO |
332 | OSSL_CMP_CTX *ctx; |
333 | X509_REQ *csr = NULL; | |
7e765f46 DDO |
334 | |
335 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
192bfec4 | 336 | fixture->req_type = OSSL_CMP_PKIBODY_P10CR; |
6f88876d DDO |
337 | fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection |
338 | : OSSL_CMP_PKISTATUS_accepted; | |
339 | ctx = fixture->cmp_ctx; | |
340 | if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx)) | |
341 | || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) | |
342 | || !TEST_true(OSSL_CMP_CTX_set_certConf_cb(ctx, test_certConf_cb)) | |
343 | || !TEST_true(OSSL_CMP_CTX_set_certConf_cb_arg(ctx, &reject))) { | |
7e765f46 DDO |
344 | tear_down(fixture); |
345 | fixture = NULL; | |
346 | } | |
6f88876d | 347 | X509_REQ_free(csr); |
7e765f46 DDO |
348 | EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); |
349 | return result; | |
350 | } | |
351 | ||
6f88876d DDO |
352 | static int test_exec_P10CR_ses_ok(void) |
353 | { | |
354 | return test_exec_P10CR_ses(0); | |
355 | } | |
356 | ||
357 | static int test_exec_P10CR_ses_reject(void) | |
358 | { | |
359 | return test_exec_P10CR_ses(1); | |
360 | } | |
361 | ||
7e765f46 DDO |
362 | static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture) |
363 | { | |
364 | OSSL_CMP_CTX *ctx = fixture->cmp_ctx; | |
365 | int check_after; | |
192bfec4 RR |
366 | const int CHECK_AFTER = 0; |
367 | const int TYPE = OSSL_CMP_PKIBODY_KUR; | |
7e765f46 DDO |
368 | |
369 | ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); | |
370 | ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); | |
299e0f1e | 371 | return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) |
7e765f46 DDO |
372 | && check_after == CHECK_AFTER |
373 | && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) | |
299e0f1e | 374 | && TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) |
7e765f46 DDO |
375 | && check_after == CHECK_AFTER |
376 | && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) | |
299e0f1e DDO |
377 | && TEST_int_eq(fixture->expected, |
378 | OSSL_CMP_try_certreq(ctx, TYPE, NULL, NULL)) | |
430efff1 DDO |
379 | && TEST_int_eq(0, |
380 | X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); | |
7e765f46 DDO |
381 | } |
382 | ||
383 | static int test_try_certreq_poll(void) | |
384 | { | |
385 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
386 | fixture->expected = 1; | |
387 | EXECUTE_TEST(execute_try_certreq_poll_test, tear_down); | |
388 | return result; | |
389 | } | |
390 | ||
391 | static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture) | |
392 | { | |
393 | OSSL_CMP_CTX *ctx = fixture->cmp_ctx; | |
394 | int check_after; | |
6f88876d | 395 | const int CHECK_AFTER = 99; |
192bfec4 | 396 | const int TYPE = OSSL_CMP_PKIBODY_CR; |
7e765f46 DDO |
397 | |
398 | ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); | |
399 | ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); | |
299e0f1e | 400 | return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) |
7e765f46 DDO |
401 | && check_after == CHECK_AFTER |
402 | && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) | |
299e0f1e | 403 | && TEST_int_eq(fixture->expected, |
6f88876d | 404 | OSSL_CMP_try_certreq(ctx, -1 /* abort */, NULL, NULL)) |
7e765f46 DDO |
405 | && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL); |
406 | } | |
407 | ||
408 | static int test_try_certreq_poll_abort(void) | |
409 | { | |
410 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
