1 /* 2 * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include "helpers/cmp_testlib.h" 13 14 static const char *ir_protected_f; 15 static const char *genm_prot_Ed_f; 16 static const char *ir_unprotected_f; 17 static const char *ip_PBM_f; 18 19 typedef struct test_fixture { 20 const char *test_case_name; 21 OSSL_CMP_CTX *cmp_ctx; 22 /* for protection tests */ 23 OSSL_CMP_MSG *msg; 24 OSSL_CMP_PKISI *si; /* for error and response messages */ 25 EVP_PKEY *pubkey; 26 unsigned char *mem; 27 int memlen; 28 X509 *cert; 29 STACK_OF(X509) *certs; 30 STACK_OF(X509) *chain; 31 int with_ss; 32 int callback_arg; 33 int expected; 34 } CMP_PROTECT_TEST_FIXTURE; 35 36 static OSSL_LIB_CTX *libctx = NULL; 37 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 38 39 static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) 40 { 41 if (fixture != NULL) { 42 OSSL_CMP_CTX_free(fixture->cmp_ctx); 43 OSSL_CMP_MSG_free(fixture->msg); 44 OSSL_CMP_PKISI_free(fixture->si); 45 46 OPENSSL_free(fixture->mem); 47 sk_X509_free(fixture->certs); 48 sk_X509_free(fixture->chain); 49 50 OPENSSL_free(fixture); 51 } 52 } 53 54 static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) 55 { 56 CMP_PROTECT_TEST_FIXTURE *fixture; 57 58 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 59 return NULL; 60 fixture->test_case_name = test_case_name; 61 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) { 62 tear_down(fixture); 63 return NULL; 64 } 65 return fixture; 66 } 67 68 static EVP_PKEY *prot_RSA_key = NULL; 69 #ifndef OPENSSL_NO_ECX 70 static EVP_PKEY *prot_Ed_key = NULL; 71 static OSSL_CMP_MSG *genm_protected_Ed; 72 #endif 73 static EVP_PKEY *server_key = NULL; 74 static X509 *server_cert = NULL; 75 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 76 static OSSL_CMP_MSG *ir_unprotected, *ir_protected; 77 static X509 *endentity1 = NULL, *endentity2 = NULL, 78 *root = NULL, *intermediate = NULL; 79 80 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) 81 { 82 ASN1_BIT_STRING *protection = 83 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 84 int res = TEST_ptr_null(protection); 85 86 ASN1_BIT_STRING_free(protection); 87 return res; 88 } 89 90 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) 91 { 92 ASN1_BIT_STRING *protection = 93 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 94 int res = TEST_ptr(protection) 95 && TEST_true(ASN1_STRING_cmp(protection, 96 fixture->msg->protection) == 0); 97 98 ASN1_BIT_STRING_free(protection); 99 return res; 100 } 101 102 /* 103 * This function works similarly to parts of verify_signature in cmp_vfy.c, 104 * but without the need for an OSSL_CMP_CTX or an X509 certificate. 105 */ 106 static int verify_signature(OSSL_CMP_MSG *msg, 107 ASN1_BIT_STRING *protection, 108 EVP_PKEY *pkey, EVP_MD *digest) 109 { 110 OSSL_CMP_PROTECTEDPART prot_part; 111 112 prot_part.header = OSSL_CMP_MSG_get0_header(msg); 113 prot_part.body = msg->body; 114 return ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), 115 msg->header->protectionAlg, protection, 116 &prot_part, NULL, pkey, libctx, NULL) > 0; 117 } 118 119 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ 120 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * 121 fixture) 122 { 123 ASN1_BIT_STRING *protection = 124 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 125 int ret = (TEST_ptr(protection) 126 && TEST_true(verify_signature(fixture->msg, protection, 127 fixture->pubkey, 128 fixture->cmp_ctx->digest))); 129 130 ASN1_BIT_STRING_free(protection); 131 return ret; 132 } 133 134 static int test_cmp_calc_protection_no_key_no_secret(void) 135 { 136 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 137 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) 138 || !TEST_ptr(fixture->msg->header->protectionAlg = 139 X509_ALGOR_new() /* no specific alg needed here */)) { 140 tear_down(fixture); 141 fixture = NULL; 142 } 143 144 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); 145 return result; 146 } 147 148 static int test_cmp_calc_protection_pkey(void) 149 { 150 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 151 fixture->pubkey = prot_RSA_key; 152 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_RSA_key)) 153 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { 154 tear_down(fixture); 155 fixture = NULL; 156 } 157 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 158 return result; 159 } 160 161 #ifndef OPENSSL_NO_ECX 162 static int test_cmp_calc_protection_pkey_Ed(void) 163 { 164 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 165 fixture->pubkey = prot_Ed_key; 166 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_Ed_key)) 167 || !TEST_ptr(fixture->msg = load_pkimsg(genm_prot_Ed_f, libctx))) { 168 tear_down(fixture); 169 fixture = NULL; 170 } 171 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 172 return result; 173 } 174 #endif 175 176 static int test_cmp_calc_protection_pbmac(void) 177 { 178 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; 179 180 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 181 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 