2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 #include "cmp_testlib.h"
14 DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
16 static const char *newkey_f;
17 static const char *server_cert_f;
18 static const char *pkcs10_f;
20 typedef struct test_fixture {
21 const char *test_case_name;
22 OSSL_CMP_CTX *cmp_ctx;
23 /* for msg create tests */
28 /* for protection tests */
31 /* for error and response messages */
33 } CMP_MSG_TEST_FIXTURE;
35 static OPENSSL_CTX *libctx = NULL;
36 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
38 /* TODO(3.0) Clean this up - See issue #12680 */
39 static X509 *X509_dup_with_libctx(const X509 *cert)
41 X509 *dup = X509_dup(cert);
44 x509_set0_libctx(dup, libctx, NULL);
48 static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
50 static void tear_down(CMP_MSG_TEST_FIXTURE *fixture)
52 OSSL_CMP_CTX_free(fixture->cmp_ctx);
53 OSSL_CMP_MSG_free(fixture->msg);
54 OSSL_CMP_PKISI_free(fixture->si);
55 OPENSSL_free(fixture);
58 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
59 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
60 static CMP_MSG_TEST_FIXTURE *set_up(const char *const test_case_name)
62 CMP_MSG_TEST_FIXTURE *fixture;
64 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
66 fixture->test_case_name = test_case_name;
68 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
69 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))
70 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
78 static EVP_PKEY *newkey = NULL;
79 static X509 *cert = NULL;
81 #define EXECUTE_MSG_CREATION_TEST(expr) \
83 OSSL_CMP_MSG *msg = NULL; \
84 int good = fixture->expected != 0 ? \
85 TEST_ptr(msg = (expr)) && TEST_true(valid_asn1_encoding(msg)) : \
86 TEST_ptr_null(msg = (expr)); \
88 OSSL_CMP_MSG_free(msg); \
89 ERR_print_errors_fp(stderr); \
94 * The following tests call a cmp message creation function.
95 * if fixture->expected != 0:
96 * returns 1 if the message is created and syntactically correct.
97 * if fixture->expected == 0
98 * returns 1 if message creation returns NULL
100 static int execute_certreq_create_test(CMP_MSG_TEST_FIXTURE *fixture)
102 EXECUTE_MSG_CREATION_TEST(ossl_cmp_certreq_new(fixture->cmp_ctx,
107 static int execute_errormsg_create_test(CMP_MSG_TEST_FIXTURE *fixture)
109 EXECUTE_MSG_CREATION_TEST(ossl_cmp_error_new(fixture->cmp_ctx, fixture->si,
114 static int execute_rr_create_test(CMP_MSG_TEST_FIXTURE *fixture)
116 EXECUTE_MSG_CREATION_TEST(ossl_cmp_rr_new(fixture->cmp_ctx));
119 static int execute_certconf_create_test(CMP_MSG_TEST_FIXTURE *fixture)
121 EXECUTE_MSG_CREATION_TEST(ossl_cmp_certConf_new
122 (fixture->cmp_ctx, fixture->fail_info, NULL));
125 static int execute_genm_create_test(CMP_MSG_TEST_FIXTURE *fixture)
127 EXECUTE_MSG_CREATION_TEST(ossl_cmp_genm_new(fixture->cmp_ctx));
130 static int execute_pollreq_create_test(CMP_MSG_TEST_FIXTURE *fixture)
132 EXECUTE_MSG_CREATION_TEST(ossl_cmp_pollReq_new(fixture->cmp_ctx, 4711));
135 static int execute_pkimessage_create_test(CMP_MSG_TEST_FIXTURE *fixture)
137 EXECUTE_MSG_CREATION_TEST(ossl_cmp_msg_create
138 (fixture->cmp_ctx, fixture->bodytype));
141 static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey)
143 if (!EVP_PKEY_up_ref(pkey))
146 if (!OSSL_CMP_CTX_set0_newPkey(ctx, 1, pkey)) {
153 static int test_cmp_create_ir_protection_set(void)
156 unsigned char secret[16];
158 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
160 ctx = fixture->cmp_ctx;
161 fixture->bodytype = OSSL_CMP_PKIBODY_IR;
162 fixture->err_code = -1;
163 fixture->expected = 1;
164 if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret)))
165 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
166 || !TEST_true(set1_newPkey(ctx, newkey))
