test/cmp_vfy_test.c

   1 /*
   2  * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright Nokia 2007-2019
   4  * Copyright Siemens AG 2015-2019
   5  *
   6  * Licensed under the Apache License 2.0 (the "License").  You may not use
   7  * this file except in compliance with the License.  You can obtain a copy
   8  * in the file LICENSE in the source distribution or at
   9  * https://www.openssl.org/source/license.html
  10  */
  11
  12 #include "helpers/cmp_testlib.h"
  13 #include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */
  14
  15 static const char *server_f;
  16 static const char *client_f;
  17 static const char *endentity1_f;
  18 static const char *endentity2_f;
  19 static const char *root_f;
  20 static const char *intermediate_f;
  21 static const char *ir_protected_f;
  22 static const char *ir_unprotected_f;
  23 static const char *ir_rmprotection_f;
  24 static const char *ip_waiting_f;
  25 static const char *instacert_f;
  26 static const char *instaca_f;
  27 static const char *ir_protected_0_extracerts;
  28 static const char *ir_protected_2_extracerts;
  29
  30 typedef struct test_fixture {
  31     const char *test_case_name;
  32     int expected;
  33     OSSL_CMP_CTX *cmp_ctx;
  34     OSSL_CMP_MSG *msg;
  35     X509 *cert;
  36     ossl_cmp_allow_unprotected_cb_t allow_unprotected_cb;
  37     int additional_arg;
  38 } CMP_VFY_TEST_FIXTURE;
  39
  40 static OSSL_LIB_CTX *libctx = NULL;
  41 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
  42
  43 static void tear_down(CMP_VFY_TEST_FIXTURE *fixture)
  44 {
  45     OSSL_CMP_MSG_free(fixture->msg);
  46     OSSL_CMP_CTX_free(fixture->cmp_ctx);
  47     OPENSSL_free(fixture);
  48 }
  49
  50 static time_t test_time_valid = 0, test_time_after_expiration = 0;
  51
  52 static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
  53 {
  54     X509_STORE *ts = X509_STORE_new();
  55     CMP_VFY_TEST_FIXTURE *fixture;
  56
  57     if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
  58         return NULL;
  59     fixture->test_case_name = test_case_name;
  60     if (ts == NULL
  61             || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
  62             || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts)
  63             || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
  64         tear_down(fixture);
  65         X509_STORE_free(ts);
  66         return NULL;
  67     }
  68     X509_VERIFY_PARAM_set_time(X509_STORE_get0_param(ts), test_time_valid);
  69     X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb);
  70     return fixture;
  71 }
  72
  73 static X509 *srvcert = NULL;
  74 static X509 *clcert = NULL;
  75 /* chain */
  76 static X509 *endentity1 = NULL, *endentity2 = NULL,
  77     *intermediate = NULL, *root = NULL;
  78 /* INSTA chain */
  79 static X509 *insta_cert = NULL, *instaca_cert = NULL;
  80
  81 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
  82 static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection;
  83
  84 static int flip_bit(ASN1_BIT_STRING *bitstr)
  85 {
  86     int bit_num = 7;
  87     int bit = ASN1_BIT_STRING_get_bit(bitstr, bit_num);
  88
  89     return ASN1_BIT_STRING_set_bit(bitstr, bit_num, !bit);
  90 }
  91
  92 static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
  93 {
  94     if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL)
  95         return 0;
  96     if (fixture->expected == 0) {
  97         const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
  98         const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
  99         if (req == NULL || !flip_bit(req->popo->value.signature->signature))
 100             return 0;
 101     }
 102     return TEST_int_eq(fixture->expected,
 103                        ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg,
 104                                             fixture->additional_arg));
 105 }
 106
 107 static int test_verify_popo(void)
 108 {
 109     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 110     fixture->expected = 1;
 111     EXECUTE_TEST(execute_verify_popo_test, tear_down);
 112     return result;
 113 }
 114
 115 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 116 static int test_verify_popo_bad(void)
 117 {
 118     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 119     fixture->expected = 0;
 120     EXECUTE_TEST(execute_verify_popo_test, tear_down);
 121     return result;
 122 }
 123 #endif
 124
 125 static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture)
 126 {
 127     return TEST_int_eq(fixture->expected,
 128                        ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg,
 129                                                  NULL, 0));
 130 }
 131
 132 static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
 133 {
 134     X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
 135     int res = TEST_int_eq(fixture->expected,
 136                           OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
 137                                                       ts, fixture->cert));
 138
 139     OSSL_CMP_CTX_print_errors(fixture->cmp_ctx);
 140     return res;
 141 }
 142
 143 static int test_validate_msg_mac_alg_protection(void)
