1 /* 2 * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include "helpers/cmp_testlib.h" 13 14 #include "cmp_mock_srv.h" 15 16 static const char *server_key_f; 17 static const char *server_cert_f; 18 static const char *client_key_f; 19 static const char *client_cert_f; 20 static const char *pkcs10_f; 21 22 typedef struct test_fixture { 23 const char *test_case_name; 24 OSSL_CMP_CTX *cmp_ctx; 25 OSSL_CMP_SRV_CTX *srv_ctx; 26 int req_type; 27 int expected; 28 STACK_OF(X509) *caPubs; 29 } CMP_SES_TEST_FIXTURE; 30 31 static OSSL_LIB_CTX *libctx = NULL; 32 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 33 34 static EVP_PKEY *server_key = NULL; 35 static X509 *server_cert = NULL; 36 static EVP_PKEY *client_key = NULL; 37 static X509 *client_cert = NULL; 38 static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; /* not actually used */ 39 40 /* 41 * For these unit tests, the client abandons message protection, and for 42 * error messages the mock server does so as well. 43 * Message protection and verification is tested in cmp_lib_test.c 44 */ 45 46 static void tear_down(CMP_SES_TEST_FIXTURE *fixture) 47 { 48 OSSL_CMP_CTX_free(fixture->cmp_ctx); 49 ossl_cmp_mock_srv_free(fixture->srv_ctx); 50 sk_X509_free(fixture->caPubs); 51 OPENSSL_free(fixture); 52 } 53 54 static int set_simple_trust(OSSL_CMP_CTX *ctx, X509 *trusted) 55 { 56 X509_STORE *ts = X509_STORE_new(); 57 X509_VERIFY_PARAM *vpm; 58 59 /* 60 * not simply using OSSL_CMP_CTX_set1_srvCert() (to pin the server cert) 61 * in order to make sure that validated server cert gets cached, 62 * which is needed for the negative test case test_exec_KUR_bad_pkiConf_protection 63 */ 64 if (ts == NULL || !X509_STORE_add_cert(ts, trusted)) 65 goto err; 66 67 vpm = X509_STORE_get0_param(ts); 68 if (!X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME | X509_V_FLAG_PARTIAL_CHAIN) 69 || !OSSL_CMP_CTX_set0_trusted(ctx, ts)) 70 goto err; 71 72 return 1; 73 err: 74 X509_STORE_free(ts); 75 return 0; 76 } 77 78 static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) 79 { 80 CMP_SES_TEST_FIXTURE *fixture; 81 OSSL_CMP_CTX *srv_cmp_ctx = NULL; 82 OSSL_CMP_CTX *ctx = NULL; /* for client */ 83 84 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 85 return NULL; 86 fixture->test_case_name = test_case_name; 87 if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(libctx, NULL)) 88 || !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1) 89 || !ossl_cmp_mock_srv_set1_refCert(fixture->srv_ctx, client_cert) 90 || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) 91 || (srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL 92 || !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert) 93 || !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key)) 94 goto err; 95 if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL)) 96 || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out) 97 /* using default verbosity: OSSL_CMP_LOG_INFO */ 98 || !OSSL_CMP_CTX_set_transfer_cb(ctx, ossl_cmp_mock_server_perform) 99 || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx) 100 || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1) 101 || !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert) 102 || !OSSL_CMP_CTX_set1_pkey(ctx, client_key) 103 /* client_key is by default used also for newPkey */ 104 || !set_simple_trust(ctx, server_cert) 105 || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) /* not actually needed */ 106 goto err; 107 fixture->req_type = -1; 108 return fixture; 109 110 err: 111 tear_down(fixture); 112 return NULL; 113 } 114 115 static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixt) 116 { 117 return TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), 118 OSSL_CMP_PKISTATUS_unspecified) 119 && TEST_int_eq(OSSL_CMP_exec_RR_ses(fixt->cmp_ctx), 120 fixt->expected == OSSL_CMP_PKISTATUS_accepted) 121 && TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), fixt->expected); 122 } 123 124 static int execute_exec_GENM_ses_test_single(CMP_SES_TEST_FIXTURE *fixture) 125 { 126 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 