]>
Commit | Line | Data |
---|---|---|
3dbc5156 | 1 | /* |
33388b44 | 2 | * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. |
3dbc5156 DDO |
3 | * Copyright Nokia 2007-2019 |
4 | * Copyright Siemens AG 2015-2019 | |
5 | * | |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
7 | * this file except in compliance with the License. You can obtain a copy | |
8 | * in the file LICENSE in the source distribution or at | |
9 | * https://www.openssl.org/source/license.html | |
10 | */ | |
11 | ||
12 | #include "cmp_testlib.h" | |
13 | ||
852c2ed2 RS |
14 | DEFINE_STACK_OF(X509) |
15 | ||
3dbc5156 DDO |
16 | static const char *ir_protected_f; |
17 | static const char *ir_unprotected_f; | |
18 | static const char *ip_PBM_f; | |
19 | ||
20 | typedef struct test_fixture { | |
21 | const char *test_case_name; | |
22 | OSSL_CMP_CTX *cmp_ctx; | |
23 | /* for protection tests */ | |
24 | OSSL_CMP_MSG *msg; | |
235595c4 | 25 | OSSL_CMP_PKISI *si; /* for error and response messages */ |
3dbc5156 DDO |
26 | ASN1_OCTET_STRING *secret; |
27 | EVP_PKEY *privkey; | |
28 | EVP_PKEY *pubkey; | |
29 | unsigned char *mem; | |
30 | int memlen; | |
31 | X509 *cert; | |
32 | STACK_OF(X509) *certs; | |
33 | STACK_OF(X509) *chain; | |
34 | int callback_arg; | |
35 | int expected; | |
36 | } CMP_PROTECT_TEST_FIXTURE; | |
37 | ||
38 | static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) | |
39 | { | |
40 | OSSL_CMP_CTX_free(fixture->cmp_ctx); | |
41 | OSSL_CMP_MSG_free(fixture->msg); | |
42 | ASN1_OCTET_STRING_free(fixture->secret); | |
43 | OSSL_CMP_PKISI_free(fixture->si); | |
44 | ||
45 | OPENSSL_free(fixture->mem); | |
46 | sk_X509_free(fixture->certs); | |
47 | sk_X509_free(fixture->chain); | |
48 | ||
49 | OPENSSL_free(fixture); | |
50 | } | |
51 | ||
52 | static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) | |
53 | { | |
54 | CMP_PROTECT_TEST_FIXTURE *fixture; | |
55 | ||
56 | if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) | |
57 | return NULL; | |
58 | fixture->test_case_name = test_case_name; | |
59 | if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())) { | |
60 | tear_down(fixture); | |
61 | return NULL; | |
62 | } | |
63 | return fixture; | |
64 | } | |
65 | ||
66 | static EVP_PKEY *loadedprivkey = NULL; | |
67 | static EVP_PKEY *loadedpubkey = NULL; | |
68 | static EVP_PKEY *loadedkey = NULL; | |
69 | static X509 *cert = NULL; | |
70 | static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; | |
71 | static OSSL_CMP_MSG *ir_unprotected, *ir_protected; | |
72 | static X509 *endentity1 = NULL, *endentity2 = NULL, | |
73 | *root = NULL, *intermediate = NULL; | |
74 | ||
75 | static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
76 | { | |
77 | ASN1_BIT_STRING *protection = | |
78 | ossl_cmp_calc_protection(fixture->msg, fixture->secret, | |
79 | fixture->privkey); | |
80 | int res = TEST_ptr_null(protection); | |
81 | ||
82 | ASN1_BIT_STRING_free(protection); | |
83 | return res; | |
84 | } | |
85 | ||
86 | static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
87 | { | |
88 | ASN1_BIT_STRING *protection = | |
89 | ossl_cmp_calc_protection(fixture->msg, fixture->secret, NULL); | |
90 | int res = TEST_ptr(protection) | |
235595c4 DDO |
91 | && TEST_true(ASN1_STRING_cmp(protection, |
92 | fixture->msg->protection) == 0); | |
3dbc5156 DDO |
93 | |
94 | ASN1_BIT_STRING_free(protection); | |
95 | return res; | |
96 | } | |
97 | ||
98 | /* | |
99 | * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, | |
100 | * but without the need for a OSSL_CMP_CTX or a X509 certificate | |
101 | */ | |
102 | static int verify_signature(OSSL_CMP_MSG *msg, | |
103 | ASN1_BIT_STRING *protection, | |
104 | EVP_PKEY *pkey, int digest_nid) | |
105 | { | |
642f60d8 | 106 | OSSL_CMP_PROTECTEDPART prot_part; |
3dbc5156 DDO |
107 | unsigned char *prot_part_der = NULL; |
108 | int len; | |
109 | EVP_MD_CTX *ctx = NULL; | |
110 | const EVP_MD *digest = EVP_get_digestbynid(digest_nid); | |
111 | int res; | |
112 | ||
113 | prot_part.header = OSSL_CMP_MSG_get0_header(msg); | |
114 | prot_part.body = msg->body; | |
642f60d8 | 115 | len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); |
3dbc5156 | 116 | res = |
642f60d8 | 117 | TEST_int_ge(len, 0) |
3dbc5156 DDO |
118 | && TEST_ptr(ctx = EVP_MD_CTX_new()) |
119 | && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) | |