167 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret,
172 EXECUTE_TEST(execute_certreq_create_test, tear_down);
176 static int test_cmp_create_ir_protection_fails(void)
178 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
179 fixture->bodytype = OSSL_CMP_PKIBODY_IR;
180 fixture->err_code = -1;
181 fixture->expected = 0;
182 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, newkey))
183 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
184 /* newkey used by default for signing does not match cert: */
185 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
189 EXECUTE_TEST(execute_certreq_create_test, tear_down);
193 static int test_cmp_create_cr_without_key(void)
195 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
196 fixture->bodytype = OSSL_CMP_PKIBODY_CR;
197 fixture->err_code = -1;
198 fixture->expected = 0;
199 EXECUTE_TEST(execute_certreq_create_test, tear_down);
203 static int test_cmp_create_cr(void)
205 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
206 fixture->bodytype = OSSL_CMP_PKIBODY_CR;
207 fixture->err_code = -1;
208 fixture->expected = 1;
209 if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
213 EXECUTE_TEST(execute_certreq_create_test, tear_down);
217 static int test_cmp_create_certreq_with_invalid_bodytype(void)
219 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
220 fixture->bodytype = OSSL_CMP_PKIBODY_RR;
221 fixture->err_code = -1;
222 fixture->expected = 0;
223 if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
227 EXECUTE_TEST(execute_certreq_create_test, tear_down);
231 static int test_cmp_create_p10cr(void)
234 X509_REQ *p10cr = NULL;
236 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
237 ctx = fixture->cmp_ctx;
238 fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
239 fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
240 fixture->expected = 1;
241 if (!TEST_ptr(p10cr = load_csr(pkcs10_f))
242 || !TEST_true(set1_newPkey(ctx, newkey))
243 || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) {
247 X509_REQ_free(p10cr);
248 EXECUTE_TEST(execute_certreq_create_test, tear_down);
252 static int test_cmp_create_p10cr_null(void)
254 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
255 fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
256 fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
257 fixture->expected = 0;
258 if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
262 EXECUTE_TEST(execute_certreq_create_test, tear_down);
266 static int test_cmp_create_kur(void)
268 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
269 fixture->bodytype = OSSL_CMP_PKIBODY_KUR;
270 fixture->err_code = -1;
271 fixture->expected = 1;
272 if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))
273 || !TEST_true(OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, cert))) {
277 EXECUTE_TEST(execute_certreq_create_test, tear_down);
281 static int test_cmp_create_kur_without_oldcert(void)
283 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
284 fixture->bodytype = OSSL_CMP_PKIBODY_KUR;
285 fixture->err_code = -1;
286 fixture->expected = 0;
287 if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
291 EXECUTE_TEST(execute_certreq_create_test, tear_down);
295 static int test_cmp_create_certconf(void)
297 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
298 fixture->fail_info = 0;
299 fixture->expected = 1;
300 if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
301 X509_dup_with_libctx(cert)))) {
305 EXECUTE_TEST(execute_certconf_create_test, tear_down);
309 static int test_cmp_create_certconf_badAlg(void)
311 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
312 fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg;
313 fixture->expected = 1;
