VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.0/test/cmp_protect_test.c@ 100111

Last change on this file since 100111 was 99366, checked in by vboxsync, 21 months ago

openssl-3.1.0: Applied and adjusted our OpenSSL changes to 3.0.7. bugref:10418
File size: 21.2 KB
Line 
1/*
2 * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12#include "helpers/cmp_testlib.h"
13
14static const char *ir_protected_f;
15static const char *ir_unprotected_f;
16static const char *ip_PBM_f;
17
18typedef struct test_fixture {
19 const char *test_case_name;
20 OSSL_CMP_CTX *cmp_ctx;
21 /* for protection tests */
22 OSSL_CMP_MSG *msg;
23 OSSL_CMP_PKISI *si; /* for error and response messages */
24 EVP_PKEY *pubkey;
25 unsigned char *mem;
26 int memlen;
27 X509 *cert;
28 STACK_OF(X509) *certs;
29 STACK_OF(X509) *chain;
30 int with_ss;
31 int callback_arg;
32 int expected;
33} CMP_PROTECT_TEST_FIXTURE;
34
35static OSSL_LIB_CTX *libctx = NULL;
36static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
37
38static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
39{
40 OSSL_CMP_CTX_free(fixture->cmp_ctx);
41 OSSL_CMP_MSG_free(fixture->msg);
42 OSSL_CMP_PKISI_free(fixture->si);
43
44 OPENSSL_free(fixture->mem);
45 sk_X509_free(fixture->certs);
46 sk_X509_free(fixture->chain);
47
48 OPENSSL_free(fixture);
49}
50
51static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
52{
53 CMP_PROTECT_TEST_FIXTURE *fixture;
54
55 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
56 return NULL;
57 fixture->test_case_name = test_case_name;
58 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
59 tear_down(fixture);
60 return NULL;
61 }
62 return fixture;
63}
64
65static EVP_PKEY *loadedprivkey = NULL;
66static EVP_PKEY *loadedpubkey = NULL;
67static EVP_PKEY *loadedkey = NULL;
68static X509 *cert = NULL;
69static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
70static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
71static X509 *endentity1 = NULL, *endentity2 = NULL,
72 *root = NULL, *intermediate = NULL;
73
74static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
75{
76 ASN1_BIT_STRING *protection =
77 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
78 int res = TEST_ptr_null(protection);
79
80 ASN1_BIT_STRING_free(protection);
81 return res;
82}
83
84static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
85{
86 ASN1_BIT_STRING *protection =
87 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
88 int res = TEST_ptr(protection)
89 && TEST_true(ASN1_STRING_cmp(protection,
90 fixture->msg->protection) == 0);
91
92 ASN1_BIT_STRING_free(protection);
93 return res;
94}
95
96/*
97 * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
98 * but without the need for an OSSL_CMP_CTX or a X509 certificate
99 */
100static int verify_signature(OSSL_CMP_MSG *msg,
101 ASN1_BIT_STRING *protection,
102 EVP_PKEY *pkey, EVP_MD *digest)
103{
104 OSSL_CMP_PROTECTEDPART prot_part;
105 unsigned char *prot_part_der = NULL;
106 int len;
107 EVP_MD_CTX *ctx = NULL;
108 int res;
109
110 prot_part.header = OSSL_CMP_MSG_get0_header(msg);
111 prot_part.body = msg->body;
112 len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der);
113 res =
114 TEST_int_ge(len, 0)
115 && TEST_ptr(ctx = EVP_MD_CTX_new())
116 && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey))
117 && TEST_int_eq(EVP_DigestVerify(ctx, protection->data,
118 protection->length,
119 prot_part_der, len), 1);
120 /* cleanup */
121 EVP_MD_CTX_free(ctx);
122 OPENSSL_free(prot_part_der);
123 return res;
124}
125
126/* Calls OSSL_CMP_calc_protection and compares and verifies signature */
127static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
128 fixture)
129{
130 ASN1_BIT_STRING *protection =
131 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
132 int ret = (TEST_ptr(protection)
133 && TEST_true(ASN1_STRING_cmp(protection,
134 fixture->msg->protection) == 0)
135 && TEST_true(verify_signature(fixture->msg, protection,
136 fixture->pubkey,
137 fixture->cmp_ctx->digest)));
138
139 ASN1_BIT_STRING_free(protection);
140 return ret;
141}
142
143static int test_cmp_calc_protection_no_key_no_secret(void)
144{
145 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
146 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))
147 || !TEST_ptr(fixture->msg->header->protectionAlg =
148 X509_ALGOR_new() /* no specific alg needed here */)) {
149 tear_down(fixture);
150 fixture = NULL;
151 }
152
153 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
154 return result;
155}
156
157static int test_cmp_calc_protection_pkey(void)
158{
159 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
160 fixture->pubkey = loadedpubkey;
161 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
162 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) {
163 tear_down(fixture);
164 fixture = NULL;
165 }
166 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
167 return result;
168}
169
