diff options
Diffstat (limited to 'test')
21 files changed, 1363 insertions, 68 deletions
diff --git a/test/build.info b/test/build.info index df6cc713fe..0be3ee078c 100644 --- a/test/build.info +++ b/test/build.info @@ -481,7 +481,8 @@ IF[{- !$disabled{tests} -}] DEPEND[conf_include_test]=../libcrypto libtestutil.a IF[{- !$disabled{cmp} -}] - PROGRAMS{noinst}=cmp_asn_test cmp_ctx_test cmp_status_test cmp_hdr_test + PROGRAMS{noinst}=cmp_asn_test cmp_ctx_test cmp_status_test cmp_hdr_test \ + cmp_protect_test cmp_msg_test ENDIF SOURCE[cmp_asn_test]=cmp_asn_test.c cmp_testlib.c @@ -500,6 +501,14 @@ IF[{- !$disabled{tests} -}] INCLUDE[cmp_status_test]=.. ../include ../apps/include DEPEND[cmp_status_test]=../libcrypto.a libtestutil.a + SOURCE[cmp_protect_test]=cmp_status_test.c cmp_testlib.c + INCLUDE[cmp_protect_test]=.. ../include ../apps/include + DEPEND[cmp_protect_test]=../libcrypto.a libtestutil.a + + SOURCE[cmp_msg_test]=cmp_status_test.c cmp_testlib.c + INCLUDE[cmp_msg_test]=.. ../include ../apps/include + DEPEND[cmp_msg_test]=../libcrypto.a libtestutil.a + # Internal test programs. These are essentially a collection of internal # test routines. Some of them need to reach internal symbols that aren't # available through the shared library (at least on Linux, Solaris, Windows diff --git a/test/cmp_asn_test.c b/test/cmp_asn_test.c index 9a224f3a56..10661b3ff0 100644 --- a/test/cmp_asn_test.c +++ b/test/cmp_asn_test.c @@ -40,8 +40,7 @@ static void tear_down(CMP_ASN_TEST_FIXTURE *fixture) OPENSSL_free(fixture); } -static int execute_cmp_asn1_get_int_test(CMP_ASN_TEST_FIXTURE * - fixture) +static int execute_cmp_asn1_get_int_test(CMP_ASN_TEST_FIXTURE *fixture) { ASN1_INTEGER *asn1integer = ASN1_INTEGER_new(); ASN1_INTEGER_set(asn1integer, 77); @@ -115,8 +114,10 @@ int setup_tests(void) ADD_TEST(test_cmp_asn1_get_int); ADD_TEST(test_ASN1_OCTET_STRING_set); ADD_TEST(test_ASN1_OCTET_STRING_set_tgt_is_src); - /* TODO make sure that total number of tests (here currently 24) is shown, - also for other cmp_*text.c. Currently the test drivers always show 1. */ + /* + * TODO make sure that total number of tests (here currently 24) is shown, + * also for other cmp_*text.c. Currently the test drivers always show 1. + */ return 1; } diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index d7a3edb140..627df72182 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -39,7 +39,8 @@ static OSSL_CMP_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) return fixture; } -static STACK_OF(X509) *sk_X509_new_1(void) { +static STACK_OF(X509) *sk_X509_new_1(void) +{ STACK_OF(X509) *sk = sk_X509_new_null(); X509 *x = X509_new(); @@ -51,7 +52,8 @@ static STACK_OF(X509) *sk_X509_new_1(void) { return sk; } -static void sk_X509_pop_X509_free(STACK_OF(X509) *sk) { +static void sk_X509_pop_X509_free(STACK_OF(X509) *sk) +{ sk_X509_pop_free(sk, X509_free); } @@ -75,7 +77,6 @@ static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) || !OSSL_CMP_CTX_set1_transactionID(ctx, bytes) || !OSSL_CMP_CTX_set1_senderNonce(ctx, bytes) || !ossl_cmp_ctx_set1_recipNonce(ctx, bytes)) - goto err; if (!TEST_true(OSSL_CMP_CTX_reinit(ctx))) @@ -335,7 +336,7 @@ static int execute_CTX_##SETN##_##GETN##_##FIELD( \ CMP_CTX *ctx = fixture->ctx; \ int (*set_fn)(CMP_CTX *ctx, TYPE) = \ (int (*)(CMP_CTX *ctx, TYPE))PREFIX##_##SETN##_##FIELD; \ - /* need type cast in above assignment because TYPE arg sometimes is const */ \ + /* need type cast in above assignment because TYPE arg sometimes is const */ \ TYPE (*get_fn)(const CMP_CTX *ctx) = OSSL_CMP_CTX_##GETN##_##FIELD; \ TYPE val1_to_free = NEW; \ TYPE val1 = val1_to_free; \ @@ -467,17 +468,20 @@ static int test_CTX_##SETN##_##GETN##_##FIELD(void) \ return result; \ } -static char *char_new(void) { +static char *char_new(void) +{ return OPENSSL_strdup("test"); } -static void char_free(char *val) { +static void char_free(char *val) +{ OPENSSL_free(val); } #define EMPTY_SK_X509(x) ((x) == NULL || sk_X509_num(x) == 0) -static X509_STORE *X509_STORE_new_1(void) { +static X509_STORE *X509_STORE_new_1(void) +{ X509_STORE *store = X509_STORE_new(); if (store != NULL) @@ -497,24 +501,24 @@ static X509_STORE *X509_STORE_new_1(void) { #define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ - TYPE*, NULL, IS_0, TYPE##_new(), TYPE##_free) + TYPE*, NULL, IS_0, TYPE##_new(), TYPE##_free) #define DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FIELD, ELEM_TYPE, \ DEFAULT, NEW, FREE) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, 1, FIELD, \ - STACK_OF(ELEM_TYPE)*, NULL, DEFAULT, NEW, FREE) + STACK_OF(ELEM_TYPE)*, NULL, DEFAULT, NEW, FREE) #define DEFINE_SET_GET_SK_TEST(OSSL_CMP, CTX, N, M, FIELD, T) \ DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FIELD, T, \ - IS_0, sk_##T##_new_null(), sk_##T##_free) + IS_0, sk_##T##_new_null(), sk_##T##_free) #define DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, N, M, FNAME) \ DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FNAME, X509, \ - EMPTY_SK_X509, \ - sk_X509_new_1(), sk_X509_pop_X509_free) + EMPTY_SK_X509, \ + sk_X509_new_1(), sk_X509_pop_X509_free) #define DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE, \ DEFAULT) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ - TYPE*, NULL, DEFAULT, TYPE##_new(), TYPE##_free) + TYPE*, NULL, DEFAULT, TYPE##_new(), TYPE##_free) #define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \ static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ { \ @@ -530,27 +534,26 @@ static X509_STORE *X509_STORE_new_1(void) { return ctx == NULL ? ERR(NULL) : ctx->FIELD; \ } \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get0, 1, FIELD, \ - STACK_OF(TYPE)*, NULL, IS_0, \ - sk_##TYPE##_new_null(), sk_##TYPE##_free) + STACK_OF(TYPE)*, NULL, IS_0, \ + sk_##TYPE##_new_null(), sk_##TYPE##_free) #define DEFINE_SET_CB_TEST(FIELD) \ - static OSSL_cmp_##FIELD##_t \ - OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ + static OSSL_cmp_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ { \ if (ctx == NULL) \ CMPerr(0, CMP_R_NULL_ARGUMENT); \ return ctx == NULL ? NULL /* cannot use ERR(NULL) here */ : ctx->FIELD;\ } \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, \ - OSSL_cmp_##FIELD##_t, NULL, IS_0, \ - test_##FIELD, DROP) + OSSL_cmp_##FIELD##_t, NULL, IS_0, \ + test_##FIELD, DROP) #define DEFINE_SET_GET_P_VOID_TEST(FIELD) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, void*, \ - NULL, IS_0, ((void *)1), DROP) + NULL, IS_0, ((void *)1), DROP) #define DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, DEFAULT) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set, get, 0, FIELD, int, -1, \ - DEFAULT, 1, DROP) + DEFAULT, 1, DROP) #define DEFINE_SET_GET_INT_TEST(OSSL_CMP, CTX, FIELD) \ DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, IS_NEG) #define DEFINE_SET_PORT_TEST(FIELD) \ @@ -590,8 +593,9 @@ static X509_STORE *X509_STORE_new_1(void) { #define push0 0 #define push1 1 #define DEFINE_PUSH_BASE_TEST(PUSHN, DUP, FIELD, ELEM, TYPE, T, \ - DEFAULT, NEW, FREE) \ -static TYPE sk_top_##FIELD(const CMP_CTX *ctx) { \ + DEFAULT, NEW, FREE) \ +static TYPE sk_top_##FIELD(const CMP_CTX *ctx) \ +{ \ return sk_##T##_value(ctx->FIELD, sk_##T##_num(ctx->FIELD) - 1); \ } \ \ @@ -600,7 +604,9 @@ static int execute_CTX_##PUSHN##_##ELEM(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ CMP_CTX *ctx = fixture->ctx; \ int (*push_fn)(CMP_CTX *ctx, TYPE) = \ (int (*)(CMP_CTX *ctx, TYPE))OSSL_CMP_CTX_##PUSHN##_##ELEM; \ - /* need type cast in above assignment because TYPE arg sometimes is const */ \ + /* \ + * need type