1 /* 2 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include "helpers/cmp_testlib.h" 13 14 static const char *ir_protected_f; 15 static const char *ir_unprotected_f; 16 static const char *ip_PBM_f; 17 18 typedef struct test_fixture { 19 const char *test_case_name; 20 OSSL_CMP_CTX *cmp_ctx; 21 /* for protection tests */ 22 OSSL_CMP_MSG *msg; 23 OSSL_CMP_PKISI *si; /* for error and response messages */ 24 EVP_PKEY *pubkey; 25 unsigned char *mem; 26 int memlen; 27 X509 *cert; 28 STACK_OF(X509) *certs; 29 STACK_OF(X509) *chain; 30 int with_ss; 31 int callback_arg; 32 int expected; 33 } CMP_PROTECT_TEST_FIXTURE; 34 35 static OSSL_LIB_CTX *libctx = NULL; 36 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 37 38 static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) 39 { 40 if (fixture != NULL) { 41 OSSL_CMP_CTX_free(fixture->cmp_ctx); 42 OSSL_CMP_MSG_free(fixture->msg); 43 OSSL_CMP_PKISI_free(fixture->si); 44 45 OPENSSL_free(fixture->mem); 46 sk_X509_free(fixture->certs); 47 sk_X509_free(fixture->chain); 48 49 OPENSSL_free(fixture); 50 } 51 } 52 53 static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) 54 { 55 CMP_PROTECT_TEST_FIXTURE *fixture; 56 57 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 58 return NULL; 59 fixture->test_case_name = test_case_name; 60 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) { 61 tear_down(fixture); 62 return NULL; 63 } 64 return fixture; 65 } 66 67 static EVP_PKEY *loadedprivkey = NULL; 68 static EVP_PKEY *loadedpubkey = NULL; 69 static EVP_PKEY *loadedkey = NULL; 70 static X509 *cert = NULL; 71 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 72 static OSSL_CMP_MSG *ir_unprotected, *ir_protected; 73 static X509 *endentity1 = NULL, *endentity2 = NULL, 74 *root = NULL, *intermediate = NULL; 75 76 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) 77 { 78 ASN1_BIT_STRING *protection = 79 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 80 int res = TEST_ptr_null(protection); 81 82 ASN1_BIT_STRING_free(protection); 83 return res; 84 } 85 86 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) 87 { 88 ASN1_BIT_STRING *protection = 89 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 90 int res = TEST_ptr(protection) 91 && TEST_true(ASN1_STRING_cmp(protection, 92 fixture->msg->protection) == 0); 93 94 ASN1_BIT_STRING_free(protection); 95 return res; 96 } 97 98 /* 99 * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, 100 * but without the need for a OSSL_CMP_CTX or a X509 certificate 101 */ 102 static int verify_signature(OSSL_CMP_MSG *msg, 103 ASN1_BIT_STRING *protection, 104 EVP_PKEY *pkey, EVP_MD *digest) 105 { 106 OSSL_CMP_PROTECTEDPART prot_part; 107 unsigned char *prot_part_der = NULL; 108 int len; 109 EVP_MD_CTX *ctx = NULL; 110 int res; 111 112 prot_part.header = OSSL_CMP_MSG_get0_header(msg); 113 prot_part.body = msg->body; 114 len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); 115 res = 116 TEST_int_ge(len, 0) 117 && TEST_ptr(ctx = EVP_MD_CTX_new()) 118 && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) 119 && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, 120 protection->length, 121 prot_part_der, len), 1); 122 /* cleanup */ 123 EVP_MD_CTX_free(ctx); 124 OPENSSL_free(prot_part_der); 125 return res; 126 } 127 128 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ 129 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * 130 fixture) 131 { 132 ASN1_BIT_STRING *protection = 133 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 134 int ret = (TEST_ptr(protection) 135 && TEST_true(ASN1_STRING_cmp(protection, 136 fixture->msg->protection) == 0) 137 && TEST_true(verify_signature(fixture->msg, protection, 138 fixture->pubkey, 139 fixture->cmp_ctx->digest))); 140 141 ASN1_BIT_STRING_free(protection); 142 return ret; 143 } 144 145 static int test_cmp_calc_protection_no_key_no_secret(void) 146 { 147 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 148 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) 149 || !TEST_ptr(fixture->msg->header->protectionAlg = 150 X509_ALGOR_new() /* no specific alg needed here */)) { 151 tear_down(fixture); 152 fixture = NULL; 153 } 154 155 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); 156 return result; 157 } 158 159 static int test_cmp_calc_protection_pkey(void) 160 { 161 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 162 fixture->pubkey = loadedpubkey; 163 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) 164 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { 165 tear_down(fixture); 166 fixture = NULL; 167 } 168 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 169 return result; 170 } 171 172 static int test_cmp_calc_protection_pbmac(void) 173 { 174 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; 175 176 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 177 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 178 