170static int test_cmp_calc_protection_pbmac(void)
171{
172 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
173
174 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
175 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
176 sec_insta, sizeof(sec_insta)))
177 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) {
178 tear_down(fixture);
179 fixture = NULL;
180 }
181 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
182 return result;
183}
184static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
185{
186 return TEST_int_eq(fixture->expected,
187 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
188}
189
190#define SET_OPT_UNPROTECTED_SEND(ctx, val) \
191 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
192static int test_MSG_protect_unprotected_request(void)
193{
194 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
195
196 fixture->expected = 1;
197 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
198 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
199 tear_down(fixture);
200 fixture = NULL;
201 }
202 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
203 return result;
204}
205
206static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
207{
208 const size_t size = sizeof(rand_data) / 2;
209
210 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
211 fixture->expected = 1;
212
213 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
214 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
215 /*
216 * Use half of the 16 bytes of random input
217 * for each reference and secret value
218 */
219 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
220 rand_data, size))
221 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
222 rand_data + size,
223 size))) {
224 tear_down(fixture);
225 fixture = NULL;
226 }
227 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
228 return result;
229}
230
231static int test_MSG_protect_with_certificate_and_key(void)
232{
233 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
234 fixture->expected = 1;
235
236 if (!TEST_ptr(fixture->msg =
237 OSSL_CMP_MSG_dup(ir_unprotected))
238 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
239 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
240 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
241 tear_down(fixture);
242 fixture = NULL;
243 }
244 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
245 return result;
246}
247
248static int test_MSG_protect_certificate_based_without_cert(void)
249{
250 OSSL_CMP_CTX *ctx;
251
252 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
253 ctx = fixture->cmp_ctx;
254 fixture->expected = 0;
255 if (!TEST_ptr(fixture->msg =
256 OSSL_CMP_MSG_dup(ir_unprotected))
257 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
258 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) {
259 tear_down(fixture);
260 fixture = NULL;
261 }
262 EVP_PKEY_up_ref(loadedkey);
263 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
264 return result;
265}
266
267static int test_MSG_protect_no_key_no_secret(void)
268{
269 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
270 fixture->expected = 0;
271 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
272 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
273 tear_down(fixture);
274 fixture = NULL;
275 }
276 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
277 return result;
278}
279
280static int test_MSG_protect_pbmac_no_sender(int with_ref)
281{
282 static unsigned char secret[] = { 47, 11, 8, 15 };
283 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
284
285 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
286 fixture->expected = with_ref;
287 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
288 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
289 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
290 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
291 secret, sizeof(secret))
292 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
293 with_ref ? ref : NULL,
294 sizeof(ref)))) {
295 tear_down(fixture);
296 fixture = NULL;
297 }
298 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
299 return result;
300}
301
302static int test_MSG_protect_pbmac_no_sender_with_ref(void)
303{
304 return test_MSG_protect_pbmac_no_sender(1);
305}
306
307static int test_MSG_protect_pbmac_no_sender_no_ref(void)
308{
309 return test_MSG_protect_pbmac_no_sender(0);
310}
311
312static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
313{
314 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
315 fixture->msg));
316}
317
318static int test_MSG_add_extraCerts(void)
319{
320 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
321 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
322 tear_down(fixture);
323 fixture = NULL;
324 }
325 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
326 return result;
327}
328
329#ifndef OPENSSL_NO_EC
330/* The cert chain tests use EC certs so we skip them in no-ec builds */