120 | && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, | |
121 | protection->length, | |
122 | prot_part_der, len), 1); | |
123 | /* cleanup */ | |
124 | EVP_MD_CTX_free(ctx); | |
125 | OPENSSL_free(prot_part_der); | |
126 | return res; | |
127 | } | |
128 | ||
129 | /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ | |
130 | static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * | |
131 | fixture) | |
132 | { | |
133 | ASN1_BIT_STRING *protection = | |
134 | ossl_cmp_calc_protection(fixture->msg, NULL, fixture->privkey); | |
135 | int ret = (TEST_ptr(protection) | |
136 | && TEST_true(ASN1_STRING_cmp(protection, | |
137 | fixture->msg->protection) == 0) | |
138 | && TEST_true(verify_signature(fixture->msg, protection, | |
139 | fixture->pubkey, | |
140 | fixture->cmp_ctx->digest))); | |
141 | ||
142 | ASN1_BIT_STRING_free(protection); | |
143 | return ret; | |
144 | } | |
145 | ||
146 | static int test_cmp_calc_protection_no_key_no_secret(void) | |
147 | { | |
148 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
149 | if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f)) | |
150 | || !TEST_ptr(fixture->msg->header->protectionAlg = | |
151 | X509_ALGOR_new() /* no specific alg needed here */)) { | |
152 | tear_down(fixture); | |
153 | fixture = NULL; | |
154 | } | |
155 | ||
156 | EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); | |
157 | return result; | |
158 | } | |
159 | ||
160 | static int test_cmp_calc_protection_pkey(void) | |
161 | { | |
162 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
163 | fixture->pubkey = loadedpubkey; | |
164 | fixture->privkey = loadedprivkey; | |
165 | if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) { | |
166 | tear_down(fixture); | |
167 | fixture = NULL; | |
168 | } | |
169 | EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); | |
170 | return result; | |
171 | } | |
172 | ||
173 | static int test_cmp_calc_protection_pbmac(void) | |
174 | { | |
175 | unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; | |
176 | ||
177 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
178 | if (!TEST_ptr(fixture->secret = ASN1_OCTET_STRING_new()) | |
179 | || !TEST_true(ASN1_OCTET_STRING_set | |
180 | (fixture->secret, sec_insta, sizeof(sec_insta))) | |
181 | || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) { | |
182 | tear_down(fixture); | |
183 | fixture = NULL; | |
184 | } | |
185 | EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); | |
186 | return result; | |
187 | } | |
188 | static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
189 | { | |
190 | return TEST_int_eq(fixture->expected, | |
191 | ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); | |
192 | } | |
193 | ||
194 | #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ | |
195 | OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) | |
196 | static int test_MSG_protect_unprotected_request(void) | |
197 | { | |
198 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
199 | ||
200 | fixture->expected = 1; | |
201 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) | |
202 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { | |
203 | tear_down(fixture); | |
204 | fixture = NULL; | |
205 | } | |
206 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
207 | return result; | |
208 | } | |
209 | ||
210 | static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) | |
211 | { | |
212 | const size_t size = sizeof(rand_data) / 2; | |
213 | ||
214 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
215 | fixture->expected = 1; | |
216 | ||
217 | if (!TEST_ptr(fixture->msg = | |
218 | OSSL_CMP_MSG_dup(ir_unprotected)) | |
219 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) | |
220 | /* | |
221 | * Use half of the 16 bytes of random input | |
222 | * for each reference and secret value | |
223 | */ | |
224 | || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, | |
225 | rand_data, size)) | |
226 | || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, | |
227 | rand_data + size, | |
228 | size))) { | |
229 | tear_down(fixture); | |
230 | fixture = NULL; | |
231 | } | |
232 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
233 | return result; | |
234 | } | |
235 | ||
236 | static int test_MSG_protect_with_certificate_and_key(void) | |
237 | { | |