 144 {
 145     /* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */
 146     const unsigned char sec_1[] = {
 147         '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
 148         'Q', '-', 'u', 'd', 'N', 'R'
 149     };
 150
 151     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 152
 153     fixture->expected = 1;
 154     if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
 155                                                  sizeof(sec_1)))
 156             || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
 157         tear_down(fixture);
 158         fixture = NULL;
 159     }
 160     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 161     return result;
 162 }
 163
 164 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 165 static int test_validate_msg_mac_alg_protection_bad(void)
 166 {
 167     const unsigned char sec_bad[] = {
 168         '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
 169         'Q', '-', 'u', 'd', 'N', 'r'
 170     };
 171
 172     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 173     fixture->expected = 0;
 174
 175     if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
 176                                                  sizeof(sec_bad)))
 177             || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
 178         tear_down(fixture);
 179         fixture = NULL;
 180     }
 181     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 182     return result;
 183 }
 184 #endif
 185
 186 static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
 187 {
 188     return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trustedStore(ctx), cert);
 189 }
 190
 191 static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
 192 {
 193     return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert,
 194                          X509_ADD_FLAG_UP_REF);
 195 }
 196
 197 static int test_validate_msg_signature_partial_chain(int expired)
 198 {
 199     X509_STORE *ts;
 200
 201     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 202
 203     ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
 204     fixture->expected = !expired;
 205     if (ts == NULL
 206             || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
 207             || !add_trusted(fixture->cmp_ctx, srvcert)) {
 208         tear_down(fixture);
 209         fixture = NULL;
 210     } else {
 211         X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
 212         X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
 213         if (expired)
 214             X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
 215     }
 216     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 217     return result;
 218 }
 219
 220 static int test_validate_msg_signature_trusted_ok(void)
 221 {
 222     return test_validate_msg_signature_partial_chain(0);
 223 }
 224
 225 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 226 static int test_validate_msg_signature_trusted_expired(void)
 227 {
 228     return test_validate_msg_signature_partial_chain(1);
 229 }
 230 #endif
 231
 232 static int test_validate_msg_signature_srvcert_wrong(void)
 233 {
 234     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 235     fixture->expected = 0;
 236     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
 237         || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
 238         tear_down(fixture);
 239         fixture = NULL;
 240     }
 241     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 242     return result;
 243 }
 244
 245 static int test_validate_msg_signature_srvcert(int bad_sig)
 246 {
 247     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 248     fixture->expected = !bad_sig;
 249     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
 250         || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
 251         || (bad_sig && !flip_bit(fixture->msg->protection))) {
 252         tear_down(fixture);
 253         fixture = NULL;
 254     }
 255     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 256     return result;
 257 }
 258
 259 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 260 static int test_validate_msg_signature_bad(void)
 261 {
 262     return test_validate_msg_signature_srvcert(1);
 263 }
 264 #endif
 265
 266 static int test_validate_msg_signature_sender_cert_srvcert(void)
 267 {
 268     return test_validate_msg_signature_srvcert(0);
 269 }
 270
 271 static int test_validate_msg_signature_sender_cert_untrusted(void)
 272 {
 273     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 274     fixture->expected = 1;
 275     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
 276             || !add_trusted(fixture->cmp_ctx, instaca_cert)
 277             || !add_untrusted(fixture->cmp_ctx, insta_cert)) {
 278         tear_down(fixture);
 279         fixture = NULL;
 280     }
 281     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 282     return result;
 283 }
 284
 285 static int test_validate_msg_signature_sender_cert_trusted(void)
 286 {
 287     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 288     fixture->expected = 1;
 289     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
