1 /* 2 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include "helpers/cmp_testlib.h" 13 #include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */ 14 15 static const char *server_f; 16 static const char *client_f; 17 static const char *endentity1_f; 18 static const char *endentity2_f; 19 static const char *root_f; 20 static const char *intermediate_f; 21 static const char *ir_protected_f; 22 static const char *ir_unprotected_f; 23 static const char *ir_rmprotection_f; 24 static const char *ip_waiting_f; 25 static const char *instacert_f; 26 static const char *instaca_f; 27 static const char *ir_protected_0_extracerts; 28 static const char *ir_protected_2_extracerts; 29 30 typedef struct test_fixture { 31 const char *test_case_name; 32 int expected; 33 OSSL_CMP_CTX *cmp_ctx; 34 OSSL_CMP_MSG *msg; 35 X509 *cert; 36 ossl_cmp_allow_unprotected_cb_t allow_unprotected_cb; 37 int additional_arg; 38 } CMP_VFY_TEST_FIXTURE; 39 40 static OSSL_LIB_CTX *libctx = NULL; 41 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 42 43 static void tear_down(CMP_VFY_TEST_FIXTURE *fixture) 44 { 45 OSSL_CMP_MSG_free(fixture->msg); 46 OSSL_CMP_CTX_free(fixture->cmp_ctx); 47 OPENSSL_free(fixture); 48 } 49 50 static time_t test_time_valid = 0, test_time_after_expiration = 0; 51 52 static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name) 53 { 54 X509_STORE *ts; 55 CMP_VFY_TEST_FIXTURE *fixture; 56 57 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 58 return NULL; 59 60 ts = X509_STORE_new(); 61 fixture->test_case_name = test_case_name; 62 if (ts == NULL 63 || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) 64 || !OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, ts) 65 || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) { 66 tear_down(fixture); 67 X509_STORE_free(ts); 68 return NULL; 69 } 70 X509_VERIFY_PARAM_set_time(X509_STORE_get0_param(ts), test_time_valid); 71 X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb); 72 return fixture; 73 } 74 75 static X509 *srvcert = NULL; 76 static X509 *clcert = NULL; 77 /* chain */ 78 static X509 *endentity1 = NULL, *endentity2 = NULL, 79 *intermediate = NULL, *root = NULL; 80 /* INSTA chain */ 81 static X509 *insta_cert = NULL, *instaca_cert = NULL; 82 83 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 84 static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection; 85 86 /* secret value used for IP_waitingStatus_PBM.der */ 87 static const unsigned char sec_1[] = { 88 '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3', 89 'Q', '-', 'u', 'd', 'N', 'R' 90 }; 91 92 static int flip_bit(ASN1_BIT_STRING *bitstr) 93 { 94 int bit_num = 7; 95 int bit = ASN1_BIT_STRING_get_bit(bitstr, bit_num); 96 97 return ASN1_BIT_STRING_set_bit(bitstr, bit_num, !bit); 98 } 99 100 static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture) 101 { 102 if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL) 103 return 0; 104 if (fixture->expected == 0) { 105 const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir; 106 const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0); 107 108 if (req == NULL || !flip_bit(req->popo->value.signature->signature)) 109 return 0; 110 } 111 return TEST_int_eq(fixture->expected, 112 ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg, 113 fixture->additional_arg)); 114 } 115 116 static int test_verify_popo(void) 117 { 118 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 119 fixture->expected = 1; 120 EXECUTE_TEST(execute_verify_popo_test, tear_down); 121 return result; 122 } 123 124 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 125 static int test_verify_popo_bad(void) 126 { 127 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 128 fixture->expected = 0; 129 EXECUTE_TEST(execute_verify_popo_test, tear_down); 130 return result; 131 } 132 #endif 133 134 /* indirectly checks also OSSL_CMP_validate_msg() */ 135 static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture) 