]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/cmp_protect_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
threads_pthread.c: change inline to ossl_inline
[thirdparty/openssl.git] / test / cmp_protect_test.c
1 /*
2 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "helpers/cmp_testlib.h"
13
14 static const char *ir_protected_f;
15 static const char *genm_prot_Ed_f;
16 static const char *ir_unprotected_f;
17 static const char *ip_PBM_f;
18
19 typedef struct test_fixture {
20 const char *test_case_name;
21 OSSL_CMP_CTX *cmp_ctx;
22 /* for protection tests */
23 OSSL_CMP_MSG *msg;
24 OSSL_CMP_PKISI *si; /* for error and response messages */
25 EVP_PKEY *pubkey;
26 unsigned char *mem;
27 int memlen;
28 X509 *cert;
29 STACK_OF(X509) *certs;
30 STACK_OF(X509) *chain;
31 int with_ss;
32 int callback_arg;
33 int expected;
34 } CMP_PROTECT_TEST_FIXTURE;
35
36 static OSSL_LIB_CTX *libctx = NULL;
37 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
38
39 static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
40 {
41 if (fixture != NULL) {
42 OSSL_CMP_CTX_free(fixture->cmp_ctx);
43 OSSL_CMP_MSG_free(fixture->msg);
44 OSSL_CMP_PKISI_free(fixture->si);
45
46 OPENSSL_free(fixture->mem);
47 sk_X509_free(fixture->certs);
48 sk_X509_free(fixture->chain);
49
50 OPENSSL_free(fixture);
51 }
52 }
53
54 static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
55 {
56 CMP_PROTECT_TEST_FIXTURE *fixture;
57
58 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
59 return NULL;
60 fixture->test_case_name = test_case_name;
61 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
62 tear_down(fixture);
63 return NULL;
64 }
65 return fixture;
66 }
67
68 static EVP_PKEY *prot_RSA_key = NULL;
69 #ifndef OPENSSL_NO_ECX
70 static EVP_PKEY *prot_Ed_key = NULL;
71 static OSSL_CMP_MSG *genm_protected_Ed;
72 #endif
73 static EVP_PKEY *server_key = NULL;
74 static X509 *server_cert = NULL;
75 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
76 static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
77 static X509 *endentity1 = NULL, *endentity2 = NULL,
78 *root = NULL, *intermediate = NULL;
79
80 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
81 {
82 ASN1_BIT_STRING *protection =
83 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
84 int res = TEST_ptr_null(protection);
85
86 ASN1_BIT_STRING_free(protection);
87 return res;
88 }
89
90 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
91 {
92 ASN1_BIT_STRING *protection =
93 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
94 int res = TEST_ptr(protection)
95 && TEST_true(ASN1_STRING_cmp(protection,
96 fixture->msg->protection) == 0);
97
98 ASN1_BIT_STRING_free(protection);
99 return res;
100 }
101
102 /*
103 * This function works similarly to parts of verify_signature in cmp_vfy.c,
104 * but without the need for an OSSL_CMP_CTX or an X509 certificate.
105 */
106 static int verify_signature(OSSL_CMP_MSG *msg,
107 ASN1_BIT_STRING *protection,
108 EVP_PKEY *pkey, EVP_MD *digest)
109 {
110 OSSL_CMP_PROTECTEDPART prot_part;
111
112 prot_part.header = OSSL_CMP_MSG_get0_header(msg);
113 prot_part.body = msg->body;
114 return ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART),
115 msg->header->protectionAlg, protection,
116 &prot_part, NULL, pkey, libctx, NULL) > 0;
117 }
118
119 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
120 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
121 fixture)
122 {
123 ASN1_BIT_STRING *protection =
124 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
125 int ret = (TEST_ptr(protection)
126 && TEST_true(verify_signature(fixture->msg, protection,
127 fixture->pubkey,
128 fixture->cmp_ctx->digest)));
129
130 ASN1_BIT_STRING_free(protection);
131 return ret;
132 }
133
134 static int test_cmp_calc_protection_no_key_no_secret(void)
135 {
136 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
137 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))
138 || !TEST_ptr(fixture->msg->header->protectionAlg =
139 X509_ALGOR_new() /* no specific alg needed here */)) {
140 tear_down(fixture);
141 fixture = NULL;
142 }
143
144 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
145 return result;
146 }
147
148 static int test_cmp_calc_protection_pkey(void)
149 {
150 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
151 fixture->pubkey = prot_RSA_key;
152 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_RSA_key))
153 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) {
154 tear_down(fixture);
155 fixture = NULL;
156 }
157 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
158 return result;
159 }
160
161 #ifndef OPENSSL_NO_ECX
162 static int test_cmp_calc_protection_pkey_Ed(void)
163 {
164 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
165 fixture->pubkey = prot_Ed_key;
166 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_Ed_key))
167 || !TEST_ptr(fixture->msg = load_pkimsg(genm_prot_Ed_f, libctx))) {
168 tear_down(fixture);
169 fixture = NULL;
170 }
171 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
172 return result;
173 }
174 #endif
175
176 static int test_cmp_calc_protection_pbmac(void)
177 {