127 ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); 128 OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL); 129 STACK_OF(OSSL_CMP_ITAV) *itavs; 130 131 OSSL_CMP_CTX_push0_genm_ITAV(ctx, itav); 132 itavs = OSSL_CMP_exec_GENM_ses(ctx); 133 134 sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); 135 return TEST_int_eq(OSSL_CMP_CTX_get_status(ctx), fixture->expected) 136 && fixture->expected == OSSL_CMP_PKISTATUS_accepted 137 ? TEST_ptr(itavs) 138 : TEST_ptr_null(itavs); 139 } 140 141 static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) 142 { 143 return execute_exec_GENM_ses_test_single(fixture) 144 && OSSL_CMP_CTX_reinit(fixture->cmp_ctx) 145 && execute_exec_GENM_ses_test_single(fixture); 146 } 147 148 static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture) 149 { 150 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 151 X509 *res = OSSL_CMP_exec_certreq(ctx, fixture->req_type, NULL); 152 int status = OSSL_CMP_CTX_get_status(ctx); 153 154 OSSL_CMP_CTX_print_errors(ctx); 155 if (!TEST_int_eq(status, fixture->expected)) 156 return 0; 157 if (fixture->expected != OSSL_CMP_PKISTATUS_accepted) 158 return TEST_ptr_null(res); 159 160 if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0)) 161 return 0; 162 if (fixture->caPubs != NULL) { 163 STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx); 164 int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0); 165 166 OSSL_STACK_OF_X509_free(caPubs); 167 return ret; 168 } 169 return 1; 170 } 171 172 static int test_exec_RR_ses(int request_error) 173 { 174 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 175 if (request_error) 176 OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, NULL); 177 fixture->expected = request_error ? OSSL_CMP_PKISTATUS_request 178 : OSSL_CMP_PKISTATUS_accepted; 179 EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); 180 return result; 181 } 182 183 static int test_exec_RR_ses_ok(void) 184 { 185 return test_exec_RR_ses(0); 186 } 187 188 static int test_exec_RR_ses_request_error(void) 189 { 190 return test_exec_RR_ses(1); 191 } 192 193 static int test_exec_RR_ses_receive_error(void) 194 { 195 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 196 ossl_cmp_mock_srv_set_statusInfo(fixture->srv_ctx, 197 OSSL_CMP_PKISTATUS_rejection, 198 OSSL_CMP_CTX_FAILINFO_signerNotTrusted, 199 "test string"); 200 ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, OSSL_CMP_PKIBODY_RR); 201 fixture->expected = OSSL_CMP_PKISTATUS_rejection; 202 EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); 203 return result; 204 } 205 206 static int test_exec_IR_ses(void) 207 { 208 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 209 fixture->req_type = OSSL_CMP_PKIBODY_IR; 210 fixture->expected = OSSL_CMP_PKISTATUS_accepted; 211 fixture->caPubs = sk_X509_new_null(); 212 if (!sk_X509_push(fixture->caPubs, server_cert) 213 || !sk_X509_push(fixture->caPubs, server_cert)) { 214 tear_down(fixture); 215 return 0; 216 } 217 ossl_cmp_mock_srv_set1_caPubsOut(fixture->srv_ctx, fixture->caPubs); 218 EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); 219 return result; 220 } 221 222 static int test_exec_REQ_ses_poll(int req_type, int check_after, 223 int poll_count, int total_timeout, 224 int expect) 225 { 226 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 227 fixture->req_type = req_type; 228 fixture->expected = expect; 229 ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, check_after); 230 ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, poll_count); 231 OSSL_CMP_CTX_set_option(fixture->cmp_ctx, 232 OSSL_CMP_OPT_TOTAL_TIMEOUT, total_timeout); 233 234 if (req_type == OSSL_CMP_PKIBODY_IR) { 235 EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); 236 } else if (req_type == OSSL_CMP_PKIBODY_GENM) { 237 EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); 238 } 239 return result; 240 } 241 242 static int checkAfter = 1; 243 static int test_exec_IR_ses_poll_ok(void) 244 { 245 return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter, 2, 0, 246 