sec_insta, sizeof(sec_insta))) 179 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { 180 tear_down(fixture); 181 fixture = NULL; 182 } 183 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); 184 return result; 185 } 186 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) 187 { 188 return TEST_int_eq(fixture->expected, 189 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); 190 } 191 192 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ 193 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) 194 static int test_MSG_protect_unprotected_request(void) 195 { 196 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 197 198 fixture->expected = 1; 199 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 200 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { 201 tear_down(fixture); 202 fixture = NULL; 203 } 204 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 205 return result; 206 } 207 208 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) 209 { 210 const size_t size = sizeof(rand_data) / 2; 211 212 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 213 fixture->expected = 1; 214 215 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 216 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 217 /* 218 * Use half of the 16 bytes of random input 219 * for each reference and secret value 220 */ 221 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 222 rand_data, size)) 223 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 224 rand_data + size, 225 size))) { 226 tear_down(fixture); 227 fixture = NULL; 228 } 229 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 230 return result; 231 } 232 233 static int test_MSG_protect_with_certificate_and_key(void) 234 { 235 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 236 fixture->expected = 1; 237 238 if (!TEST_ptr(fixture->msg = 239 OSSL_CMP_MSG_dup(ir_unprotected)) 240 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 241 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) 242 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { 243 tear_down(fixture); 244 fixture = NULL; 245 } 246 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 247 return result; 248 } 249 250 static int test_MSG_protect_certificate_based_without_cert(void) 251 { 252 OSSL_CMP_CTX *ctx; 253 254 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 255 ctx = fixture->cmp_ctx; 256 fixture->expected = 0; 257 if (!TEST_ptr(fixture->msg = 258 OSSL_CMP_MSG_dup(ir_unprotected)) 259 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) 260 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { 261 tear_down(fixture); 262 fixture = NULL; 263 } 264 EVP_PKEY_up_ref(loadedkey); 265 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 266 return result; 267 } 268 269 static int test_MSG_protect_no_key_no_secret(void) 270 { 271 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 272 fixture->expected = 0; 273 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 274 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { 275 tear_down(fixture); 276 fixture = NULL; 277 } 278 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 279 return result; 280 } 281 282 static int test_MSG_protect_pbmac_no_sender(int with_ref) 283 { 284 static unsigned char secret[] = { 47, 11, 8, 15 }; 285 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; 286 287 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 288 fixture->expected = with_ref; 289 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 290 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) 291 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) 292 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 293 secret, sizeof(secret)) 294 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 295 with_ref ? ref : NULL, 296 sizeof(ref)))) { 297 tear_down(fixture); 298 fixture = NULL; 299 } 300 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 301 return result; 302 } 303 304 static int test_MSG_protect_pbmac_no_sender_with_ref(void) 305 { 306 return test_MSG_protect_pbmac_no_sender(1); 307 } 308 309 static int test_MSG_protect_pbmac_no_sender_no_ref(void) 310 { 311 return test_MSG_protect_pbmac_no_sender(0); 312 } 313 314 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) 315 { 316 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, 317 fixture->msg)); 318 } 319 320 static int test_MSG_add_extraCerts(void) 321 { 322 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 323 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { 324 tear_down(fixture); 325 fixture = NULL; 326 } 327 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); 328 return result; 329 } 330 331 #ifndef OPENSSL_NO_EC 332 /* The cert chain tests use EC certs so we skip them in no-ec builds */ 333 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) 334 { 335 int ret = 0; 336 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 