178 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
179
180 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
181 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
182 sec_insta, sizeof(sec_insta)))
183 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) {
184 tear_down(fixture);
185 fixture = NULL;
186 }
187 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
188 return result;
189 }
190 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
191 {
192 return TEST_int_eq(fixture->expected,
193 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
194 }
195
196 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
197 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
198 static int test_MSG_protect_unprotected_request(void)
199 {
200 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
201
202 fixture->expected = 1;
203 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
204 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
205 tear_down(fixture);
206 fixture = NULL;
207 }
208 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
209 return result;
210 }
211
212 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
213 {
214 const size_t size = sizeof(rand_data) / 2;
215
216 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
217 fixture->expected = 1;
218
219 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
220 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
221 /*
222 * Use half of the 16 bytes of random input
223 * for each reference and secret value
224 */
225 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
226 rand_data, size))
227 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
228 rand_data + size,
229 size))) {
230 tear_down(fixture);
231 fixture = NULL;
232 }
233 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
234 return result;
235 }
236
237 static int test_MSG_protect_with_certificate_and_key(void)
238 {
239 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
240 fixture->expected = 1;
241
242 if (!TEST_ptr(fixture->msg =
243 OSSL_CMP_MSG_dup(ir_unprotected))
244 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
245 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, server_key))
246 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx,
247 server_cert))) {
248 tear_down(fixture);
249 fixture = NULL;
250 }
251 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
252 return result;
253 }
254
255 static int test_MSG_protect_certificate_based_without_cert(void)
256 {
257 OSSL_CMP_CTX *ctx;
258
259 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
260 ctx = fixture->cmp_ctx;
261 fixture->expected = 0;
262 if (!TEST_ptr(fixture->msg =
263 OSSL_CMP_MSG_dup(ir_unprotected))
264 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
265 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, server_key))) {
266 tear_down(fixture);
267 fixture = NULL;
268 }
269 EVP_PKEY_up_ref(server_key);
270 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
271 return result;
272 }
273
274 static int test_MSG_protect_no_key_no_secret(void)
275 {
276 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
277 fixture->expected = 0;
278 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
279 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
280 tear_down(fixture);
281 fixture = NULL;
282 }
283 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
284 return result;
285 }
286
287 static int test_MSG_protect_pbmac_no_sender(int with_ref)
288 {
289 static unsigned char secret[] = { 47, 11, 8, 15 };
290 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
291
292 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
293 fixture->expected = with_ref;
294 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
295 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
296 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
297 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
298 secret, sizeof(secret))
299 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
300 with_ref ? ref : NULL,
301 sizeof(ref)))) {
302 tear_down(fixture);
303 fixture = NULL;
304 }
305 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
306 return result;
307 }
308
309 static int test_MSG_protect_pbmac_no_sender_with_ref(void)
310 {
311 return test_MSG_protect_pbmac_no_sender(1);
312 }
313
314 static int test_MSG_protect_pbmac_no_sender_no_ref(void)
315 {
316 return test_MSG_protect_pbmac_no_sender(0);
317 }
318
319 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
320 {
321 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
322 fixture->msg));
323 }
324
325 static int test_MSG_add_extraCerts(void)
326 {
327 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
328 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
329 tear_down(fixture);
330 fixture = NULL;
331 }
332 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
333 return result;
334 }
335
336 #ifndef OPENSSL_NO_EC
337 /* The cert chain tests use EC certs so we skip them in no-ec builds */
338 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
339 {
340 int ret = 0;
341 OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