OSSL_CMP_PKISTATUS_accepted); 247 } 248 249 static int test_exec_IR_ses_poll_no_timeout(void) 250 { 251 return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter, 252 2 /* pollCount */, 253 checkAfter + 14, /* usually 4 is sufficient */ 254 OSSL_CMP_PKISTATUS_accepted); 255 } 256 257 static int test_exec_IR_ses_poll_total_timeout(void) 258 { 259 return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1, 260 3 /* pollCount */, checkAfter + 6, 261 OSSL_CMP_PKISTATUS_trans); 262 } 263 264 static int test_exec_CR_ses(int implicit_confirm, int granted, int reject) 265 { 266 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 267 fixture->req_type = OSSL_CMP_PKIBODY_CR; 268 OSSL_CMP_CTX_set_option(fixture->cmp_ctx, 269 OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm); 270 OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted); 271 ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, 272 reject ? OSSL_CMP_PKIBODY_CERTCONF : -1); 273 fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection 274 : OSSL_CMP_PKISTATUS_accepted; 275 EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); 276 return result; 277 } 278 279 static int test_exec_CR_ses_explicit_confirm(void) 280 { 281 return test_exec_CR_ses(0, 0, 0) 282 && test_exec_CR_ses(0, 0, 1 /* reject */); 283 } 284 285 static int test_exec_CR_ses_implicit_confirm(void) 286 { 287 return test_exec_CR_ses(1, 0, 0) 288 && test_exec_CR_ses(1, 1 /* granted */, 0); 289 } 290 291 /* the KUR transactions include certConf/pkiConf */ 292 static int test_exec_KUR_ses(int transfer_error, int server_use_bad_protection, 293 int pubkey, int raverified) 294 { 295 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 296 fixture->req_type = OSSL_CMP_PKIBODY_KUR; 297 /* ctx->oldCert has already been set */ 298 299 if (transfer_error) 300 OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); 301 (void)ossl_cmp_mock_srv_set_useBadProtection(fixture->srv_ctx, server_use_bad_protection); 302 303 if (pubkey) { 304 EVP_PKEY *key = raverified /* wrong key */ ? server_key : client_key; 305 306 if (!EVP_PKEY_up_ref(key)) 307 return 0; 308 309 OSSL_CMP_CTX_set0_newPkey(fixture->cmp_ctx, 0 /* not priv */, key); 310 OSSL_CMP_SRV_CTX_set_accept_raverified(fixture->srv_ctx, 1); 311 } 312 if (pubkey || raverified) 313 OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_POPO_METHOD, 314 OSSL_CRMF_POPO_RAVERIFIED); 315 fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? (pubkey ? OSSL_CMP_PKISTATUS_rejected_by_client : OSSL_CMP_PKISTATUS_rejection) 316 : server_use_bad_protection != -1 ? OSSL_CMP_PKISTATUS_checking_response 317 : OSSL_CMP_PKISTATUS_accepted; 318 EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); 319 return result; 320 } 321 322 static int test_exec_KUR_ses_ok(void) 323 { 324 return test_exec_KUR_ses(0, -1, 0, 0); 325 } 326 327 static int test_exec_KUR_ses_transfer_error(void) 328 { 329 return test_exec_KUR_ses(1, -1, 0, 0); 330 } 331 332 static int test_exec_KUR_bad_pkiConf_protection(void) 333 { 334 return test_exec_KUR_ses(0, -1 /* disabled: OSSL_CMP_PKIBODY_PKICONF */, 0, 0); 335 } 336 337 static int test_exec_KUR_ses_wrong_popo(void) 338 { 339 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* cf ossl_cmp_verify_popo() */ 340 return test_exec_KUR_ses(0, -1, 0, 1); 341 #else 342 return 1; 343 #endif 344 } 345 346 static int test_exec_KUR_ses_pub(void) 347 { 348 return test_exec_KUR_ses(0, -1, 1, 0); 349 } 350 351 static int test_exec_KUR_ses_wrong_pub(void) 352 { 353 return test_exec_KUR_ses(0, -1, 1, 1); 354 } 355 356 static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, 357 const char **txt) 358 { 359 int *reject = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); 360 361 if (*reject) { 362 *txt = "not to my taste"; 363 fail_info = OSSL_CMP_PKIFAILUREINFO_badCertTemplate; 364 } 365 return fail_info; 366 } 367 368 static int test_exec_P10CR_ses(int reject) 369 { 370 OSSL_CMP_CTX *ctx; 371 X509_REQ *csr = NULL; 372 373 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 374 fixture->req_type = OSSL_CMP_PKIBODY_P10CR; 