337 X509_STORE *store; 338 STACK_OF(X509) *chain = 339 X509_build_chain(fixture->cert, fixture->certs, NULL, 340 fixture->with_ss, ctx->libctx, ctx->propq); 341 342 if (TEST_ptr(chain)) { 343 /* Check whether chain built is equal to the expected one */ 344 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 345 sk_X509_pop_free(chain, X509_free); 346 } 347 if (!ret) 348 return 0; 349 350 if (TEST_ptr(store = X509_STORE_new()) 351 && TEST_true(X509_STORE_add_cert(store, root))) { 352 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), 353 X509_V_FLAG_NO_CHECK_TIME); 354 chain = X509_build_chain(fixture->cert, fixture->certs, store, 355 fixture->with_ss, ctx->libctx, ctx->propq); 356 ret = TEST_int_eq(fixture->expected, chain != NULL); 357 if (ret && chain != NULL) { 358 /* Check whether chain built is equal to the expected one */ 359 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 360 sk_X509_pop_free(chain, X509_free); 361 } 362 } 363 X509_STORE_free(store); 364 return ret; 365 } 366 367 static int test_cmp_build_cert_chain(void) 368 { 369 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 370 fixture->expected = 1; 371 fixture->with_ss = 0; 372 fixture->cert = endentity2; 373 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 374 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 375 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 376 || !TEST_true(sk_X509_push(fixture->certs, root)) 377 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 378 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 379 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 380 tear_down(fixture); 381 fixture = NULL; 382 } 383 if (fixture != NULL) { 384 result = execute_cmp_build_cert_chain_test(fixture); 385 fixture->with_ss = 1; 386 if (result && TEST_true(sk_X509_push(fixture->chain, root))) 387 result = execute_cmp_build_cert_chain_test(fixture); 388 } 389 tear_down(fixture); 390 return result; 391 } 392 393 static int test_cmp_build_cert_chain_missing_intermediate(void) 394 { 395 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 396 fixture->expected = 0; 397 fixture->with_ss = 0; 398 fixture->cert = endentity2; 399 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 400 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 401 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 402 || !TEST_true(sk_X509_push(fixture->certs, root)) 403 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 404 tear_down(fixture); 405 fixture = NULL; 406 } 407 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 408 return result; 409 } 410 411 static int test_cmp_build_cert_chain_no_root(void) 412 { 413 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 414 fixture->expected = 1; 415 fixture->with_ss = 0; 416 fixture->cert = endentity2; 417 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 418 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 419 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 420 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 421 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 422 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 423 tear_down(fixture); 424 fixture = NULL; 425 } 426 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 427 return result; 428 } 429 430 static int test_cmp_build_cert_chain_only_root(void) 431 { 432 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 433 fixture->expected = 1; 434 fixture->with_ss = 0; /* still chain must include the only cert (root) */ 435 fixture->cert = root; 436 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 437 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 438 || !TEST_true(sk_X509_push(fixture->certs, root)) 439 || !TEST_true(sk_X509_push(fixture->chain, root))) { 440 tear_down(fixture); 441 fixture = NULL; 442 } 443 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 444 return result; 445 } 446 447 static int test_cmp_build_cert_chain_no_certs(void) 448 { 449 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 450 fixture->expected = 0; 451 fixture->with_ss = 0; 452 fixture->cert = endentity2; 453 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 454 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 455 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 456 tear_down(fixture); 457 fixture = NULL; 458 } 459 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 460 return result; 461 } 462 #endif /* OPENSSL_NO_EC */ 463 464 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) 465 { 466 X509_STORE *store = X509_STORE_new(); 467 STACK_OF(X509) *sk = NULL; 468 int res = 0; 469 470 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, 471 fixture->certs, 472 fixture->callback_arg))) 473 goto err; 474 sk = X509_STORE_get1_all_certs(store); 475 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) 476 goto err; 477 res = 1; 478 err: 479 X509_STORE_free(store); 