238 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
239 | fixture->expected = 1; | |
240 | ||
241 | if (!TEST_ptr(fixture->msg = | |
242 | OSSL_CMP_MSG_dup(ir_unprotected)) | |
243 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) | |
244 | || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) | |
245 | || !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) { | |
246 | tear_down(fixture); | |
247 | fixture = NULL; | |
248 | } | |
249 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
250 | return result; | |
251 | } | |
252 | ||
253 | static int test_MSG_protect_certificate_based_without_cert(void) | |
254 | { | |
255 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
256 | OSSL_CMP_CTX *ctx = fixture->cmp_ctx; | |
257 | ||
258 | fixture->expected = 0; | |
259 | if (!TEST_ptr(fixture->msg = | |
260 | OSSL_CMP_MSG_dup(ir_unprotected)) | |
261 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) | |
262 | || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { | |
263 | tear_down(fixture); | |
264 | fixture = NULL; | |
265 | } | |
266 | EVP_PKEY_up_ref(loadedkey); | |
267 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
268 | return result; | |
269 | } | |
270 | ||
271 | static int test_MSG_protect_no_key_no_secret(void) | |
272 | { | |
273 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
274 | fixture->expected = 0; | |
275 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) | |
276 | || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { | |
277 | tear_down(fixture); | |
278 | fixture = NULL; | |
279 | } | |
280 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
281 | return result; | |
282 | } | |
283 | ||
cfca56df DDO |
284 | static int test_MSG_protect_pbmac_no_sender(int with_ref) |
285 | { | |
286 | static unsigned char secret[] = { 47, 11, 8, 15 }; | |
287 | static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; | |
288 | ||
289 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
290 | fixture->expected = with_ref; | |
291 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) | |
292 | || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) | |
293 | || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) | |
294 | || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, | |
295 | secret, sizeof(secret)) | |
296 | || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, | |
297 | with_ref ? ref : NULL, | |
298 | sizeof(ref)))) { | |
299 | tear_down(fixture); | |
300 | fixture = NULL; | |
301 | } | |
302 | EXECUTE_TEST(execute_MSG_protect_test, tear_down); | |
303 | return result; | |
304 | } | |
305 | ||
306 | static int test_MSG_protect_pbmac_no_sender_with_ref(void) | |
307 | { | |
308 | return test_MSG_protect_pbmac_no_sender(1); | |
309 | } | |
310 | ||
311 | static int test_MSG_protect_pbmac_no_sender_no_ref(void) | |
312 | { | |
313 | return test_MSG_protect_pbmac_no_sender(0); | |
314 | } | |
315 | ||
3dbc5156 DDO |
316 | static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) |
317 | { | |
318 | return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, | |
319 | fixture->msg)); | |
320 | } | |
321 | ||
322 | static int test_MSG_add_extraCerts(void) | |
323 | { | |
324 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
325 | if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { | |
326 | tear_down(fixture); | |
327 | fixture = NULL; | |
328 | } | |
329 | EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); | |
330 | return result; | |
331 | } | |
332 | ||
ef071222 MC |
333 | #ifndef OPENSSL_NO_EC |
334 | /* The cert chain tests use EC certs so we skip them in no-ec builds */ | |
3dbc5156 DDO |
335 | static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) |
336 | { | |
337 | STACK_OF(X509) *result = NULL; | |
338 | int ret = 0; | |
339 | ||
340 | if (TEST_ptr(result = ossl_cmp_build_cert_chain(fixture->certs, | |
341 | fixture->cert))) { | |
342 | /* Check whether chain built is equal to the expected one */ | |
343 | ret = TEST_int_eq(0, STACK_OF_X509_cmp(result, fixture->chain)); | |
344 | sk_X509_pop_free(result, X509_free); | |
345 | } | |
346 | return ret; | |
347 | } | |
348 | ||
349 | static int test_cmp_build_cert_chain(void) | |
350 | { | |
351 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
352 | fixture->cert = endentity2; | |
353 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