375 fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejected_by_client 376 : OSSL_CMP_PKISTATUS_accepted; 377 ctx = fixture->cmp_ctx; 378 if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx)) 379 || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) 380 || !TEST_true(OSSL_CMP_CTX_set_certConf_cb(ctx, test_certConf_cb)) 381 || !TEST_true(OSSL_CMP_CTX_set_certConf_cb_arg(ctx, &reject))) { 382 tear_down(fixture); 383 fixture = NULL; 384 } 385 X509_REQ_free(csr); 386 EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); 387 return result; 388 } 389 390 static int test_exec_P10CR_ses_ok(void) 391 { 392 return test_exec_P10CR_ses(0); 393 } 394 395 static int test_exec_P10CR_ses_reject(void) 396 { 397 return test_exec_P10CR_ses(1); 398 } 399 400 static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture) 401 { 402 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 403 int check_after; 404 const int CHECK_AFTER = 0; 405 const int TYPE = OSSL_CMP_PKIBODY_KUR; 406 407 ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); 408 ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); 409 return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) 410 && check_after == CHECK_AFTER 411 && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) 412 && TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) 413 && check_after == CHECK_AFTER 414 && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) 415 && TEST_int_eq(fixture->expected, 416 OSSL_CMP_try_certreq(ctx, TYPE, NULL, NULL)) 417 && TEST_int_eq(0, 418 X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); 419 } 420 421 static int test_try_certreq_poll(void) 422 { 423 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 424 fixture->expected = 1; 425 EXECUTE_TEST(execute_try_certreq_poll_test, tear_down); 426 return result; 427 } 428 429 static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture) 430 { 431 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 432 int check_after; 433 const int CHECK_AFTER = 99; 434 const int TYPE = OSSL_CMP_PKIBODY_CR; 435 436 ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); 437 ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); 438 return TEST_int_eq(-1, OSSL_CMP_try_certreq(ctx, TYPE, NULL, &check_after)) 439 && check_after == CHECK_AFTER 440 && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) 441 && TEST_int_eq(fixture->expected, 442 OSSL_CMP_try_certreq(ctx, -1 /* abort */, NULL, NULL)) 443 && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL); 444 } 445 446 static int test_try_certreq_poll_abort(void) 447 { 448 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 449 fixture->expected = 1; 450 EXECUTE_TEST(execute_try_certreq_poll_abort_test, tear_down); 451 return result; 452 } 453 454 static int test_exec_GENM_ses_poll_ok(void) 455 { 456 return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter, 2, 0, 457 OSSL_CMP_PKISTATUS_accepted); 458 } 459 460 static int test_exec_GENM_ses_poll_no_timeout(void) 461 { 462 return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter, 463 1 /* pollCount */, checkAfter + 1, 464 OSSL_CMP_PKISTATUS_accepted); 465 } 466 467 static int test_exec_GENM_ses_poll_total_timeout(void) 468 { 469 return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter + 1, 470 3 /* pollCount */, checkAfter + 2, 471 OSSL_CMP_PKISTATUS_trans); 472 } 473 474 static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect) 475 { 476 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 477 if (transfer_error) 478 OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); 479 /* 480 * cannot use OSSL_CMP_CTX_set_option(... OSSL_CMP_OPT_TOTAL_TIMEOUT) 481 * here because this will correct total_timeout to be >= 0 482 */ 483 fixture->cmp_ctx->total_timeout = total_timeout; 484 fixture->expected = expect; 485 EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); 486 return result; 487 } 488 489 static int test_exec_GENM_ses_ok(void) 490 { 491 return test_exec_GENM_ses(0, 0, OSSL_CMP_PKISTATUS_accepted); 492 } 493 494 static int