342 X509_STORE *store;
343 STACK_OF(X509) *chain =
344 X509_build_chain(fixture->cert, fixture->certs, NULL,
345 fixture->with_ss, ctx->libctx, ctx->propq);
346
347 if (TEST_ptr(chain)) {
348 /* Check whether chain built is equal to the expected one */
349 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
350 OSSL_STACK_OF_X509_free(chain);
351 }
352 if (!ret)
353 return 0;
354
355 if (TEST_ptr(store = X509_STORE_new())
356 && TEST_true(X509_STORE_add_cert(store, root))) {
357 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
358 X509_V_FLAG_NO_CHECK_TIME);
359 chain = X509_build_chain(fixture->cert, fixture->certs, store,
360 fixture->with_ss, ctx->libctx, ctx->propq);
361 ret = TEST_int_eq(fixture->expected, chain != NULL);
362 if (ret && chain != NULL) {
363 /* Check whether chain built is equal to the expected one */
364 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
365 OSSL_STACK_OF_X509_free(chain);
366 }
367 }
368 X509_STORE_free(store);
369 return ret;
370 }
371
372 static int test_cmp_build_cert_chain(void)
373 {
374 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
375 fixture->expected = 1;
376 fixture->with_ss = 0;
377 fixture->cert = endentity2;
378 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
379 || !TEST_ptr(fixture->chain = sk_X509_new_null())
380 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
381 || !TEST_true(sk_X509_push(fixture->certs, root))
382 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
383 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
384 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
385 tear_down(fixture);
386 fixture = NULL;
387 }
388 if (fixture != NULL) {
389 result = execute_cmp_build_cert_chain_test(fixture);
390 fixture->with_ss = 1;
391 if (result && TEST_true(sk_X509_push(fixture->chain, root)))
392 result = execute_cmp_build_cert_chain_test(fixture);
393 }
394 tear_down(fixture);
395 return result;
396 }
397
398 static int test_cmp_build_cert_chain_missing_intermediate(void)
399 {
400 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
401 fixture->expected = 0;
402 fixture->with_ss = 0;
403 fixture->cert = endentity2;
404 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
405 || !TEST_ptr(fixture->chain = sk_X509_new_null())
406 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
407 || !TEST_true(sk_X509_push(fixture->certs, root))
408 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
409 tear_down(fixture);
410 fixture = NULL;
411 }
412 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
413 return result;
414 }
415
416 static int test_cmp_build_cert_chain_no_root(void)
417 {
418 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
419 fixture->expected = 1;
420 fixture->with_ss = 0;
421 fixture->cert = endentity2;
422 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
423 || !TEST_ptr(fixture->chain = sk_X509_new_null())
424 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
425 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
426 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
427 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
428 tear_down(fixture);
429 fixture = NULL;
430 }
431 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
432 return result;
433 }
434
435 static int test_cmp_build_cert_chain_only_root(void)
436 {
437 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
438 fixture->expected = 1;
439 fixture->with_ss = 0; /* still chain must include the only cert (root) */
440 fixture->cert = root;
441 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
442 || !TEST_ptr(fixture->chain = sk_X509_new_null())
443 || !TEST_true(sk_X509_push(fixture->certs, root))
444 || !TEST_true(sk_X509_push(fixture->chain, root))) {
445 tear_down(fixture);
446 fixture = NULL;
447 }
448 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
449 return result;
450 }
451
452 static int test_cmp_build_cert_chain_no_certs(void)
453 {
454 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
455 fixture->expected = 0;
456 fixture->with_ss = 0;
457 fixture->cert = endentity2;
458 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
459 || !TEST_ptr(fixture->chain = sk_X509_new_null())
460 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
461 tear_down(fixture);
462 fixture = NULL;
463 }
464 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
465 return result;
466 }
467 #endif /* OPENSSL_NO_EC */
468
469 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
470 {
471 X509_STORE *store = X509_STORE_new();
472 STACK_OF(X509) *sk = NULL;
473 int res = 0;
474
475 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
476 fixture->certs,
477 fixture->callback_arg)))
478 goto err;
479 sk = X509_STORE_get1_all_certs(store);
480 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
481 goto err;
482 res = 1;
483 err:
484 X509_STORE_free(store);
485 OSSL_STACK_OF_X509_free(sk);
486 return res;
487
488 }
489
490 static int test_X509_STORE(void)
491 {
492 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
493 fixture->callback_arg = 0; /* self-issued allowed */
494 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