331static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
332{
333 int ret = 0;
334 OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
335 X509_STORE *store;
336 STACK_OF(X509) *chain =
337 X509_build_chain(fixture->cert, fixture->certs, NULL,
338 fixture->with_ss, ctx->libctx, ctx->propq);
339
340 if (TEST_ptr(chain)) {
341 /* Check whether chain built is equal to the expected one */
342 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
343 sk_X509_pop_free(chain, X509_free);
344 }
345 if (!ret)
346 return 0;
347
348 if (TEST_ptr(store = X509_STORE_new())
349 && TEST_true(X509_STORE_add_cert(store, root))) {
350 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
351 X509_V_FLAG_NO_CHECK_TIME);
352 chain = X509_build_chain(fixture->cert, fixture->certs, store,
353 fixture->with_ss, ctx->libctx, ctx->propq);
354 ret = TEST_int_eq(fixture->expected, chain != NULL);
355 if (ret && chain != NULL) {
356 /* Check whether chain built is equal to the expected one */
357 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
358 sk_X509_pop_free(chain, X509_free);
359 }
360 }
361 X509_STORE_free(store);
362 return ret;
363}
364
365static int test_cmp_build_cert_chain(void)
366{
367 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
368 fixture->expected = 1;
369 fixture->with_ss = 0;
370 fixture->cert = endentity2;
371 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
372 || !TEST_ptr(fixture->chain = sk_X509_new_null())
373 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
374 || !TEST_true(sk_X509_push(fixture->certs, root))
375 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
376 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
377 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
378 tear_down(fixture);
379 fixture = NULL;
380 }
381 if (fixture != NULL) {
382 result = execute_cmp_build_cert_chain_test(fixture);
383 fixture->with_ss = 1;
384 if (result && TEST_true(sk_X509_push(fixture->chain, root)))
385 result = execute_cmp_build_cert_chain_test(fixture);
386 }
387 tear_down(fixture);
388 return result;
389}
390
391static int test_cmp_build_cert_chain_missing_intermediate(void)
392{
393 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
394 fixture->expected = 0;
395 fixture->with_ss = 0;
396 fixture->cert = endentity2;
397 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
398 || !TEST_ptr(fixture->chain = sk_X509_new_null())
399 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
400 || !TEST_true(sk_X509_push(fixture->certs, root))
401 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
402 tear_down(fixture);
403 fixture = NULL;
404 }
405 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
406 return result;
407}
408
409static int test_cmp_build_cert_chain_no_root(void)
410{
411 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
412 fixture->expected = 1;
413 fixture->with_ss = 0;
414 fixture->cert = endentity2;
415 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
416 || !TEST_ptr(fixture->chain = sk_X509_new_null())
417 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
418 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
419 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
420 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
421 tear_down(fixture);
422 fixture = NULL;
423 }
424 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
425 return result;
426}
427
428static int test_cmp_build_cert_chain_only_root(void)
429{
430 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
431 fixture->expected = 1;
432 fixture->with_ss = 0; /* still chain must include the only cert (root) */
433 fixture->cert = root;
434 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
435 || !TEST_ptr(fixture->chain = sk_X509_new_null())
436 || !TEST_true(sk_X509_push(fixture->certs, root))
437 || !TEST_true(sk_X509_push(fixture->chain, root))) {
438 tear_down(fixture);
439 fixture = NULL;
440 }
441 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
442 return result;
443}
444
445static int test_cmp_build_cert_chain_no_certs(void)
446{
447 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
448 fixture->expected = 0;
449 fixture->with_ss = 0;
450 fixture->cert = endentity2;
451 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
452 || !TEST_ptr(fixture->chain = sk_X509_new_null())
453 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
454 tear_down(fixture);
455 fixture = NULL;
456 }
457 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
458 return result;
459}
460#endif /* OPENSSL_NO_EC */
461
462static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
463{
464 X509_STORE *store = X509_STORE_new();
465 STACK_OF(X509) *sk = NULL;
466 int res = 0;
467
468 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
469 fixture->certs,
470 fixture->callback_arg)))
471 goto err;
472 sk = X509_STORE_get1_all_certs(store);