 290             || !add_trusted(fixture->cmp_ctx, instaca_cert)
 291             || !add_trusted(fixture->cmp_ctx, insta_cert)) {
 292         tear_down(fixture);
 293         fixture = NULL;
 294     }
 295     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 296     return result;
 297 }
 298
 299 static int test_validate_msg_signature_sender_cert_extracert(void)
 300 {
 301     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 302     fixture->expected = 1;
 303     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx))
 304             || !add_trusted(fixture->cmp_ctx, instaca_cert)) {
 305         tear_down(fixture);
 306         fixture = NULL;
 307     }
 308     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 309     return result;
 310 }
 311
 312
 313 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 314 static int test_validate_msg_signature_sender_cert_absent(void)
 315 {
 316     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 317     fixture->expected = 0;
 318     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) {
 319         tear_down(fixture);
 320         fixture = NULL;
 321     }
 322     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 323     return result;
 324 }
 325 #endif
 326
 327 static int test_validate_with_sender(const X509_NAME *name, int expected)
 328 {
 329     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 330     fixture->expected = expected;
 331     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
 332         || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name))
 333         || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) {
 334         tear_down(fixture);
 335         fixture = NULL;
 336     }
 337     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 338     return result;
 339 }
 340
 341 static int test_validate_msg_signature_expected_sender(void)
 342 {
 343     return test_validate_with_sender(X509_get_subject_name(srvcert), 1);
 344 }
 345
 346 static int test_validate_msg_signature_unexpected_sender(void)
 347 {
 348     return test_validate_with_sender(X509_get_subject_name(root), 0);
 349 }
 350
 351 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 352 static int test_validate_msg_unprotected_request(void)
 353 {
 354     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 355     fixture->expected = 0;
 356     if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) {
 357         tear_down(fixture);
 358         fixture = NULL;
 359     }
 360     EXECUTE_TEST(execute_validate_msg_test, tear_down);
 361     return result;
 362 }
 363 #endif
 364
 365 static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
 366 {
 367     (*fixture)->cert = endentity2;
 368     (*fixture)->expected = wrong == NULL && !expired;
 369     if (expired) {
 370         X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore((*fixture)->cmp_ctx);
 371         X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
 372         X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
 373     }
 374     if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
 375             || !add_untrusted((*fixture)->cmp_ctx, endentity1)
 376             || !add_untrusted((*fixture)->cmp_ctx, intermediate)) {
 377         tear_down((*fixture));
 378         (*fixture) = NULL;
 379     }
 380 }
 381
 382 static int test_validate_cert_path_ok(void)
 383 {
 384     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 385     setup_path(&fixture, NULL, 0);
 386     EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
 387     return result;
 388 }
 389
 390 static int test_validate_cert_path_wrong_anchor(void)
 391 {
 392     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 393     setup_path(&fixture, srvcert /* wrong/non-root cert */, 0);
 394     EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
 395     return result;
 396 }
 397
 398 static int test_validate_cert_path_expired(void)
 399 {
 400     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 401     setup_path(&fixture, NULL, 1);
 402     EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
 403     return result;
 404 }
 405
 406 static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture)
 407 {
 408     const OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(fixture->msg);
 409     const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr);
 410
 411     if (!TEST_int_eq(fixture->expected,
 412                      ossl_cmp_msg_check_update(fixture->cmp_ctx,
 413                                                fixture->msg,
 414                                                fixture->allow_unprotected_cb,
 415                                                fixture->additional_arg)))
 416         return 0;
 417
 418     if (fixture->expected == 0) /* error expected aready during above check */
 419         return 1;
 420     return
 421         TEST_int_eq(0,
 422                     ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr),
 423                                           fixture->cmp_ctx->recipNonce))
 424         && TEST_int_eq(0,
 425                        ASN1_OCTET_STRING_cmp(tid,
 426                                              fixture->cmp_ctx->transactionID));
 427 }
 428
 429 static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
 430                              int invalid_protection, int allow)
 431 {
 432     return allow;
 433 }
 434
 435 static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
 436                                ossl_cmp_allow_unprotected_cb_t cb, int arg,
 437                                const unsigned char *trid_data,
 438                                const unsigned char *nonce_data)
 439 {
 440     OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx;
 441     int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH;
 442
 443     (*fixture)->expected = expected;
 444     (*fixture)->allow_unprotected_cb = cb;
 445     (*fixture)->additional_arg = arg;
 446     (*fixture)->msg = OSSL_CMP_MSG_dup(ir_rmprotection);
 447     if ((*fixture)->msg == NULL
 448         || (nonce_data != NULL
 449             && !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce,
 450                                                       nonce_data, nonce_len))) {
 451         tear_down((*fixture));
 452         (*fixture) = NULL;
 453     } else if (trid_data != NULL) {
 454         ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
 455         if (trid == NULL
 456             || !ASN1_OCTET_STRING_set(trid, trid_data,
 457                                       OSSL_CMP_TRANSACTIONID_LENGTH)
 458             || !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) {
 459             tear_down((*fixture));
 460             (*fixture) = NULL;
 461         }
 462         ASN1_OCTET_STRING_free(trid);
 463     }
 464 }
 465
 466 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 467 static int test_msg_check_no_protection_no_cb(void)
 468 {
 469     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 470     setup_check_update(&fixture, 0, NULL, 0, NULL, NULL);
 471     EXECUTE_TEST(execute_msg_check_test, tear_down);
 472     return result;
 473 }
 474
 475 static int test_msg_check_no_protection_restrictive_cb(void)
 476 {
 477     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 478     setup_check_update(&fixture, 0, allow_unprotected, 0, NULL, NULL);
 479     EXECUTE_TEST(execute_msg_check_test, tear_down);
 480     return result;
 481 }
 482 #endif
 483
 484 static int test_msg_check_no_protection_permissive_cb(void)
 485 {
 486     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 487     setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, NULL);
 488     EXECUTE_TEST(execute_msg_check_test, tear_down);
 489     return result;
 490 }
 491
 492 static int test_msg_check_transaction_id(void)
 493 {
 494     /* Transaction id belonging to CMP_IR_rmprotection.der */
 495     const unsigned char trans_id[OSSL_CMP_TRANSACTIONID_LENGTH] = {
 496         0x39, 0xB6, 0x90, 0x28, 0xC4, 0xBC, 0x7A, 0xF6,
 497         0xBE, 0xC6, 0x4A, 0x88, 0x97, 0xA6, 0x95, 0x0B
 498     };
 499
 500     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 501     setup_check_update(&fixture, 1, allow_unprotected, 1, trans_id, NULL);
 502     EXECUTE_TEST(execute_msg_check_test, tear_down);
 503     return result;
 504 }
 505
 506 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 507 static int test_msg_check_transaction_id_bad(void)
 508 {
 509     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 510     setup_check_update(&fixture, 0, allow_unprotected, 1, rand_data, NULL);
 511     EXECUTE_TEST(execute_msg_check_test, tear_down);
 512     return result;
 513 }
 514 #endif
 515
 516 static int test_msg_check_recipient_nonce(void)
 517 {
 518     /* Recipient nonce belonging to CMP_IP_ir_rmprotection.der */
 519     const unsigned char rec_nonce[OSSL_CMP_SENDERNONCE_LENGTH] = {
 520         0x48, 0xF1, 0x71, 0x1F, 0xE5, 0xAF, 0x1C, 0x8B,
 521         0x21, 0x97, 0x5C, 0x84, 0x74, 0x49, 0xBA, 0x32
 522     };
 523
 524     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 525     setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, rec_nonce);
 526     EXECUTE_TEST(execute_msg_check_test, tear_down);
 527     return result;
 528 }
 529
 530 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 531 static int test_msg_check_recipient_nonce_bad(void)
 532 {
 533     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
 534     setup_check_update(&fixture, 0, allow_unprotected, 1, NULL, rand_data);
 535     EXECUTE_TEST(execute_msg_check_test, tear_down);
 536     return result;
 537 }
 538 #endif
 539
 540 void cleanup_tests(void)
 541 {
 542     X509_free(srvcert);
 543     X509_free(clcert);
 544     X509_free(endentity1);
 545     X509_free(endentity2);
 546     X509_free(intermediate);
 547     X509_free(root);
 548     X509_free(insta_cert);
 549     X509_free(instaca_cert);
 550     OSSL_CMP_MSG_free(ir_unprotected);
 551     OSSL_CMP_MSG_free(ir_rmprotection);
 552     OSSL_LIB_CTX_free(libctx);
 553     return;
 554 }
 555
 556
 557 #define USAGE "server.crt client.crt " \
 558     "EndEntity1.crt EndEntity2.crt " \
 559     "Root_CA.crt Intermediate_CA.crt " \
 560     "CMP_IR_protected.der CMP_IR_unprotected.der " \
 561     "IP_waitingStatus_PBM.der IR_rmprotection.der " \
 562     "insta.cert.pem insta_ca.cert.pem " \
 563     "IR_protected_0_extraCerts.der " \
 564     "IR_protected_2_extraCerts.der module_name [module_conf_file]\n"
 565 OPT_TEST_DECLARE_USAGE(USAGE)
 566
 567 int setup_tests(void)
 568 {
 569     /* Set test time stamps */
 570     struct tm ts = { 0 };
 571
 572     ts.tm_year = 2018 - 1900;      /* 2018 */
 573     ts.tm_mon = 1;                 /* February */
 574     ts.tm_mday = 18;               /* 18th */
 575     test_time_valid = mktime(&ts); /* February 18th 2018 */
 576     ts.tm_year += 10;              /* February 18th 2028 */
 577     test_time_after_expiration = mktime(&ts);
 578
 579     if (!test_skip_common_options()) {
 580         TEST_error("Error parsing test options\n");
 581         return 0;
 582     }
 583
 584     RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
 585     if (!TEST_ptr(server_f = test_get_argument(0))
 586             || !TEST_ptr(client_f = test_get_argument(1))
 587             || !TEST_ptr(endentity1_f = test_get_argument(2))
 588             || !TEST_ptr(endentity2_f = test_get_argument(3))
 589             || !TEST_ptr(root_f = test_get_argument(4))
 590             || !TEST_ptr(intermediate_f = test_get_argument(5))
 591             || !TEST_ptr(ir_protected_f = test_get_argument(6))
 592             || !TEST_ptr(ir_unprotected_f = test_get_argument(7))
 593             || !TEST_ptr(ip_waiting_f = test_get_argument(8))
 594             || !TEST_ptr(ir_rmprotection_f = test_get_argument(9))
 595             || !TEST_ptr(instacert_f = test_get_argument(10))
 596             || !TEST_ptr(instaca_f = test_get_argument(11))
 597             || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
 598             || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
 599         TEST_error("usage: cmp_vfy_test %s", USAGE);
 600         return 0;
 601     }
 602
 603     if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 14, USAGE))
 604         return 0;
 605
 606     /* Load certificates for cert chain */
 607     if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
 608             || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
 609             || !TEST_ptr(root = load_cert_pem(root_f, NULL))
 610             || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
 611         goto err;
 612
 613     if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx))
 614             || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx)))
 615         goto err;
 616
 617     /* Load certificates for message validation */
 618     if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx))
 619             || !TEST_ptr(clcert = load_cert_pem(client_f, libctx)))
 620         goto err;
 621     if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
 622         goto err;
 623     if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
 624             || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
 625         goto err;
 626
 627     /* Message validation tests */
 628     ADD_TEST(test_verify_popo);
 629 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 630     ADD_TEST(test_verify_popo_bad);
 631 #endif
 632     ADD_TEST(test_validate_msg_signature_trusted_ok);
 633 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 634     ADD_TEST(test_validate_msg_signature_trusted_expired);
 635 #endif
 636     ADD_TEST(test_validate_msg_signature_srvcert_wrong);
 637 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 638     ADD_TEST(test_validate_msg_signature_bad);
 639 #endif
 640     ADD_TEST(test_validate_msg_signature_sender_cert_srvcert);
 641     ADD_TEST(test_validate_msg_signature_sender_cert_untrusted);
 642     ADD_TEST(test_validate_msg_signature_sender_cert_trusted);
 643     ADD_TEST(test_validate_msg_signature_sender_cert_extracert);
 644 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 645     ADD_TEST(test_validate_msg_signature_sender_cert_absent);
 646 #endif
 647     ADD_TEST(test_validate_msg_signature_expected_sender);
 648     ADD_TEST(test_validate_msg_signature_unexpected_sender);
 649 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 650     ADD_TEST(test_validate_msg_unprotected_request);
 651 #endif
 652     ADD_TEST(test_validate_msg_mac_alg_protection);
 653 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 654     ADD_TEST(test_validate_msg_mac_alg_protection_bad);
 655 #endif
 656
 657     /* Cert path validation tests */
 658     ADD_TEST(test_validate_cert_path_ok);
 659     ADD_TEST(test_validate_cert_path_expired);
 660     ADD_TEST(test_validate_cert_path_wrong_anchor);
 661
 662 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 663     ADD_TEST(test_msg_check_no_protection_no_cb);
 664     ADD_TEST(test_msg_check_no_protection_restrictive_cb);
 665 #endif
 666     ADD_TEST(test_msg_check_no_protection_permissive_cb);
 667     ADD_TEST(test_msg_check_transaction_id);
 668 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 669     ADD_TEST(test_msg_check_transaction_id_bad);
 670 #endif
 671     ADD_TEST(test_msg_check_recipient_nonce);
 672 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 673     ADD_TEST(test_msg_check_recipient_nonce_bad);
 674 #endif
 675
 676     return 1;
 677
 678  err:
 679     cleanup_tests();
 680     return 0;
 681
 682 }