182 sec_insta, sizeof(sec_insta))) 183 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { 184 tear_down(fixture); 185 fixture = NULL; 186 } 187 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); 188 return result; 189 } 190 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) 191 { 192 return TEST_int_eq(fixture->expected, 193 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); 194 } 195 196 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ 197 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) 198 static int test_MSG_protect_unprotected_request(void) 199 { 200 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 201 202 fixture->expected = 1; 203 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 204 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { 205 tear_down(fixture); 206 fixture = NULL; 207 } 208 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 209 return result; 210 } 211 212 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) 213 { 214 const size_t size = sizeof(rand_data) / 2; 215 216 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 217 fixture->expected = 1; 218 219 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 220 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 221 /* 222 * Use half of the 16 bytes of random input 223 * for each reference and secret value 224 */ 225 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 226 rand_data, size)) 227 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 228 rand_data + size, 229 size))) { 230 tear_down(fixture); 231 fixture = NULL; 232 } 233 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 234 return result; 235 } 236 237 static int test_MSG_protect_with_certificate_and_key(void) 238 { 239 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 240 fixture->expected = 1; 241 242 if (!TEST_ptr(fixture->msg = 243 OSSL_CMP_MSG_dup(ir_unprotected)) 244 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 245 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, server_key)) 246 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, 247 server_cert))) { 248 tear_down(fixture); 249 fixture = NULL; 250 } 251 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 252 return result; 253 } 254 255 static int test_MSG_protect_certificate_based_without_cert(void) 256 { 257 OSSL_CMP_CTX *ctx; 258 259 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 260 ctx = fixture->cmp_ctx; 261 fixture->expected = 0; 262 if (!TEST_ptr(fixture->msg = 263 OSSL_CMP_MSG_dup(ir_unprotected)) 264 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) 265 || !TEST_true(EVP_PKEY_up_ref(server_key)) 266 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, server_key))) { 267 tear_down(fixture); 268 fixture = NULL; 269 } 270 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 271 return result; 272 } 273 274 static int test_MSG_protect_no_key_no_secret(void) 275 { 276 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 277 fixture->expected = 0; 278 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 279 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { 280 tear_down(fixture); 281 fixture = NULL; 282 } 283 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 284 return result; 285 } 286 287 static int test_MSG_protect_pbmac_no_sender(int with_ref) 288 { 289 static unsigned char secret[] = { 47, 11, 8, 15 }; 290 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; 291 292 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 293 fixture->expected = with_ref; 294 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 295 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) 296 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) 297 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 298 secret, sizeof(secret)) 299 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 300 with_ref ? ref : NULL, 301 sizeof(ref)))) { 302 tear_down(fixture); 303 fixture = NULL; 304 } 305 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 306 return result; 307 } 308 309 static int test_MSG_protect_pbmac_no_sender_with_ref(void) 310 { 311 return test_MSG_protect_pbmac_no_sender(1); 312 } 313 314 static int test_MSG_protect_pbmac_no_sender_no_ref(void) 315 { 316 return test_MSG_protect_pbmac_no_sender(0); 317 } 318 319 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) 320 { 321 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, 322 fixture->msg)); 323 } 324 325 static int test_MSG_add_extraCerts(void) 326 { 327 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 328 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { 329 tear_down(fixture); 330 fixture = NULL; 331 } 332 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); 333 return result; 334 } 335 336 #ifndef OPENSSL_NO_EC 337 /* The cert chain tests use EC certs so we skip them in no-ec builds */ 338 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) 339 { 340 int ret = 0; 341 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 342 X509_STORE *store; 343 STACK_OF(X509) *chain = 344 X509_build_chain(fixture->cert, fixture->certs, NULL, 