411 | fixture->expected = 1; | |
412 | EXECUTE_TEST(execute_try_certreq_poll_abort_test, tear_down); | |
413 | return result; | |
414 | } | |
415 | ||
192bfec4 RR |
416 | static int test_exec_GENM_ses_poll_ok(void) |
417 | { | |
bedffe17 | 418 | return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter, 2, 0, |
192bfec4 RR |
419 | OSSL_CMP_PKISTATUS_accepted); |
420 | } | |
421 | ||
422 | static int test_exec_GENM_ses_poll_no_timeout(void) | |
423 | { | |
bedffe17 | 424 | return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter, |
192bfec4 RR |
425 | 1 /* pollCount */, checkAfter + 1, |
426 | OSSL_CMP_PKISTATUS_accepted); | |
427 | } | |
428 | ||
429 | static int test_exec_GENM_ses_poll_total_timeout(void) | |
430 | { | |
bedffe17 | 431 | return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter + 1, |
192bfec4 RR |
432 | 3 /* pollCount */, checkAfter + 2, |
433 | OSSL_CMP_PKISTATUS_waiting); | |
434 | } | |
435 | ||
b908ec0f | 436 | static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect) |
7e765f46 DDO |
437 | { |
438 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
6ea44d07 DDO |
439 | if (transfer_error) |
440 | OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); | |
b908ec0f DDO |
441 | /* |
442 | * cannot use OSSL_CMP_CTX_set_option(... OSSL_CMP_OPT_TOTAL_TIMEOUT) | |
443 | * here because this will correct total_timeout to be >= 0 | |
444 | */ | |
445 | fixture->cmp_ctx->total_timeout = total_timeout; | |
446 | fixture->expected = expect; | |
7e765f46 DDO |
447 | EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); |
448 | return result; | |
449 | } | |
450 | ||
6ea44d07 DDO |
451 | static int test_exec_GENM_ses_ok(void) |
452 | { | |
b908ec0f DDO |
453 | return test_exec_GENM_ses(0, 0, OSSL_CMP_PKISTATUS_accepted); |
454 | } | |
455 | ||
456 | static int test_exec_GENM_ses_transfer_error(void) | |
457 | { | |
458 | return test_exec_GENM_ses(1, 0, OSSL_CMP_PKISTATUS_trans); | |
6ea44d07 DDO |
459 | } |
460 | ||
b908ec0f | 461 | static int test_exec_GENM_ses_total_timeout(void) |
6ea44d07 | 462 | { |
b908ec0f | 463 | return test_exec_GENM_ses(0, -1, OSSL_CMP_PKISTATUS_trans); |
6ea44d07 DDO |
464 | } |
465 | ||
7e765f46 DDO |
466 | static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) |
467 | { | |
468 | int res = | |
25b18e62 | 469 | ossl_cmp_exchange_certConf(fixture->cmp_ctx, OSSL_CMP_CERTREQID, |
7e765f46 DDO |
470 | OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable, |
471 | "abcdefg"); | |
357bfe73 | 472 | |
7e765f46 DDO |
473 | return TEST_int_eq(fixture->expected, res); |
474 | } | |
475 | ||
476 | static int execute_exchange_error_test(CMP_SES_TEST_FIXTURE *fixture) | |
477 | { | |
478 | int res = | |
479 | ossl_cmp_exchange_error(fixture->cmp_ctx, | |
480 | OSSL_CMP_PKISTATUS_rejection, | |
481 | 1 << OSSL_CMP_PKIFAILUREINFO_unsupportedVersion, | |
482 | "foo_status", 999, "foo_details"); | |
483 | ||
484 | return TEST_int_eq(fixture->expected, res); | |
485 | } | |
486 | ||
487 | static int test_exchange_certConf(void) | |
488 | { | |
489 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
490 | fixture->expected = 0; /* client should not send certConf immediately */ | |
491 | if (!ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, X509_dup(client_cert))) { | |
492 | tear_down(fixture); | |
493 | fixture = NULL; | |
494 | } | |
495 | EXECUTE_TEST(execute_exchange_certConf_test, tear_down); | |
496 | return result; | |
497 | } | |
498 | ||