480 sk_X509_pop_free(sk, X509_free); 481 return res; 482 483 } 484 485 static int test_X509_STORE(void) 486 { 487 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 488 fixture->callback_arg = 0; /* self-issued allowed */ 489 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 490 || !sk_X509_push(fixture->certs, endentity1) 491 || !sk_X509_push(fixture->certs, endentity2) 492 || !sk_X509_push(fixture->certs, root) 493 || !sk_X509_push(fixture->certs, intermediate) 494 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { 495 tear_down(fixture); 496 fixture = NULL; 497 } 498 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 499 return result; 500 } 501 502 static int test_X509_STORE_only_self_issued(void) 503 { 504 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 505 fixture->certs = sk_X509_new_null(); 506 fixture->chain = sk_X509_new_null(); 507 fixture->callback_arg = 1; /* only self-issued */ 508 if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) 509 || !TEST_true(sk_X509_push(fixture->certs, endentity2)) 510 || !TEST_true(sk_X509_push(fixture->certs, root)) 511 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 512 || !TEST_true(sk_X509_push(fixture->chain, root))) { 513 tear_down(fixture); 514 fixture = NULL; 515 } 516 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 517 return result; 518 } 519 520 521 void cleanup_tests(void) 522 { 523 EVP_PKEY_free(loadedprivkey); 524 EVP_PKEY_free(loadedpubkey); 525 EVP_PKEY_free(loadedkey); 526 X509_free(cert); 527 X509_free(endentity1); 528 X509_free(endentity2); 529 X509_free(root); 530 X509_free(intermediate); 531 OSSL_CMP_MSG_free(ir_protected); 532 OSSL_CMP_MSG_free(ir_unprotected); 533 OSSL_PROVIDER_unload(default_null_provider); 534 OSSL_PROVIDER_unload(provider); 535 OSSL_LIB_CTX_free(libctx); 536 } 537 538 #define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ 539 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ 540 "Intermediate_CA.crt module_name [module_conf_file]\n" 541 OPT_TEST_DECLARE_USAGE(USAGE) 542 543 int setup_tests(void) 544 { 545 char *server_f; 546 char *server_key_f; 547 char *server_cert_f; 548 char *endentity1_f; 549 char *endentity2_f; 550 char *root_f; 551 char *intermediate_f; 552 553 if (!test_skip_common_options()) { 554 TEST_error("Error parsing test options\n"); 555 return 0; 556 } 557 558 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 559 if (!TEST_ptr(server_f = test_get_argument(0)) 560 || !TEST_ptr(ir_protected_f = test_get_argument(1)) 561 || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) 562 || !TEST_ptr(ip_PBM_f = test_get_argument(3)) 563 || !TEST_ptr(server_cert_f = test_get_argument(4)) 564 || !TEST_ptr(server_key_f = test_get_argument(5)) 565 || !TEST_ptr(endentity1_f = test_get_argument(6)) 566 || !TEST_ptr(endentity2_f = test_get_argument(7)) 567 || !TEST_ptr(root_f = test_get_argument(8)) 568 || !TEST_ptr(intermediate_f = test_get_argument(9))) { 569 TEST_error("usage: cmp_protect_test %s", USAGE); 570 return 0; 571 } 572 573 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) 574 return 0; 575 576 if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) 577 || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) 578 return 0; 579 580 if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) 581 return 0; 582 if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) 583 loadedpubkey = loadedprivkey; 584 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) 585 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) 586 return 0; 587 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 588 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 589 || !TEST_ptr(root = load_cert_pem(root_f, libctx)) 590 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 591 return 0; 592 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 593 return 0; 594 595 /* Message protection tests */ 596 ADD_TEST(test_cmp_calc_protection_no_key_no_secret); 597 ADD_TEST(test_cmp_calc_protection_pkey); 598 ADD_TEST(test_cmp_calc_protection_pbmac); 599 600 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); 601 ADD_TEST(test_MSG_protect_with_certificate_and_key); 602 ADD_TEST(test_MSG_protect_certificate_based_without_cert); 603 ADD_TEST(test_MSG_protect_unprotected_request); 604 ADD_TEST(test_MSG_protect_no_key_no_secret); 605 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); 606 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); 607 ADD_TEST(test_MSG_add_extraCerts); 608 609 #ifndef OPENSSL_NO_EC 610 ADD_TEST(test_cmp_build_cert_chain); 611 ADD_TEST(test_cmp_build_cert_chain_only_root); 612 ADD_TEST(test_cmp_build_cert_chain_no_root); 613 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); 614 ADD_TEST(test_cmp_build_cert_chain_no_certs); 615 #endif 616 617 ADD_TEST(test_X509_STORE); 618 ADD_TEST(test_X509_STORE_only_self_issued); 619 620 return 1; 621 } 622