473 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
474 goto err;
475 res = 1;
476 err:
477 X509_STORE_free(store);
478 sk_X509_pop_free(sk, X509_free);
479 return res;
480
481}
482
483static int test_X509_STORE(void)
484{
485 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
486 fixture->callback_arg = 0; /* self-issued allowed */
487 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
488 || !sk_X509_push(fixture->certs, endentity1)
489 || !sk_X509_push(fixture->certs, endentity2)
490 || !sk_X509_push(fixture->certs, root)
491 || !sk_X509_push(fixture->certs, intermediate)
492 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
493 tear_down(fixture);
494 fixture = NULL;
495 }
496 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
497 return result;
498}
499
500static int test_X509_STORE_only_self_issued(void)
501{
502 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
503 fixture->certs = sk_X509_new_null();
504 fixture->chain = sk_X509_new_null();
505 fixture->callback_arg = 1; /* only self-issued */
506 if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
507 || !TEST_true(sk_X509_push(fixture->certs, endentity2))
508 || !TEST_true(sk_X509_push(fixture->certs, root))
509 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
510 || !TEST_true(sk_X509_push(fixture->chain, root))) {
511 tear_down(fixture);
512 fixture = NULL;
513 }
514 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
515 return result;
516}
517
518
519void cleanup_tests(void)
520{
521 EVP_PKEY_free(loadedprivkey);
522 EVP_PKEY_free(loadedpubkey);
523 EVP_PKEY_free(loadedkey);
524 X509_free(cert);
525 X509_free(endentity1);
526 X509_free(endentity2);
527 X509_free(root);
528 X509_free(intermediate);
529 OSSL_CMP_MSG_free(ir_protected);
530 OSSL_CMP_MSG_free(ir_unprotected);
531 OSSL_LIB_CTX_free(libctx);
532}
533
534#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
535 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
536 "Intermediate_CA.crt module_name [module_conf_file]\n"
537OPT_TEST_DECLARE_USAGE(USAGE)
538
539int setup_tests(void)
540{
541 char *server_f;
542 char *server_key_f;
543 char *server_cert_f;
544 char *endentity1_f;
545 char *endentity2_f;
546 char *root_f;
547 char *intermediate_f;
548
549 if (!test_skip_common_options()) {
550 TEST_error("Error parsing test options\n");
551 return 0;
552 }
553
554 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
555 if (!TEST_ptr(server_f = test_get_argument(0))
556 || !TEST_ptr(ir_protected_f = test_get_argument(1))
557 || !TEST_ptr(ir_unprotected_f = test_get_argument(2))
558 || !TEST_ptr(ip_PBM_f = test_get_argument(3))
559 || !TEST_ptr(server_cert_f = test_get_argument(4))
560 || !TEST_ptr(server_key_f = test_get_argument(5))
561 || !TEST_ptr(endentity1_f = test_get_argument(6))
562 || !TEST_ptr(endentity2_f = test_get_argument(7))
563 || !TEST_ptr(root_f = test_get_argument(8))
564 || !TEST_ptr(intermediate_f = test_get_argument(9))) {
565 TEST_error("usage: cmp_protect_test %s", USAGE);
566 return 0;
567 }
568
569 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
570 return 0;
571
572 if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx))
573 || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)))
574 return 0;
575
576 if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx)))
577 return 0;
578 if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
579 loadedpubkey = loadedprivkey;
580 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
581 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
582 return 0;
583 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
584 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
585 || !TEST_ptr(root = load_cert_pem(root_f, libctx))
586 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
587 return 0;
588 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
589 return 0;
590
591 /* Message protection tests */
592 ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
593 ADD_TEST(test_cmp_calc_protection_pkey);
594 ADD_TEST(test_cmp_calc_protection_pbmac);
595
596 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
597 ADD_TEST(test_MSG_protect_with_certificate_and_key);
598 ADD_TEST(test_MSG_protect_certificate_based_without_cert);
599 ADD_TEST(test_MSG_protect_unprotected_request);
600 ADD_TEST(test_MSG_protect_no_key_no_secret);
601 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
602 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
603 ADD_TEST(test_MSG_add_extraCerts);
604
605#ifndef OPENSSL_NO_EC
606 ADD_TEST(test_cmp_build_cert_chain);
607 ADD_TEST(test_cmp_build_cert_chain_only_root);
608 ADD_TEST(test_cmp_build_cert_chain_no_root);
609 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
610 ADD_TEST(test_cmp_build_cert_chain_no_certs);
611#endif
612
613 ADD_TEST(test_X509_STORE);
614 ADD_TEST(test_X509_STORE_only_self_issued);
615
616 return 1;
617}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette