cmp_protect_test.c revision 1.1.1.1
1/* 2 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12#include "helpers/cmp_testlib.h" 13 14static const char *ir_protected_f; 15static const char *ir_unprotected_f; 16static const char *ip_PBM_f; 17 18typedef struct test_fixture { 19 const char *test_case_name; 20 OSSL_CMP_CTX *cmp_ctx; 21 /* for protection tests */ 22 OSSL_CMP_MSG *msg; 23 OSSL_CMP_PKISI *si; /* for error and response messages */ 24 EVP_PKEY *pubkey; 25 unsigned char *mem; 26 int memlen; 27 X509 *cert; 28 STACK_OF(X509) *certs; 29 STACK_OF(X509) *chain; 30 int with_ss; 31 int callback_arg; 32 int expected; 33} CMP_PROTECT_TEST_FIXTURE; 34 35static OSSL_LIB_CTX *libctx = NULL; 36static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; 37 38static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) 39{ 40 OSSL_CMP_CTX_free(fixture->cmp_ctx); 41 OSSL_CMP_MSG_free(fixture->msg); 42 OSSL_CMP_PKISI_free(fixture->si); 43 44 OPENSSL_free(fixture->mem); 45 sk_X509_free(fixture->certs); 46 sk_X509_free(fixture->chain); 47 48 OPENSSL_free(fixture); 49} 50 51static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) 52{ 53 CMP_PROTECT_TEST_FIXTURE *fixture; 54 55 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 56 return NULL; 57 fixture->test_case_name = test_case_name; 58 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) { 59 tear_down(fixture); 60 return NULL; 61 } 62 return fixture; 63} 64 65static EVP_PKEY *loadedprivkey = NULL; 66static EVP_PKEY *loadedpubkey = NULL; 67static EVP_PKEY *loadedkey = NULL; 68static X509 *cert = NULL; 69static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; 70static OSSL_CMP_MSG *ir_unprotected, *ir_protected; 71static X509 *endentity1 = NULL, *endentity2 = NULL, 72 *root = NULL, *intermediate = NULL; 73 74static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) 75{ 76 ASN1_BIT_STRING *protection = 77 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 78 int res = TEST_ptr_null(protection); 79 80 ASN1_BIT_STRING_free(protection); 81 return res; 82} 83 84static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) 85{ 86 ASN1_BIT_STRING *protection = 87 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 88 int res = TEST_ptr(protection) 89 && TEST_true(ASN1_STRING_cmp(protection, 90 fixture->msg->protection) == 0); 91 92 ASN1_BIT_STRING_free(protection); 93 return res; 94} 95 96/* 97 * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, 98 * but without the need for a OSSL_CMP_CTX or a X509 certificate 99 */ 100static int verify_signature(OSSL_CMP_MSG *msg, 101 ASN1_BIT_STRING *protection, 102 EVP_PKEY *pkey, EVP_MD *digest) 103{ 104 OSSL_CMP_PROTECTEDPART prot_part; 105 unsigned char *prot_part_der = NULL; 106 int len; 107 EVP_MD_CTX *ctx = NULL; 108 int res; 109 110 prot_part.header = OSSL_CMP_MSG_get0_header(msg); 111 prot_part.body = msg->body; 112 len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); 113 res = 114 TEST_int_ge(len, 0) 115 && TEST_ptr(ctx = EVP_MD_CTX_new()) 116 && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) 117 && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, 118 protection->length, 119 prot_part_der, len), 1); 120 /* cleanup */ 121 EVP_MD_CTX_free(ctx); 122 OPENSSL_free(prot_part_der); 123 return res; 124} 125 126/* Calls OSSL_CMP_calc_protection and compares and verifies signature */ 127static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * 128 fixture) 129{ 130 ASN1_BIT_STRING *protection = 131 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); 132 int ret = (TEST_ptr(protection) 133 && TEST_true(ASN1_STRING_cmp(protection, 134 fixture->msg->protection) == 0) 135 && TEST_true(verify_signature(fixture->msg, protection, 136 fixture->pubkey, 137 fixture->cmp_ctx->digest))); 138 139 ASN1_BIT_STRING_free(protection); 140 return ret; 141} 142 143static int test_cmp_calc_protection_no_key_no_secret(void) 144{ 145 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 146 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) 147 || !TEST_ptr(fixture->msg->header->protectionAlg = 148 X509_ALGOR_new() /* no specific alg needed here */)) { 149 tear_down(fixture); 150 fixture = NULL; 151 } 152 153 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); 154 return result; 155} 156 157static int test_cmp_calc_protection_pkey(void) 158{ 159 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 160 fixture->pubkey = loadedpubkey; 161 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) 162 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { 163 tear_down(fixture); 164 fixture = NULL; 165 } 166 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); 167 return result; 168} 169 170static int test_cmp_calc_protection_pbmac(void) 171{ 172 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; 173 174 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 175 