495 || !sk_X509_push(fixture->certs, endentity1)
496 || !sk_X509_push(fixture->certs, endentity2)
497 || !sk_X509_push(fixture->certs, root)
498 || !sk_X509_push(fixture->certs, intermediate)
499 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
500 tear_down(fixture);
501 fixture = NULL;
502 }
503 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
504 return result;
505 }
506
507 static int test_X509_STORE_only_self_issued(void)
508 {
509 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
510 fixture->certs = sk_X509_new_null();
511 fixture->chain = sk_X509_new_null();
512 fixture->callback_arg = 1; /* only self-issued */
513 if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
514 || !TEST_true(sk_X509_push(fixture->certs, endentity2))
515 || !TEST_true(sk_X509_push(fixture->certs, root))
516 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
517 || !TEST_true(sk_X509_push(fixture->chain, root))) {
518 tear_down(fixture);
519 fixture = NULL;
520 }
521 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
522 return result;
523 }
524
525 void cleanup_tests(void)
526 {
527 EVP_PKEY_free(prot_RSA_key);
528 #ifndef OPENSSL_NO_ECX
529 EVP_PKEY_free(prot_Ed_key);
530 OSSL_CMP_MSG_free(genm_protected_Ed);
531 #endif
532 EVP_PKEY_free(server_key);
533 X509_free(server_cert);
534 X509_free(endentity1);
535 X509_free(endentity2);
536 X509_free(root);
537 X509_free(intermediate);
538 OSSL_CMP_MSG_free(ir_protected);
539 OSSL_CMP_MSG_free(ir_unprotected);
540 OSSL_PROVIDER_unload(default_null_provider);
541 OSSL_PROVIDER_unload(provider);
542 OSSL_LIB_CTX_free(libctx);
543 }
544
545 #define USAGE "prot_RSA.pem IR_protected.der prot_Ed.pem " \
546 "GENM_protected_Ed.der IR_unprotected.der IP_PBM.der " \
547 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
548 "Intermediate_CA.crt module_name [module_conf_file]\n"
549 OPT_TEST_DECLARE_USAGE(USAGE)
550
551 int setup_tests(void)
552 {
553 char *prot_RSA_f;
554 char *prot_Ed_f;
555 char *server_key_f;
556 char *server_cert_f;
557 char *endentity1_f;
558 char *endentity2_f;
559 char *root_f;
560 char *intermediate_f;
561
562 if (!test_skip_common_options()) {
563 TEST_error("Error parsing test options\n");
564 return 0;
565 }
566
567 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
568 if (!TEST_ptr(prot_RSA_f = test_get_argument(0))
569 || !TEST_ptr(ir_protected_f = test_get_argument(1))
570 || !TEST_ptr(prot_Ed_f = test_get_argument(2))
571 || !TEST_ptr(genm_prot_Ed_f = test_get_argument(3))
572 || !TEST_ptr(ir_unprotected_f = test_get_argument(4))
573 || !TEST_ptr(ip_PBM_f = test_get_argument(5))
574 || !TEST_ptr(server_cert_f = test_get_argument(6))
575 || !TEST_ptr(server_key_f = test_get_argument(7))
576 || !TEST_ptr(endentity1_f = test_get_argument(8))
577 || !TEST_ptr(endentity2_f = test_get_argument(9))
578 || !TEST_ptr(root_f = test_get_argument(10))
579 || !TEST_ptr(intermediate_f = test_get_argument(11))) {
580 TEST_error("usage: cmp_protect_test %s", USAGE);
581 return 0;
582 }
583
584 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 12, USAGE))
585 return 0;
586
587 if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx))
588 || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)))
589 return 0;
590
591 if (!TEST_ptr(prot_RSA_key = load_pkey_pem(prot_RSA_f, libctx)))
592 return 0;
593 #ifndef OPENSSL_NO_ECX
594 if (!TEST_ptr(prot_Ed_key = load_pkey_pem(prot_Ed_f, libctx)))
595 return 0;
596 #endif
597 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
598 #ifndef OPENSSL_NO_ECX
599 || !TEST_ptr(genm_protected_Ed = load_pkimsg(genm_prot_Ed_f, libctx))
600 #endif
601 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
602 return 0;
603 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
604 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
605 || !TEST_ptr(root = load_cert_pem(root_f, libctx))
606 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
607 return 0;
608 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
609 return 0;
610
611 /* Message protection tests */
612 ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
613 ADD_TEST(test_cmp_calc_protection_pkey);
614 #ifndef OPENSSL_NO_ECX
615 ADD_TEST(test_cmp_calc_protection_pkey_Ed);
616 #endif
617 ADD_TEST(test_cmp_calc_protection_pbmac);
618
619 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
620 ADD_TEST(test_MSG_protect_with_certificate_and_key);
621 ADD_TEST(test_MSG_protect_certificate_based_without_cert);
622 ADD_TEST(test_MSG_protect_unprotected_request);
623 ADD_TEST(test_MSG_protect_no_key_no_secret);
624 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
625 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
626 ADD_TEST(test_MSG_add_extraCerts);
627
628 #ifndef OPENSSL_NO_EC
629 ADD_TEST(test_cmp_build_cert_chain);
630 ADD_TEST(test_cmp_build_cert_chain_only_root);
631 ADD_TEST(test_cmp_build_cert_chain_no_root);
632 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
633 ADD_TEST(test_cmp_build_cert_chain_no_certs);
634 #endif
635
636 ADD_TEST(test_X509_STORE);
637 ADD_TEST(test_X509_STORE_only_self_issued);
638
639 return 1;
640 }
A mirror of the official openssl repository