314 if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
315 X509_dup_with_libctx(cert)))) {
319 EXECUTE_TEST(execute_certconf_create_test, tear_down);
323 static int test_cmp_create_certconf_fail_info_max(void)
325 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
326 fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX;
327 fixture->expected = 1;
328 if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
329 X509_dup_with_libctx(cert)))) {
333 EXECUTE_TEST(execute_certconf_create_test, tear_down);
337 static int test_cmp_create_error_msg(void)
339 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
340 fixture->si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection,
341 OSSL_CMP_PKIFAILUREINFO_systemFailure,
343 fixture->err_code = -1;
344 fixture->expected = 1; /* expected: message creation is successful */
345 if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
349 EXECUTE_TEST(execute_errormsg_create_test, tear_down);
354 static int test_cmp_create_pollreq(void)
356 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
357 fixture->expected = 1;
358 EXECUTE_TEST(execute_pollreq_create_test, tear_down);
362 static int test_cmp_create_rr(void)
364 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
365 fixture->expected = 1;
366 if (!TEST_true(OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, cert))) {
370 EXECUTE_TEST(execute_rr_create_test, tear_down);
374 static int test_cmp_create_genm(void)
376 OSSL_CMP_ITAV *iv = NULL;
378 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
379 fixture->expected = 1;
380 iv = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm), NULL);
382 || !TEST_true(OSSL_CMP_CTX_push0_genm_ITAV(fixture->cmp_ctx, iv))) {
383 OSSL_CMP_ITAV_free(iv);
388 EXECUTE_TEST(execute_genm_create_test, tear_down);
392 static int execute_certrep_create(CMP_MSG_TEST_FIXTURE *fixture)
394 OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
395 OSSL_CMP_CERTREPMESSAGE *crepmsg = OSSL_CMP_CERTREPMESSAGE_new();
396 OSSL_CMP_CERTRESPONSE *read_cresp, *cresp = OSSL_CMP_CERTRESPONSE_new();
398 X509 *certfromresp = NULL;
401 if (crepmsg == NULL || cresp == NULL)
403 if (!ASN1_INTEGER_set(cresp->certReqId, 99))
405 if ((cresp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) == NULL)
407 cresp->certifiedKeyPair->certOrEncCert->type =
408 OSSL_CMP_CERTORENCCERT_CERTIFICATE;
409 if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate =
410 X509_dup_with_libctx(cert)) == NULL
411 || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp))
414 read_cresp = ossl_cmp_certrepmessage_get0_certresponse(crepmsg, 99);
415 if (!TEST_ptr(read_cresp))
417 if (!TEST_ptr_null(ossl_cmp_certrepmessage_get0_certresponse(crepmsg, 88)))
419 privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); /* may be NULL */
420 certfromresp = ossl_cmp_certresponse_get1_cert(read_cresp, ctx, privkey);
421 if (certfromresp == NULL || !TEST_int_eq(X509_cmp(cert, certfromresp), 0))
426 X509_free(certfromresp);
427 OSSL_CMP_CERTRESPONSE_free(cresp);
428 OSSL_CMP_CERTREPMESSAGE_free(crepmsg);
432 static int test_cmp_create_certrep(void)
434 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
435 EXECUTE_TEST(execute_certrep_create, tear_down);
440 static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture)
442 OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text");
443 X509_NAME *issuer = X509_NAME_new();
444 ASN1_INTEGER *serial = ASN1_INTEGER_new();
445 OSSL_CRMF_CERTID *cid = NULL;
446 OSSL_CMP_MSG *rpmsg = NULL;
449 if (si == NULL || issuer == NULL || serial == NULL)
452 if (!X509_NAME_add_entry_by_txt(issuer, "CN", MBSTRING_ASC,
453 (unsigned char *)"The Issuer", -1, -1, 0)
454 || !ASN1_INTEGER_set(serial, 99)
455 || (cid = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL
456 || (rpmsg = ossl_cmp_rp_new(fixture->cmp_ctx, si, cid, 1)) == NULL)
459 if (!TEST_ptr(ossl_cmp_revrepcontent_get_CertId(rpmsg->body->value.rp, 0)))
462 if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkisi(rpmsg->body->value.rp, 0)))
467 ASN1_INTEGER_free(serial);
468 X509_NAME_free(issuer);
469 OSSL_CRMF_CERTID_free(cid);
470 OSSL_CMP_PKISI_free(si);
471 OSSL_CMP_MSG_free(rpmsg);
475 static int test_cmp_create_rp(void)
477 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
478 EXECUTE_TEST(execute_rp_create, tear_down);
482 static int execute_pollrep_create(CMP_MSG_TEST_FIXTURE *fixture)
484 OSSL_CMP_MSG *pollrep;
487 pollrep = ossl_cmp_pollRep_new(fixture->cmp_ctx, 77, 2000);
488 if (!TEST_ptr(pollrep))
490 if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body->
493 if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body->
499 OSSL_CMP_MSG_free(pollrep);
503 static int test_cmp_create_pollrep(void)
505 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
506 EXECUTE_TEST(execute_pollrep_create, tear_down);
510 static int test_cmp_pkimessage_create(int bodytype)
512 X509_REQ *p10cr = NULL;
514 SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up);
516 switch (fixture->bodytype = bodytype) {
517 case OSSL_CMP_PKIBODY_P10CR:
518 fixture->expected = 1;
519 if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx,
520 p10cr = load_csr(pkcs10_f)))) {
524 X509_REQ_free(p10cr);
526 case OSSL_CMP_PKIBODY_IR:
527 case OSSL_CMP_PKIBODY_IP:
528 case OSSL_CMP_PKIBODY_CR:
529 case OSSL_CMP_PKIBODY_CP:
530 case OSSL_CMP_PKIBODY_KUR:
531 case OSSL_CMP_PKIBODY_KUP:
532 case OSSL_CMP_PKIBODY_RR:
533 case OSSL_CMP_PKIBODY_RP:
534 case OSSL_CMP_PKIBODY_PKICONF:
535 case OSSL_CMP_PKIBODY_GENM:
536 case OSSL_CMP_PKIBODY_GENP:
537 case OSSL_CMP_PKIBODY_ERROR:
538 case OSSL_CMP_PKIBODY_CERTCONF:
539 case OSSL_CMP_PKIBODY_POLLREQ:
540 case OSSL_CMP_PKIBODY_POLLREP:
541 fixture->expected = 1;
544 fixture->expected = 0;
548 EXECUTE_TEST(execute_pkimessage_create_test, tear_down);
552 void cleanup_tests(void)
554 EVP_PKEY_free(newkey);
556 OPENSSL_CTX_free(libctx);
559 #define USAGE "new.key server.crt pkcs10.der module_name [module_conf_file]\n"
560 OPT_TEST_DECLARE_USAGE(USAGE)
562 int setup_tests(void)
564 if (!test_skip_common_options()) {
565 TEST_error("Error parsing test options\n");
569 if (!TEST_ptr(newkey_f = test_get_argument(0))
570 || !TEST_ptr(server_cert_f = test_get_argument(1))
571 || !TEST_ptr(pkcs10_f = test_get_argument(2))) {
572 TEST_error("usage: cmp_msg_test %s", USAGE);
576 if (!test_get_libctx(&libctx, &default_null_provider, &provider, 3, USAGE))
579 if (!TEST_ptr(newkey = load_pem_key(newkey_f, libctx))
580 || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx))
581 || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
586 /* Message creation tests */
587 ADD_TEST(test_cmp_create_certreq_with_invalid_bodytype);
588 ADD_TEST(test_cmp_create_ir_protection_fails);
589 ADD_TEST(test_cmp_create_ir_protection_set);
590 ADD_TEST(test_cmp_create_error_msg);
591 ADD_TEST(test_cmp_create_certconf);
592 ADD_TEST(test_cmp_create_certconf_badAlg);
593 ADD_TEST(test_cmp_create_certconf_fail_info_max);
594 ADD_TEST(test_cmp_create_kur);
595 ADD_TEST(test_cmp_create_kur_without_oldcert);
596 ADD_TEST(test_cmp_create_cr);
597 ADD_TEST(test_cmp_create_cr_without_key);
598 ADD_TEST(test_cmp_create_p10cr);
599 ADD_TEST(test_cmp_create_p10cr_null);
600 ADD_TEST(test_cmp_create_pollreq);
601 ADD_TEST(test_cmp_create_rr);
602 ADD_TEST(test_cmp_create_rp);
603 ADD_TEST(test_cmp_create_genm);
604 ADD_TEST(test_cmp_create_certrep);
605 ADD_TEST(test_cmp_create_pollrep);
606 ADD_ALL_TESTS_NOSUBTEST(test_cmp_pkimessage_create,
607 OSSL_CMP_PKIBODY_POLLREP + 1);