136 { 137 int res = TEST_int_eq(fixture->expected, 138 ossl_cmp_msg_check_update(fixture->cmp_ctx, 139 fixture->msg, NULL, 0)); 140 X509 *validated = OSSL_CMP_CTX_get0_validatedSrvCert(fixture->cmp_ctx); 141 142 return res && (!fixture->expected || TEST_ptr_eq(validated, fixture->cert)); 143 } 144 145 static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture) 146 { 147 X509_STORE *ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx); 148 int res = TEST_int_eq(fixture->expected, 149 OSSL_CMP_validate_cert_path(fixture->cmp_ctx, 150 ts, fixture->cert)); 151 152 OSSL_CMP_CTX_print_errors(fixture->cmp_ctx); 153 return res; 154 } 155 156 static int test_validate_msg_mac_alg_protection(int miss, int wrong) 157 { 158 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 159 fixture->cert = NULL; 160 161 fixture->expected = !miss && !wrong; 162 if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, NULL) 163 : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, 164 wrong ? 4 : sizeof(sec_1))) 165 || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { 166 tear_down(fixture); 167 fixture = NULL; 168 } 169 EXECUTE_TEST(execute_validate_msg_test, tear_down); 170 return result; 171 } 172 173 static int test_validate_msg_mac_alg_protection_ok(void) 174 { 175 return test_validate_msg_mac_alg_protection(0, 0); 176 } 177 178 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 179 static int test_validate_msg_mac_alg_protection_missing(void) 180 { 181 return test_validate_msg_mac_alg_protection(1, 0); 182 } 183 184 static int test_validate_msg_mac_alg_protection_wrong(void) 185 { 186 return test_validate_msg_mac_alg_protection(0, 1); 187 } 188 189 static int test_validate_msg_mac_alg_protection_bad(void) 190 { 191 const unsigned char sec_bad[] = { 192 '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3', 193 'Q', '-', 'u', 'd', 'N', 'r' 194 }; 195 196 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 197 fixture->cert = NULL; 198 fixture->expected = 0; 199 200 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad, 201 sizeof(sec_bad))) 202 || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { 203 tear_down(fixture); 204 fixture = NULL; 205 } 206 EXECUTE_TEST(execute_validate_msg_test, tear_down); 207 return result; 208 } 209 #endif 210 211 static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert) 212 { 213 return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trusted(ctx), cert); 214 } 215 216 static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert) 217 { 218 return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert, 219 X509_ADD_FLAG_UP_REF); 220 } 221 222 static int test_validate_msg_signature_partial_chain(int expired) 223 { 224 X509_STORE *ts; 225 226 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 227 fixture->cert = srvcert; 228 229 ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx); 230 fixture->expected = !expired; 231 if (ts == NULL 232 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) 233 || !add_trusted(fixture->cmp_ctx, srvcert)) { 234 tear_down(fixture); 235 fixture = NULL; 236 } else { 237 X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); 238 239 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN); 240 if (expired) 241 X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); 242 } 243 EXECUTE_TEST(execute_validate_msg_test, tear_down); 244 return result; 245 } 246 247 static int test_validate_msg_signature_trusted_ok(void) 248 { 249 return test_validate_msg_signature_partial_chain(0); 250 } 251 252 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 253 static int test_validate_msg_signature_trusted_expired(void) 254 { 255 return test_validate_msg_signature_partial_chain(1); 256 } 257 #endif 258 259 static int test_validate_msg_signature_srvcert(int bad_sig, int miss, int wrong) 260 { 261 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 262 fixture->cert = srvcert; 263 fixture->expected = !bad_sig && !wrong && !miss; 264 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) 265 || !TEST_true(miss ? OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 266 sec_1, sizeof(sec_1)) 267 : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, 268 wrong? clcert : srvcert)) 269 || (bad_sig && !flip_bit(fixture->msg->protection))) { 270 tear_down(fixture); 271 fixture = NULL; 272 } 273 EXECUTE_TEST(execute_validate_msg_test, tear_down); 274 return result; 275 } 276 277 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 278 static int test_validate_msg_signature_srvcert_missing(void) 279 { 280 return test_validate_msg_signature_srvcert(0, 1, 0); 281 } 282 #endif 283 284 static int test_validate_msg_signature_srvcert_wrong(void) 285 { 286 return test_validate_msg_signature_srvcert(0, 0, 1); 287 } 288 289 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 290 static int test_validate_msg_signature_bad(void) 291 { 292 return test_validate_msg_signature_srvcert(1, 0, 0); 293 } 294 #endif 295 296 static int test_validate_msg_signature_sender_cert_srvcert(void) 297 { 298 return test_validate_msg_signature_srvcert(0, 0, 0); 299 } 300 301 static int test_validate_msg_signature_sender_cert_untrusted(void) 302 { 303 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 304 fixture->cert = insta_cert; 305 fixture->expected = 1; 306 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) 307 || !add_trusted(fixture->cmp_ctx, instaca_cert) 308 || !add_untrusted(fixture->cmp_ctx, insta_cert)) { 309 tear_down(fixture); 310 fixture = NULL; 311 } 312 EXECUTE_TEST(execute_validate_msg_test, tear_down); 313 return result; 314 } 315 316 static int test_validate_msg_signature_sender_cert_trusted(void) 317 { 318 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 319 fixture->cert = insta_cert; 320 fixture->expected = 1; 321 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) 322 || !add_trusted(fixture->cmp_ctx, instaca_cert) 323 || !add_trusted(fixture->cmp_ctx, insta_cert)) { 324 tear_down(fixture); 325 fixture = NULL; 326 } 327 EXECUTE_TEST(execute_validate_msg_test, tear_down); 328 return result; 329 } 330 331 static int test_validate_msg_signature_sender_cert_extracert(void) 332 { 333 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 334 fixture->expected = 1; 335 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx)) 336 || !add_trusted(fixture->cmp_ctx, instaca_cert)) { 337 tear_down(fixture); 338 fixture = NULL; 339 } else { 340 fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */ 341 } 342 EXECUTE_TEST(execute_validate_msg_test, tear_down); 343 return result; 344 } 345 346 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 347 static int test_validate_msg_signature_sender_cert_absent(void) 348 { 349 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 350 fixture->expected = 0; 351 if (!TEST_ptr(fixture->msg = 352 load_pkimsg(ir_protected_0_extracerts, libctx))) { 353 tear_down(fixture); 354 fixture = NULL; 355 } 356 EXECUTE_TEST(execute_validate_msg_test, tear_down); 357 return result; 358 } 359 #endif 360 361 static int test_validate_with_sender(const X509_NAME *name, int expected) 362 { 363 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 364 fixture->cert = srvcert; 365 fixture->expected = expected; 366 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) 367 || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name)) 368 || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) { 369 tear_down(fixture); 370 fixture = NULL; 371 } 372 EXECUTE_TEST(execute_validate_msg_test, tear_down); 373 return result; 374 } 375 376 static int test_validate_msg_signature_expected_sender(void) 377 { 378 return test_validate_with_sender(X509_get_subject_name(srvcert), 1); 379 } 380 381 static int test_validate_msg_signature_unexpected_sender(void) 382 { 383 return test_validate_with_sender(X509_get_subject_name(root), 0); 384 } 385 386 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 