499 | static int test_exchange_error(void) | |
500 | { | |
501 | SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); | |
502 | fixture->expected = 1; /* client may send error any time */ | |
503 | EXECUTE_TEST(execute_exchange_error_test, tear_down); | |
504 | return result; | |
505 | } | |
506 | ||
507 | void cleanup_tests(void) | |
508 | { | |
509 | X509_free(server_cert); | |
510 | EVP_PKEY_free(server_key); | |
511 | X509_free(client_cert); | |
512 | EVP_PKEY_free(client_key); | |
8835940d DC |
513 | OSSL_PROVIDER_unload(default_null_provider); |
514 | OSSL_PROVIDER_unload(provider); | |
b4250010 | 515 | OSSL_LIB_CTX_free(libctx); |
7e765f46 DDO |
516 | return; |
517 | } | |
518 | ||
574246ae | 519 | #define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" |
b0248cbc DDO |
520 | OPT_TEST_DECLARE_USAGE(USAGE) |
521 | ||
7e765f46 DDO |
522 | int setup_tests(void) |
523 | { | |
524 | if (!test_skip_common_options()) { | |
525 | TEST_error("Error parsing test options\n"); | |
526 | return 0; | |
527 | } | |
528 | ||
529 | if (!TEST_ptr(server_key_f = test_get_argument(0)) | |
530 | || !TEST_ptr(server_cert_f = test_get_argument(1)) | |
531 | || !TEST_ptr(client_key_f = test_get_argument(2)) | |
532 | || !TEST_ptr(client_cert_f = test_get_argument(3)) | |
533 | || !TEST_ptr(pkcs10_f = test_get_argument(4))) { | |
b0248cbc | 534 | TEST_error("usage: cmp_client_test %s", USAGE); |
7e765f46 DDO |
535 | return 0; |
536 | } | |
537 | ||
bca7ad6e | 538 | if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 5, USAGE)) |
b0248cbc DDO |
539 | return 0; |
540 | ||
0b7368dd DDO |
541 | if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) |
542 | || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)) | |
543 | || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx)) | |
544 | || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx)) | |
23e97567 | 545 | || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { |
7e765f46 DDO |
546 | cleanup_tests(); |
547 | return 0; | |
548 | } | |
549 | ||
6ea44d07 DDO |
550 | ADD_TEST(test_exec_RR_ses_ok); |
551 | ADD_TEST(test_exec_RR_ses_request_error); | |
7e765f46 | 552 | ADD_TEST(test_exec_RR_ses_receive_error); |
6ea44d07 | 553 | ADD_TEST(test_exec_CR_ses_explicit_confirm); |
7e765f46 DDO |
554 | ADD_TEST(test_exec_CR_ses_implicit_confirm); |
555 | ADD_TEST(test_exec_IR_ses); | |
6ea44d07 DDO |
556 | ADD_TEST(test_exec_IR_ses_poll_ok); |
557 | ADD_TEST(test_exec_IR_ses_poll_no_timeout); | |
558 | ADD_TEST(test_exec_IR_ses_poll_total_timeout); | |
559 | ADD_TEST(test_exec_KUR_ses_ok); | |
560 | ADD_TEST(test_exec_KUR_ses_transfer_error); | |
e0f1ec3b DDO |
561 | ADD_TEST(test_exec_KUR_ses_wrong_popo); |
562 | ADD_TEST(test_exec_KUR_ses_pub); | |
563 | ADD_TEST(test_exec_KUR_ses_wrong_pub); | |
6f88876d DDO |
564 | ADD_TEST(test_exec_P10CR_ses_ok); |
565 | ADD_TEST(test_exec_P10CR_ses_reject); | |
7e765f46 DDO |
566 | ADD_TEST(test_try_certreq_poll); |
567 | ADD_TEST(test_try_certreq_poll_abort); | |
6ea44d07 | 568 | ADD_TEST(test_exec_GENM_ses_ok); |
b908ec0f DDO |
569 | ADD_TEST(test_exec_GENM_ses_transfer_error); |
570 | ADD_TEST(test_exec_GENM_ses_total_timeout); | |
192bfec4 RR |
571 | ADD_TEST(test_exec_GENM_ses_poll_ok); |
572 | ADD_TEST(test_exec_GENM_ses_poll_no_timeout); | |
573 | ADD_TEST(test_exec_GENM_ses_poll_total_timeout); | |
7e765f46 DDO |
574 | ADD_TEST(test_exchange_certConf); |
575 | ADD_TEST(test_exchange_error); | |
576 | return 1; | |
577 | } |