354 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
355 | || !TEST_true(sk_X509_push(fixture->certs, endentity1)) | |
356 | || !TEST_true(sk_X509_push(fixture->certs, root)) | |
357 | || !TEST_true(sk_X509_push(fixture->certs, intermediate)) | |
358 | || !TEST_true(sk_X509_push(fixture->chain, endentity2)) | |
359 | || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { | |
360 | tear_down(fixture); | |
361 | fixture = NULL; | |
362 | } | |
363 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
364 | return result; | |
365 | } | |
366 | ||
367 | static int test_cmp_build_cert_chain_missing_intermediate(void) | |
368 | { | |
369 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
370 | fixture->cert = endentity2; | |
371 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
372 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
373 | || !TEST_true(sk_X509_push(fixture->certs, endentity1)) | |
374 | || !TEST_true(sk_X509_push(fixture->certs, root)) | |
375 | || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { | |
376 | tear_down(fixture); | |
377 | fixture = NULL; | |
378 | } | |
379 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
380 | return result; | |
381 | } | |
382 | ||
383 | static int test_cmp_build_cert_chain_missing_root(void) | |
384 | { | |
385 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
386 | fixture->cert = endentity2; | |
387 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
388 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
389 | || !TEST_true(sk_X509_push(fixture->certs, endentity1)) | |
390 | || !TEST_true(sk_X509_push(fixture->certs, intermediate)) | |
391 | || !TEST_true(sk_X509_push(fixture->chain, endentity2)) | |
392 | || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { | |
393 | tear_down(fixture); | |
394 | fixture = NULL; | |
395 | } | |
396 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
397 | return result; | |
398 | } | |
399 | ||
400 | static int test_cmp_build_cert_chain_no_certs(void) | |
401 | { | |
402 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
403 | fixture->cert = endentity2; | |
404 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) | |
405 | || !TEST_ptr(fixture->chain = sk_X509_new_null()) | |
406 | || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { | |
407 | tear_down(fixture); | |
408 | fixture = NULL; | |
409 | } | |
410 | EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); | |
411 | return result; | |
412 | } | |
ef071222 | 413 | #endif /* OPENSSL_NO_EC */ |
3dbc5156 DDO |
414 | |
415 | static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) | |
416 | { | |
417 | X509_STORE *store = X509_STORE_new(); | |
418 | STACK_OF(X509) *sk = NULL; | |
419 | int res = 0; | |
420 | ||
421 | if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, | |
422 | fixture->certs, | |
423 | fixture->callback_arg))) | |
424 | goto err; | |
31b28ad9 | 425 | sk = X509_STORE_get1_all_certs(store); |
3dbc5156 DDO |
426 | if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) |
427 | goto err; | |
428 | res = 1; | |
429 | err: | |
430 | X509_STORE_free(store); | |
431 | sk_X509_pop_free(sk, X509_free); | |
432 | return res; | |
433 | ||
434 | } | |
435 | ||
436 | static int test_X509_STORE(void) | |
437 | { | |
438 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
235595c4 | 439 | fixture->callback_arg = 0; /* self-issued allowed */ |
3dbc5156 DDO |
440 | if (!TEST_ptr(fixture->certs = sk_X509_new_null()) |
441 | || !sk_X509_push(fixture->certs, endentity1) | |
442 | || !sk_X509_push(fixture->certs, endentity2) | |
443 | || !sk_X509_push(fixture->certs, root) | |
444 | || !sk_X509_push(fixture->certs, intermediate) | |
445 | || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { | |
446 | tear_down(fixture); | |
447 | fixture = NULL; | |
448 | } | |
449 | EXECUTE_TEST(execute_X509_STORE_test, tear_down); | |
450 | return result; | |
451 | } | |
452 | ||
235595c4 | 453 | static int test_X509_STORE_only_self_issued(void) |
3dbc5156 DDO |
454 | { |
455 | SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); | |
456 | fixture->certs = sk_X509_new_null(); | |
457 | fixture->chain = sk_X509_new_null(); | |
235595c4 | 458 | fixture->callback_arg = 1; /* only self-issued */ |
3dbc5156 DDO |
459 | if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) |