345 fixture->with_ss, ctx->libctx, ctx->propq); 346 347 if (TEST_ptr(chain)) { 348 /* Check whether chain built is equal to the expected one */ 349 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 350 OSSL_STACK_OF_X509_free(chain); 351 } 352 if (!ret) 353 return 0; 354 355 if (TEST_ptr(store = X509_STORE_new()) 356 && TEST_true(X509_STORE_add_cert(store, root))) { 357 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), 358 X509_V_FLAG_NO_CHECK_TIME); 359 chain = X509_build_chain(fixture->cert, fixture->certs, store, 360 fixture->with_ss, ctx->libctx, ctx->propq); 361 ret = TEST_int_eq(fixture->expected, chain != NULL); 362 if (ret && chain != NULL) { 363 /* Check whether chain built is equal to the expected one */ 364 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 365 OSSL_STACK_OF_X509_free(chain); 366 } 367 } 368 X509_STORE_free(store); 369 return ret; 370 } 371 372 static int test_cmp_build_cert_chain(void) 373 { 374 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 375 fixture->expected = 1; 376 fixture->with_ss = 0; 377 fixture->cert = endentity2; 378 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 379 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 380 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 381 || !TEST_true(sk_X509_push(fixture->certs, root)) 382 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 383 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 384 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 385 tear_down(fixture); 386 fixture = NULL; 387 } 388 if (fixture != NULL) { 389 result = execute_cmp_build_cert_chain_test(fixture); 390 fixture->with_ss = 1; 391 if (result && TEST_true(sk_X509_push(fixture->chain, root))) 392 result = execute_cmp_build_cert_chain_test(fixture); 393 } 394 tear_down(fixture); 395 return result; 396 } 397 398 static int test_cmp_build_cert_chain_missing_intermediate(void) 399 { 400 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 401 fixture->expected = 0; 402 fixture->with_ss = 0; 403 fixture->cert = endentity2; 404 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 405 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 406 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 407 || !TEST_true(sk_X509_push(fixture->certs, root)) 408 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 409 tear_down(fixture); 410 fixture = NULL; 411 } 412 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 413 return result; 414 } 415 416 static int test_cmp_build_cert_chain_no_root(void) 417 { 418 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 419 fixture->expected = 1; 420 fixture->with_ss = 0; 421 fixture->cert = endentity2; 422 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 423 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 424 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 425 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 426 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 427 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 428 tear_down(fixture); 429 fixture = NULL; 430 } 431 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 432 return result; 433 } 434 435 static int test_cmp_build_cert_chain_only_root(void) 436 { 437 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 438 fixture->expected = 1; 439 fixture->with_ss = 0; /* still chain must include the only cert (root) */ 440 fixture->cert = root; 441 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 442 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 443 || !TEST_true(sk_X509_push(fixture->certs, root)) 444 || !TEST_true(sk_X509_push(fixture->chain, root))) { 445 tear_down(fixture); 446 fixture = NULL; 447 } 448 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 449 return result; 450 } 451 452 static int test_cmp_build_cert_chain_no_certs(void) 453 { 454 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 455 fixture->expected = 0; 456 fixture->with_ss = 0; 457 fixture->cert = endentity2; 458 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 459 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 460 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 461 tear_down(fixture); 462 fixture = NULL; 463 } 464 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 465 return result; 466 } 467 #endif /* OPENSSL_NO_EC */ 468 469 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) 470 { 471 X509_STORE *store = X509_STORE_new(); 472 STACK_OF(X509) *sk = NULL; 473 int res = 0; 474 475 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, 476 fixture->certs, 477 fixture->callback_arg))) 478 goto err; 479 sk = X509_STORE_get1_all_certs(store); 480 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) 481 goto err; 482 res = 1; 483 err: 484 X509_STORE_free(store); 485 OSSL_STACK_OF_X509_free(sk); 486 return res; 487 488 } 489 490 static int test_X509_STORE(void) 491 { 492 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 493 fixture->callback_arg = 0; /* self-issued allowed */ 494 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 495 || !sk_X509_push(fixture->certs, endentity1) 