test_exec_GENM_ses_transfer_error(void) 495 { 496 return test_exec_GENM_ses(1, 0, OSSL_CMP_PKISTATUS_trans); 497 } 498 499 static int test_exec_GENM_ses_total_timeout(void) 500 { 501 return test_exec_GENM_ses(0, -1, OSSL_CMP_PKISTATUS_trans); 502 } 503 504 static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) 505 { 506 int res = ossl_cmp_exchange_certConf(fixture->cmp_ctx, OSSL_CMP_CERTREQID, 507 OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable, 508 "abcdefg"); 509 510 return TEST_int_eq(fixture->expected, res); 511 } 512 513 static int execute_exchange_error_test(CMP_SES_TEST_FIXTURE *fixture) 514 { 515 int res = ossl_cmp_exchange_error(fixture->cmp_ctx, 516 OSSL_CMP_PKISTATUS_rejection, 517 1 << OSSL_CMP_PKIFAILUREINFO_unsupportedVersion, 518 "foo_status", 999, "foo_details"); 519 520 return TEST_int_eq(fixture->expected, res); 521 } 522 523 static int test_exchange_certConf(void) 524 { 525 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 526 fixture->expected = 0; /* client should not send certConf immediately */ 527 if (!ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, X509_dup(client_cert))) { 528 tear_down(fixture); 529 fixture = NULL; 530 } 531 EXECUTE_TEST(execute_exchange_certConf_test, tear_down); 532 return result; 533 } 534 535 static int test_exchange_error(void) 536 { 537 SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); 538 fixture->expected = 1; /* client may send error any time */ 539 EXECUTE_TEST(execute_exchange_error_test, tear_down); 540 return result; 541 } 542 543 void cleanup_tests(void) 544 { 545 X509_free(server_cert); 546 EVP_PKEY_free(server_key); 547 X509_free(client_cert); 548 EVP_PKEY_free(client_key); 549 OSSL_PROVIDER_unload(default_null_provider); 550 OSSL_PROVIDER_unload(provider); 551 OSSL_LIB_CTX_free(libctx); 552 return; 553 } 554 555 #define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" 556 OPT_TEST_DECLARE_USAGE(USAGE) 557 558 int setup_tests(void) 559 { 560 if (!test_skip_common_options()) { 561 TEST_error("Error parsing test options\n"); 562 return 0; 563 } 564 565 if (!TEST_ptr(server_key_f = test_get_argument(0)) 566 || !TEST_ptr(server_cert_f = test_get_argument(1)) 567 || !TEST_ptr(client_key_f = test_get_argument(2)) 568 || !TEST_ptr(client_cert_f = test_get_argument(3)) 569 || !TEST_ptr(pkcs10_f = test_get_argument(4))) { 570 TEST_error("usage: cmp_client_test %s", USAGE); 571 return 0; 572 } 573 574 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 5, USAGE)) 575 return 0; 576 577 if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) 578 || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)) 579 || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx)) 580 || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx)) 581 || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { /* not actually used */ 582 cleanup_tests(); 583 return 0; 584 } 585 586 ADD_TEST(test_exec_RR_ses_ok); 587 ADD_TEST(test_exec_RR_ses_request_error); 588 ADD_TEST(test_exec_RR_ses_receive_error); 589 ADD_TEST(test_exec_CR_ses_explicit_confirm); 590 ADD_TEST(test_exec_CR_ses_implicit_confirm); 591 ADD_TEST(test_exec_IR_ses); 592 ADD_TEST(test_exec_IR_ses_poll_ok); 593 ADD_TEST(test_exec_IR_ses_poll_no_timeout); 594 ADD_TEST(test_exec_IR_ses_poll_total_timeout); 595 ADD_TEST(test_exec_KUR_ses_ok); 596 ADD_TEST(test_exec_KUR_ses_transfer_error); 597 ADD_TEST(test_exec_KUR_bad_pkiConf_protection); 598 ADD_TEST(test_exec_KUR_ses_wrong_popo); 599 ADD_TEST(test_exec_KUR_ses_pub); 600 ADD_TEST(test_exec_KUR_ses_wrong_pub); 601 ADD_TEST(test_exec_P10CR_ses_ok); 602 ADD_TEST(test_exec_P10CR_ses_reject); 603 ADD_TEST(test_try_certreq_poll); 604 ADD_TEST(test_try_certreq_poll_abort); 605 ADD_TEST(test_exec_GENM_ses_ok); 606 ADD_TEST(test_exec_GENM_ses_transfer_error); 607 ADD_TEST(test_exec_GENM_ses_total_timeout); 608 ADD_TEST(test_exec_GENM_ses_poll_ok); 609 ADD_TEST(test_exec_GENM_ses_poll_no_timeout); 610 ADD_TEST(test_exec_GENM_ses_poll_total_timeout); 611 ADD_TEST(test_exchange_certConf); 612 ADD_TEST(test_exchange_error); 613 return 1; 614 } 615