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 176 sec_insta, sizeof(sec_insta))) 177 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { 178 tear_down(fixture); 179 fixture = NULL; 180 } 181 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); 182 return result; 183} 184static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) 185{ 186 return TEST_int_eq(fixture->expected, 187 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); 188} 189 190#define SET_OPT_UNPROTECTED_SEND(ctx, val) \ 191 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) 192static int test_MSG_protect_unprotected_request(void) 193{ 194 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 195 196 fixture->expected = 1; 197 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 198 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { 199 tear_down(fixture); 200 fixture = NULL; 201 } 202 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 203 return result; 204} 205 206static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) 207{ 208 const size_t size = sizeof(rand_data) / 2; 209 210 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 211 fixture->expected = 1; 212 213 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 214 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 215 /* 216 * Use half of the 16 bytes of random input 217 * for each reference and secret value 218 */ 219 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 220 rand_data, size)) 221 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 222 rand_data + size, 223 size))) { 224 tear_down(fixture); 225 fixture = NULL; 226 } 227 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 228 return result; 229} 230 231static int test_MSG_protect_with_certificate_and_key(void) 232{ 233 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 234 fixture->expected = 1; 235 236 if (!TEST_ptr(fixture->msg = 237 OSSL_CMP_MSG_dup(ir_unprotected)) 238 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) 239 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) 240 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { 241 tear_down(fixture); 242 fixture = NULL; 243 } 244 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 245 return result; 246} 247 248static int test_MSG_protect_certificate_based_without_cert(void) 249{ 250 OSSL_CMP_CTX *ctx; 251 252 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 253 ctx = fixture->cmp_ctx; 254 fixture->expected = 0; 255 if (!TEST_ptr(fixture->msg = 256 OSSL_CMP_MSG_dup(ir_unprotected)) 257 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) 258 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { 259 tear_down(fixture); 260 fixture = NULL; 261 } 262 EVP_PKEY_up_ref(loadedkey); 263 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 264 return result; 265} 266 267static int test_MSG_protect_no_key_no_secret(void) 268{ 269 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 270 fixture->expected = 0; 271 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 272 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { 273 tear_down(fixture); 274 fixture = NULL; 275 } 276 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 277 return result; 278} 279 280static int test_MSG_protect_pbmac_no_sender(int with_ref) 281{ 282 static unsigned char secret[] = { 47, 11, 8, 15 }; 283 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe }; 284 285 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 286 fixture->expected = with_ref; 287 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) 288 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) 289 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) 290 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, 291 secret, sizeof(secret)) 292 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, 293 with_ref ? ref : NULL, 294 sizeof(ref)))) { 295 tear_down(fixture); 296 fixture = NULL; 297 } 298 EXECUTE_TEST(execute_MSG_protect_test, tear_down); 299 return result; 300} 301 302static int test_MSG_protect_pbmac_no_sender_with_ref(void) 303{ 304 return test_MSG_protect_pbmac_no_sender(1); 305} 306 307static int test_MSG_protect_pbmac_no_sender_no_ref(void) 308{ 309 return test_MSG_protect_pbmac_no_sender(0); 310} 311 312static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) 313{ 314 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, 315 fixture->msg)); 316} 317 318static int test_MSG_add_extraCerts(void) 319{ 320 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 321 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { 322 tear_down(fixture); 323 fixture = NULL; 324 } 325 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); 326 return result; 327} 328 329#ifndef OPENSSL_NO_EC 330/* The cert chain tests use EC certs so we skip them in no-ec builds */ 331static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) 332{ 