496 || !sk_X509_push(fixture->certs, endentity2) 497 || !sk_X509_push(fixture->certs, root) 498 || !sk_X509_push(fixture->certs, intermediate) 499 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { 500 tear_down(fixture); 501 fixture = NULL; 502 } 503 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 504 return result; 505 } 506 507 static int test_X509_STORE_only_self_issued(void) 508 { 509 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 510 fixture->certs = sk_X509_new_null(); 511 fixture->chain = sk_X509_new_null(); 512 fixture->callback_arg = 1; /* only self-issued */ 513 if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) 514 || !TEST_true(sk_X509_push(fixture->certs, endentity2)) 515 || !TEST_true(sk_X509_push(fixture->certs, root)) 516 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 517 || !TEST_true(sk_X509_push(fixture->chain, root))) { 518 tear_down(fixture); 519 fixture = NULL; 520 } 521 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 522 return result; 523 } 524 525 void cleanup_tests(void) 526 { 527 EVP_PKEY_free(prot_RSA_key); 528 #ifndef OPENSSL_NO_ECX 529 EVP_PKEY_free(prot_Ed_key); 530 OSSL_CMP_MSG_free(genm_protected_Ed); 531 #endif 532 EVP_PKEY_free(server_key); 533 X509_free(server_cert); 534 X509_free(endentity1); 535 X509_free(endentity2); 536 X509_free(root); 537 X509_free(intermediate); 538 OSSL_CMP_MSG_free(ir_protected); 539 OSSL_CMP_MSG_free(ir_unprotected); 540 OSSL_PROVIDER_unload(default_null_provider); 541 OSSL_PROVIDER_unload(provider); 542 OSSL_LIB_CTX_free(libctx); 543 } 544 545 #define USAGE "prot_RSA.pem IR_protected.der prot_Ed.pem " \ 546 "GENM_protected_Ed.der IR_unprotected.der IP_PBM.der " \ 547 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ 548 "Intermediate_CA.crt module_name [module_conf_file]\n" 549 OPT_TEST_DECLARE_USAGE(USAGE) 550 551 int setup_tests(void) 552 { 553 char *prot_RSA_f; 554 char *prot_Ed_f; 555 char *server_key_f; 556 char *server_cert_f; 557 char *endentity1_f; 558 char *endentity2_f; 559 char *root_f; 560 char *intermediate_f; 561 562 if (!test_skip_common_options()) { 563 TEST_error("Error parsing test options\n"); 564 return 0; 565 } 566 567 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 568 if (!TEST_ptr(prot_RSA_f = test_get_argument(0)) 569 || !TEST_ptr(ir_protected_f = test_get_argument(1)) 570 || !TEST_ptr(prot_Ed_f = test_get_argument(2)) 571 || !TEST_ptr(genm_prot_Ed_f = test_get_argument(3)) 572 || !TEST_ptr(ir_unprotected_f = test_get_argument(4)) 573 || !TEST_ptr(ip_PBM_f = test_get_argument(5)) 574 || !TEST_ptr(server_cert_f = test_get_argument(6)) 575 || !TEST_ptr(server_key_f = test_get_argument(7)) 576 || !TEST_ptr(endentity1_f = test_get_argument(8)) 577 || !TEST_ptr(endentity2_f = test_get_argument(9)) 578 || !TEST_ptr(root_f = test_get_argument(10)) 579 || !TEST_ptr(intermediate_f = test_get_argument(11))) { 580 TEST_error("usage: cmp_protect_test %s", USAGE); 581 return 0; 582 } 583 584 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 12, USAGE)) 585 return 0; 586 587 if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) 588 || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))) 589 return 0; 590 591 if (!TEST_ptr(prot_RSA_key = load_pkey_pem(prot_RSA_f, libctx))) 592 return 0; 593 #ifndef OPENSSL_NO_ECX 594 if (!TEST_ptr(prot_Ed_key = load_pkey_pem(prot_Ed_f, libctx))) 595 return 0; 596 #endif 597 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) 598 #ifndef OPENSSL_NO_ECX 599 || !TEST_ptr(genm_protected_Ed = load_pkimsg(genm_prot_Ed_f, libctx)) 600 #endif 601 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) 602 return 0; 603 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 604 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 605 || !TEST_ptr(root = load_cert_pem(root_f, libctx)) 606 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 607 return 0; 608 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 609 return 0; 610 611 /* Message protection tests */ 612 ADD_TEST(test_cmp_calc_protection_no_key_no_secret); 613 ADD_TEST(test_cmp_calc_protection_pkey); 614 #ifndef OPENSSL_NO_ECX 615 ADD_TEST(test_cmp_calc_protection_pkey_Ed); 616 #endif 617 ADD_TEST(test_cmp_calc_protection_pbmac); 618 619 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); 620 ADD_TEST(test_MSG_protect_with_certificate_and_key); 621 ADD_TEST(test_MSG_protect_certificate_based_without_cert); 622 ADD_TEST(test_MSG_protect_unprotected_request); 623 ADD_TEST(test_MSG_protect_no_key_no_secret); 624 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); 625 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); 626 ADD_TEST(test_MSG_add_extraCerts); 627 628 #ifndef OPENSSL_NO_EC 629 ADD_TEST(test_cmp_build_cert_chain); 630 ADD_TEST(test_cmp_build_cert_chain_only_root); 631 ADD_TEST(test_cmp_build_cert_chain_no_root); 632 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); 633 ADD_TEST(test_cmp_build_cert_chain_no_certs); 634 #endif 635 636 ADD_TEST(test_X509_STORE); 637 ADD_TEST(test_X509_STORE_only_self_issued); 638 639 return 1; 640 } 641