460 | || !TEST_true(sk_X509_push(fixture->certs, endentity2)) | |
461 | || !TEST_true(sk_X509_push(fixture->certs, root)) | |
462 | || !TEST_true(sk_X509_push(fixture->certs, intermediate)) | |
463 | || !TEST_true(sk_X509_push(fixture->chain, root))) { | |
464 | tear_down(fixture); | |
465 | fixture = NULL; | |
466 | } | |
467 | EXECUTE_TEST(execute_X509_STORE_test, tear_down); | |
468 | return result; | |
469 | } | |
470 | ||
471 | ||
472 | void cleanup_tests(void) | |
473 | { | |
474 | EVP_PKEY_free(loadedprivkey); | |
475 | EVP_PKEY_free(loadedpubkey); | |
476 | EVP_PKEY_free(loadedkey); | |
477 | X509_free(cert); | |
478 | X509_free(endentity1); | |
479 | X509_free(endentity2); | |
480 | X509_free(root); | |
481 | X509_free(intermediate); | |
482 | OSSL_CMP_MSG_free(ir_protected); | |
483 | OSSL_CMP_MSG_free(ir_unprotected); | |
484 | ||
485 | } | |
486 | ||
487 | int setup_tests(void) | |
488 | { | |
489 | char *server_f; | |
490 | char *server_key_f; | |
491 | char *server_cert_f; | |
492 | char *endentity1_f; | |
493 | char *endentity2_f; | |
494 | char *root_f; | |
495 | char *intermediate_f; | |
496 | ||
8d242823 MC |
497 | if (!test_skip_common_options()) { |
498 | TEST_error("Error parsing test options\n"); | |
499 | return 0; | |
500 | } | |
501 | ||
3dbc5156 DDO |
502 | RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); |
503 | if (!TEST_ptr(server_f = test_get_argument(0)) | |
504 | || !TEST_ptr(ir_protected_f = test_get_argument(1)) | |
505 | || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) | |
506 | || !TEST_ptr(ip_PBM_f = test_get_argument(3)) | |
507 | || !TEST_ptr(server_cert_f = test_get_argument(4)) | |
508 | || !TEST_ptr(server_key_f = test_get_argument(5)) | |
509 | || !TEST_ptr(endentity1_f = test_get_argument(6)) | |
510 | || !TEST_ptr(endentity2_f = test_get_argument(7)) | |
511 | || !TEST_ptr(root_f = test_get_argument(8)) | |
512 | || !TEST_ptr(intermediate_f = test_get_argument(9))) { | |
513 | TEST_error("usage: cmp_protect_test server.pem " | |
514 | "IR_protected.der IR_unprotected.der IP_PBM.der " | |
515 | "server.crt server.pem" | |
516 | "EndEntity1.crt EndEntity2.crt " | |
517 | "Root_CA.crt Intermediate_CA.crt\n"); | |
518 | return 0; | |
519 | } | |
520 | if (!TEST_ptr(loadedkey = load_pem_key(server_key_f)) | |
521 | || !TEST_ptr(cert = load_pem_cert(server_cert_f))) | |
522 | return 0; | |
523 | ||
524 | if (!TEST_ptr(loadedprivkey = load_pem_key(server_f))) | |
525 | return 0; | |
526 | if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) | |
527 | loadedpubkey = loadedprivkey; | |
528 | if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) | |
529 | || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) | |
530 | return 0; | |
531 | if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f)) | |
532 | || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f)) | |
533 | || !TEST_ptr(root = load_pem_cert(root_f)) | |
534 | || !TEST_ptr(intermediate = load_pem_cert(intermediate_f))) | |
535 | return 0; | |
536 | if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) | |
537 | return 0; | |
538 | ||
539 | /* Message protection tests */ | |
540 | ADD_TEST(test_cmp_calc_protection_no_key_no_secret); | |
541 | ADD_TEST(test_cmp_calc_protection_pkey); | |
542 | ADD_TEST(test_cmp_calc_protection_pbmac); | |
543 | ||
544 | ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); | |
545 | ADD_TEST(test_MSG_protect_with_certificate_and_key); | |
546 | ADD_TEST(test_MSG_protect_certificate_based_without_cert); | |
547 | ADD_TEST(test_MSG_protect_unprotected_request); | |
548 | ADD_TEST(test_MSG_protect_no_key_no_secret); | |
cfca56df DDO |
549 | ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); |
550 | ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); | |
3dbc5156 DDO |
551 | ADD_TEST(test_MSG_add_extraCerts); |
552 | ||
ef071222 | 553 | #ifndef OPENSSL_NO_EC |
3dbc5156 DDO |
554 | ADD_TEST(test_cmp_build_cert_chain); |
555 | ADD_TEST(test_cmp_build_cert_chain_missing_root); | |
556 | ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); | |
557 | ADD_TEST(test_cmp_build_cert_chain_no_certs); | |
ef071222 | 558 | #endif |
3dbc5156 DDO |
559 | |
560 | ADD_TEST(test_X509_STORE); | |
235595c4 | 561 | ADD_TEST(test_X509_STORE_only_self_issued); |
3dbc5156 DDO |
562 | |
563 | return 1; | |
564 | } |