333 int ret = 0; 334 OSSL_CMP_CTX *ctx = fixture->cmp_ctx; 335 X509_STORE *store; 336 STACK_OF(X509) *chain = 337 X509_build_chain(fixture->cert, fixture->certs, NULL, 338 fixture->with_ss, ctx->libctx, ctx->propq); 339 340 if (TEST_ptr(chain)) { 341 /* Check whether chain built is equal to the expected one */ 342 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 343 sk_X509_pop_free(chain, X509_free); 344 } 345 if (!ret) 346 return 0; 347 348 if (TEST_ptr(store = X509_STORE_new()) 349 && TEST_true(X509_STORE_add_cert(store, root))) { 350 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), 351 X509_V_FLAG_NO_CHECK_TIME); 352 chain = X509_build_chain(fixture->cert, fixture->certs, store, 353 fixture->with_ss, ctx->libctx, ctx->propq); 354 ret = TEST_int_eq(fixture->expected, chain != NULL); 355 if (ret && chain != NULL) { 356 /* Check whether chain built is equal to the expected one */ 357 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); 358 sk_X509_pop_free(chain, X509_free); 359 } 360 } 361 X509_STORE_free(store); 362 return ret; 363} 364 365static int test_cmp_build_cert_chain(void) 366{ 367 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 368 fixture->expected = 1; 369 fixture->with_ss = 0; 370 fixture->cert = endentity2; 371 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 372 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 373 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 374 || !TEST_true(sk_X509_push(fixture->certs, root)) 375 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 376 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 377 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 378 tear_down(fixture); 379 fixture = NULL; 380 } 381 if (fixture != NULL) { 382 result = execute_cmp_build_cert_chain_test(fixture); 383 fixture->with_ss = 1; 384 if (result && TEST_true(sk_X509_push(fixture->chain, root))) 385 result = execute_cmp_build_cert_chain_test(fixture); 386 } 387 tear_down(fixture); 388 return result; 389} 390 391static int test_cmp_build_cert_chain_missing_intermediate(void) 392{ 393 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 394 fixture->expected = 0; 395 fixture->with_ss = 0; 396 fixture->cert = endentity2; 397 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 398 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 399 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 400 || !TEST_true(sk_X509_push(fixture->certs, root)) 401 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 402 tear_down(fixture); 403 fixture = NULL; 404 } 405 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 406 return result; 407} 408 409static int test_cmp_build_cert_chain_no_root(void) 410{ 411 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 412 fixture->expected = 1; 413 fixture->with_ss = 0; 414 fixture->cert = endentity2; 415 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 416 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 417 || !TEST_true(sk_X509_push(fixture->certs, endentity1)) 418 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 419 || !TEST_true(sk_X509_push(fixture->chain, endentity2)) 420 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { 421 tear_down(fixture); 422 fixture = NULL; 423 } 424 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 425 return result; 426} 427 428static int test_cmp_build_cert_chain_only_root(void) 429{ 430 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 431 fixture->expected = 1; 432 fixture->with_ss = 0; /* still chain must include the only cert (root) */ 433 fixture->cert = root; 434 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 435 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 436 || !TEST_true(sk_X509_push(fixture->certs, root)) 437 || !TEST_true(sk_X509_push(fixture->chain, root))) { 438 tear_down(fixture); 439 fixture = NULL; 440 } 441 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 442 return result; 443} 444 445static int test_cmp_build_cert_chain_no_certs(void) 446{ 447 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 448 fixture->expected = 0; 449 fixture->with_ss = 0; 450 fixture->cert = endentity2; 451 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 452 || !TEST_ptr(fixture->chain = sk_X509_new_null()) 453 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { 454 tear_down(fixture); 455 fixture = NULL; 456 } 457 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); 458 return result; 459} 460#endif /* OPENSSL_NO_EC */ 461 462static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) 463{ 464 X509_STORE *store = X509_STORE_new(); 465 STACK_OF(X509) *sk = NULL; 466 int res = 0; 467 468 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, 469 fixture->certs, 470 fixture->callback_arg))) 471 goto err; 472 sk = X509_STORE_get1_all_certs(store); 473 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) 