387 static int test_validate_msg_unprotected_request(void) 388 { 389 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 390 fixture->expected = 0; 391 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) { 392 tear_down(fixture); 393 fixture = NULL; 394 } 395 EXECUTE_TEST(execute_validate_msg_test, tear_down); 396 return result; 397 } 398 #endif 399 400 static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired) 401 { 402 (*fixture)->cert = endentity2; 403 (*fixture)->expected = wrong == NULL && !expired; 404 if (expired) { 405 X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx); 406 X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); 407 408 X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); 409 } 410 if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong) 411 || !add_untrusted((*fixture)->cmp_ctx, endentity1) 412 || !add_untrusted((*fixture)->cmp_ctx, intermediate)) { 413 tear_down((*fixture)); 414 (*fixture) = NULL; 415 } 416 } 417 418 static int test_validate_cert_path_ok(void) 419 { 420 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 421 setup_path(&fixture, NULL, 0); 422 EXECUTE_TEST(execute_validate_cert_path_test, tear_down); 423 return result; 424 } 425 426 static int test_validate_cert_path_wrong_anchor(void) 427 { 428 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 429 setup_path(&fixture, srvcert /* wrong/non-root cert */, 0); 430 EXECUTE_TEST(execute_validate_cert_path_test, tear_down); 431 return result; 432 } 433 434 static int test_validate_cert_path_expired(void) 435 { 436 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 437 setup_path(&fixture, NULL, 1); 438 EXECUTE_TEST(execute_validate_cert_path_test, tear_down); 439 return result; 440 } 441 442 static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture) 443 { 444 const OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(fixture->msg); 445 const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr); 446 447 if (!TEST_int_eq(fixture->expected, 448 ossl_cmp_msg_check_update(fixture->cmp_ctx, 449 fixture->msg, 450 fixture->allow_unprotected_cb, 451 fixture->additional_arg))) 452 return 0; 453 454 if (fixture->expected == 0) /* error expected already during above check */ 455 return 1; 456 return 457 TEST_int_eq(0, 458 ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr), 459 fixture->cmp_ctx->recipNonce)) 460 && TEST_int_eq(0, 461 ASN1_OCTET_STRING_cmp(tid, 462 fixture->cmp_ctx->transactionID)); 463 } 464 465 static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, 466 int invalid_protection, int allow) 467 { 468 return allow; 469 } 470 471 static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected, 472 ossl_cmp_allow_unprotected_cb_t cb, int arg, 473 const unsigned char *trid_data, 474 const unsigned char *nonce_data) 475 { 476 OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx; 477 int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH; 478 479 (*fixture)->expected = expected; 480 (*fixture)->allow_unprotected_cb = cb; 481 (*fixture)->additional_arg = arg; 482 (*fixture)->msg = OSSL_CMP_MSG_dup(ir_rmprotection); 483 if ((*fixture)->msg == NULL 484 || (nonce_data != NULL 485 && !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce, 486 nonce_data, nonce_len))) { 487 tear_down((*fixture)); 488 (*fixture) = NULL; 489 } else if (trid_data != NULL) { 490 ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new(); 491 492 if (trid == NULL 493 || !ASN1_OCTET_STRING_set(trid, trid_data, 494 OSSL_CMP_TRANSACTIONID_LENGTH) 495 || !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) { 496 tear_down((*fixture)); 497 (*fixture) = NULL; 498 } 499 ASN1_OCTET_STRING_free(trid); 500 } 501 } 502 503 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 504 static int test_msg_check_no_protection_no_cb(void) 505 { 506 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 507 setup_check_update(&fixture, 0, NULL, 0, NULL, NULL); 508 EXECUTE_TEST(execute_msg_check_test, tear_down); 509 return result; 510 } 511 512 static int test_msg_check_no_protection_restrictive_cb(void) 513 { 514 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 515 setup_check_update(&fixture, 0, allow_unprotected, 0, NULL, NULL); 516 EXECUTE_TEST(execute_msg_check_test, tear_down); 517 return result; 518 } 519 #endif 520 521 static int test_msg_check_no_protection_permissive_cb(void) 522 { 523 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 524 setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, NULL); 525 EXECUTE_TEST(execute_msg_check_test, tear_down); 526 return result; 527 } 528 529 static int test_msg_check_transaction_id(void) 530 { 531 /* Transaction id belonging to CMP_IR_rmprotection.der */ 532 const unsigned char trans_id[OSSL_CMP_TRANSACTIONID_LENGTH] = { 533 0x39, 0xB6, 0x90, 0x28, 0xC4, 0xBC, 0x7A, 0xF6, 534 0xBE, 0xC6, 0x4A, 0x88, 0x97, 0xA6, 0x95, 0x0B 535 }; 536 537 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 538 setup_check_update(&fixture, 1, allow_unprotected, 1, trans_id, NULL); 539 EXECUTE_TEST(execute_msg_check_test, tear_down); 540 return result; 541 } 542 543 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 544 static int test_msg_check_transaction_id_bad(void) 545 { 546 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 547 setup_check_update(&fixture, 0, allow_unprotected, 1, rand_data, NULL); 548 EXECUTE_TEST(execute_msg_check_test, tear_down); 549 return result; 550 } 551 #endif 552 553 static int test_msg_check_recipient_nonce(void) 554 { 555 /* Recipient nonce belonging to CMP_IP_ir_rmprotection.der */ 556 const unsigned char rec_nonce[OSSL_CMP_SENDERNONCE_LENGTH] = { 557 0x48, 0xF1, 0x71, 0x1F, 0xE5, 0xAF, 0x1C, 0x8B, 558 0x21, 0x97, 0x5C, 0x84, 0x74, 0x49, 0xBA, 0x32 559 }; 560 561 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 562 setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, rec_nonce); 563 EXECUTE_TEST(execute_msg_check_test, tear_down); 564 return result; 565 } 566 567 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 568 static int test_msg_check_recipient_nonce_bad(void) 569 { 570 SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); 571 setup_check_update(&fixture, 0, allow_unprotected, 1, NULL, rand_data); 572 EXECUTE_TEST(execute_msg_check_test, tear_down); 573 return result; 574 } 575 #endif 576 577 void cleanup_tests(void) 578 { 579 X509_free(srvcert); 580 X509_free(clcert); 581 X509_free(endentity1); 582 X509_free(endentity2); 583 X509_free(intermediate); 584 X509_free(root); 585 X509_free(insta_cert); 586 X509_free(instaca_cert); 587 OSSL_CMP_MSG_free(ir_unprotected); 588 OSSL_CMP_MSG_free(ir_rmprotection); 589 OSSL_PROVIDER_unload(default_null_provider); 590 OSSL_PROVIDER_unload(provider); 591 OSSL_LIB_CTX_free(libctx); 592 return; 593 } 594 595 #define USAGE "server.crt client.crt " \ 596 "EndEntity1.crt EndEntity2.crt " \ 597 "Root_CA.crt Intermediate_CA.crt " \ 598 "CMP_IR_protected.der CMP_IR_unprotected.der " \ 599 "IP_waitingStatus_PBM.der IR_rmprotection.der " \ 600 "insta.cert.pem insta_ca.cert.pem " \ 601 "IR_protected_0_extraCerts.der " \ 602 "IR_protected_2_extraCerts.der module_name [module_conf_file]\n" 603 OPT_TEST_DECLARE_USAGE(USAGE) 604 605 int setup_tests(void) 606 { 607 /* Set test time stamps */ 608 struct tm ts = { 0 }; 609 610 ts.tm_year = 2018 - 1900; /* 2018 */ 611 ts.tm_mon = 1; /* February */ 612 ts.tm_mday = 18; /* 18th */ 613 test_time_valid = mktime(&ts); /* February 18th 2018 */ 614 ts.tm_year += 10; /* February 18th 2028 */ 615 test_time_after_expiration = mktime(&ts); 616 617 if (!test_skip_common_options()) { 618 TEST_error("Error parsing test options\n"); 619 return 0; 620 } 621 622 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 623 if (!TEST_ptr(server_f = test_get_argument(0)) 624 || !TEST_ptr(client_f = test_get_argument(1)) 625 || !TEST_ptr(endentity1_f = test_get_argument(2)) 626 || !TEST_ptr(endentity2_f = test_get_argument(3)) 627 || !TEST_ptr(root_f = test_get_argument(4)) 628 || !TEST_ptr(intermediate_f = test_get_argument(5)) 629 || !TEST_ptr(ir_protected_f = test_get_argument(6)) 630 || !TEST_ptr(ir_unprotected_f = test_get_argument(7)) 631 || !TEST_ptr(ip_waiting_f = test_get_argument(8)) 632 || !TEST_ptr(ir_rmprotection_f = test_get_argument(9)) 633 || !TEST_ptr(instacert_f = test_get_argument(10)) 634 || !TEST_ptr(instaca_f = test_get_argument(11)) 635 || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12)) 636 || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) { 637 TEST_error("usage: cmp_vfy_test %s", USAGE); 638 return 0; 639 } 640 641 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 14, USAGE)) 642 return 0; 643 644 /* Load certificates for cert chain */ 645 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 646 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 647 || !TEST_ptr(root = load_cert_pem(root_f, NULL)) 648 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 649 goto err; 650 651 if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx)) 652 || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx))) 653 goto err; 654 655 /* Load certificates for message validation */ 656 if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx)) 657 || !TEST_ptr(clcert = load_cert_pem(client_f, libctx))) 658 goto err; 659 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 660 goto err; 661 if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) 662 || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, 663 libctx))) 664 goto err; 665 666 /* Message validation tests */ 667 ADD_TEST(test_verify_popo); 668 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 669 ADD_TEST(test_verify_popo_bad); 670 #endif 671 ADD_TEST(test_validate_msg_signature_trusted_ok); 672 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 673 ADD_TEST(test_validate_msg_signature_trusted_expired); 674 ADD_TEST(test_validate_msg_signature_srvcert_missing); 675 #endif 676 ADD_TEST(test_validate_msg_signature_srvcert_wrong); 677 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 678 ADD_TEST(test_validate_msg_signature_bad); 679 #endif 680 ADD_TEST(test_validate_msg_signature_sender_cert_srvcert); 681 ADD_TEST(test_validate_msg_signature_sender_cert_untrusted); 682 ADD_TEST(test_validate_msg_signature_sender_cert_trusted); 683 ADD_TEST(test_validate_msg_signature_sender_cert_extracert); 684 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 685 ADD_TEST(test_validate_msg_signature_sender_cert_absent); 686 #endif 687 ADD_TEST(test_validate_msg_signature_expected_sender); 688 ADD_TEST(test_validate_msg_signature_unexpected_sender); 689 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 690 ADD_TEST(test_validate_msg_unprotected_request); 691 #endif 692 ADD_TEST(test_validate_msg_mac_alg_protection_ok); 693 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 694 ADD_TEST(test_validate_msg_mac_alg_protection_missing); 695 ADD_TEST(test_validate_msg_mac_alg_protection_wrong); 696 ADD_TEST(test_validate_msg_mac_alg_protection_bad); 697 #endif 698 699 /* Cert path validation tests */ 700 ADD_TEST(test_validate_cert_path_ok); 701 ADD_TEST(test_validate_cert_path_expired); 702 ADD_TEST(test_validate_cert_path_wrong_anchor); 703 704 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 705 ADD_TEST(test_msg_check_no_protection_no_cb); 706 ADD_TEST(test_msg_check_no_protection_restrictive_cb); 707 #endif 708 ADD_TEST(test_msg_check_no_protection_permissive_cb); 709 ADD_TEST(test_msg_check_transaction_id); 710 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 711 ADD_TEST(test_msg_check_transaction_id_bad); 712 #endif 713 ADD_TEST(test_msg_check_recipient_nonce); 714 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 715 ADD_TEST(test_msg_check_recipient_nonce_bad); 716 #endif 717 718 return 1; 719 720 err: 721 cleanup_tests(); 722 return 0; 723 724 } 725