474 goto err; 475 res = 1; 476 err: 477 X509_STORE_free(store); 478 sk_X509_pop_free(sk, X509_free); 479 return res; 480 481} 482 483static int test_X509_STORE(void) 484{ 485 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 486 fixture->callback_arg = 0; /* self-issued allowed */ 487 if (!TEST_ptr(fixture->certs = sk_X509_new_null()) 488 || !sk_X509_push(fixture->certs, endentity1) 489 || !sk_X509_push(fixture->certs, endentity2) 490 || !sk_X509_push(fixture->certs, root) 491 || !sk_X509_push(fixture->certs, intermediate) 492 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { 493 tear_down(fixture); 494 fixture = NULL; 495 } 496 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 497 return result; 498} 499 500static int test_X509_STORE_only_self_issued(void) 501{ 502 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); 503 fixture->certs = sk_X509_new_null(); 504 fixture->chain = sk_X509_new_null(); 505 fixture->callback_arg = 1; /* only self-issued */ 506 if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) 507 || !TEST_true(sk_X509_push(fixture->certs, endentity2)) 508 || !TEST_true(sk_X509_push(fixture->certs, root)) 509 || !TEST_true(sk_X509_push(fixture->certs, intermediate)) 510 || !TEST_true(sk_X509_push(fixture->chain, root))) { 511 tear_down(fixture); 512 fixture = NULL; 513 } 514 EXECUTE_TEST(execute_X509_STORE_test, tear_down); 515 return result; 516} 517 518 519void cleanup_tests(void) 520{ 521 EVP_PKEY_free(loadedprivkey); 522 EVP_PKEY_free(loadedpubkey); 523 EVP_PKEY_free(loadedkey); 524 X509_free(cert); 525 X509_free(endentity1); 526 X509_free(endentity2); 527 X509_free(root); 528 X509_free(intermediate); 529 OSSL_CMP_MSG_free(ir_protected); 530 OSSL_CMP_MSG_free(ir_unprotected); 531 OSSL_LIB_CTX_free(libctx); 532} 533 534#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ 535 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ 536 "Intermediate_CA.crt module_name [module_conf_file]\n" 537OPT_TEST_DECLARE_USAGE(USAGE) 538 539int setup_tests(void) 540{ 541 char *server_f; 542 char *server_key_f; 543 char *server_cert_f; 544 char *endentity1_f; 545 char *endentity2_f; 546 char *root_f; 547 char *intermediate_f; 548 549 if (!test_skip_common_options()) { 550 TEST_error("Error parsing test options\n"); 551 return 0; 552 } 553 554 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); 555 if (!TEST_ptr(server_f = test_get_argument(0)) 556 || !TEST_ptr(ir_protected_f = test_get_argument(1)) 557 || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) 558 || !TEST_ptr(ip_PBM_f = test_get_argument(3)) 559 || !TEST_ptr(server_cert_f = test_get_argument(4)) 560 || !TEST_ptr(server_key_f = test_get_argument(5)) 561 || !TEST_ptr(endentity1_f = test_get_argument(6)) 562 || !TEST_ptr(endentity2_f = test_get_argument(7)) 563 || !TEST_ptr(root_f = test_get_argument(8)) 564 || !TEST_ptr(intermediate_f = test_get_argument(9))) { 565 TEST_error("usage: cmp_protect_test %s", USAGE); 566 return 0; 567 } 568 569 if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) 570 return 0; 571 572 if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) 573 || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) 574 return 0; 575 576 if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) 577 return 0; 578 if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) 579 loadedpubkey = loadedprivkey; 580 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) 581 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) 582 return 0; 583 if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) 584 || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) 585 || !TEST_ptr(root = load_cert_pem(root_f, libctx)) 586 || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) 587 return 0; 588 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) 589 return 0; 590 591 /* Message protection tests */ 592 ADD_TEST(test_cmp_calc_protection_no_key_no_secret); 593 ADD_TEST(test_cmp_calc_protection_pkey); 594 ADD_TEST(test_cmp_calc_protection_pbmac); 595 596 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); 597 ADD_TEST(test_MSG_protect_with_certificate_and_key); 598 ADD_TEST(test_MSG_protect_certificate_based_without_cert); 599 ADD_TEST(test_MSG_protect_unprotected_request); 600 ADD_TEST(test_MSG_protect_no_key_no_secret); 601 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref); 602 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref); 603 ADD_TEST(test_MSG_add_extraCerts); 604 605#ifndef OPENSSL_NO_EC 606 ADD_TEST(test_cmp_build_cert_chain); 607 ADD_TEST(test_cmp_build_cert_chain_only_root); 608 ADD_TEST(test_cmp_build_cert_chain_no_root); 609 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); 610 ADD_TEST(test_cmp_build_cert_chain_no_certs); 611#endif 612 613 ADD_TEST(test_X509_STORE); 614 ADD_TEST(test_X509_STORE_only_self_issued); 615 616 return 1; 617} 618