cast in above assignment because TYPE arg sometimes is const \ + */ \ int n_elem = sk_##T##_num(ctx->FIELD); \ STACK_OF(TYPE) field_read; \ TYPE val1_to_free = NEW; \ @@ -696,7 +702,7 @@ static int test_CTX_##PUSHN##_##ELEM(void) \ #define DEFINE_PUSH_TEST(N, DUP, FIELD, ELEM, TYPE) \ DEFINE_PUSH_BASE_TEST(push##N, DUP, FIELD, ELEM, TYPE*, TYPE, \ - IS_0, TYPE##_new(), TYPE##_free) + IS_0, TYPE##_new(), TYPE##_free) void cleanup_tests(void) { @@ -704,9 +710,9 @@ void cleanup_tests(void) } DEFINE_SET_GET_ARG_FN(set, get, option, 16, int) - /* option == OSSL_CMP_OPT_IGNORE_KEYUSAGE */ +/* option == OSSL_CMP_OPT_IGNORE_KEYUSAGE */ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_16, int, -1, IS_0, \ - 1 /* true */, DROP) + 1 /* true */, DROP) #ifndef OPENSSL_NO_TRACE DEFINE_SET_CB_TEST(log_cb) @@ -726,8 +732,8 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, srvCert, X509) DEFINE_SET_TEST(ossl_cmp, ctx, 0, 0, validatedSrvCert, X509) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME) DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore, - X509_STORE*, NULL, - DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) + X509_STORE*, NULL, + DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, clCert, X509) @@ -741,11 +747,10 @@ DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_1, EVP_PKEY) DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 0, EVP_PKEY*) /* priv == 0 */ DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_0, EVP_PKEY) DEFINE_SET_GET1_STR_FN(set1, referenceValue) -DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, referenceValue_str, - char, IS_0) +DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, referenceValue_str, char, + IS_0) DEFINE_SET_GET1_STR_FN(set1, secretValue) -DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, secretValue_str, - char, IS_0) +DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, secretValue_str, char, IS_0) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, issuer, X509_NAME) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, subjectName, X509_NAME) #ifdef ISSUE_9504_RESOLVED @@ -768,8 +773,8 @@ DEFINE_SET_GET_TEST(ossl_cmp, ctx, 0, 0, 0, newCert, X509) DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, caPubs) DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, extraCertsIn) -DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, transactionID, - ASN1_OCTET_STRING, IS_0) +DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, transactionID, ASN1_OCTET_STRING, + IS_0) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, senderNonce, ASN1_OCTET_STRING) DEFINE_SET_TEST(ossl_cmp, ctx, 1, 1, recipNonce, ASN1_OCTET_STRING) @@ -779,9 +784,9 @@ int setup_tests(void) /* OSSL_CMP_CTX_free() is tested by tear_down() */ ADD_TEST(test_CTX_reinit); -/* various CMP options: */ + /* various CMP options: */ ADD_TEST(test_CTX_set_get_option_16); -/* CMP-specific callback for logging and outputting the error queue: */ + /* CMP-specific callback for logging and outputting the error queue: */ #ifndef OPENSSL_NO_TRACE ADD_TEST(test_CTX_set_get_log_cb); #endif @@ -793,13 +798,14 @@ int setup_tests(void) */ ADD_TEST(test_cmp_ctx_log_cb); #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) - /* also tests OSSL_CMP_CTX_set_log_cb(), OSSL_CMP_print_errors_cb(), - ossl_cmp_add_error_txt(), and the macros - ossl_cmp_add_error_data and ossl_cmp_add_error_line: - */ + /* + * also tests OSSL_CMP_CTX_set_log_cb(), OSSL_CMP_print_errors_cb(), + * ossl_cmp_add_error_txt(), and the macros + * ossl_cmp_add_error_data and ossl_cmp_add_error_line: + */ ADD_TEST(test_CTX_print_errors); #endif -/* message transfer: */ + /* message transfer: */ ADD_TEST(test_CTX_set1_get0_serverPath); ADD_TEST(test_CTX_set1_get0_serverName); ADD_TEST(test_CTX_set_get_serverPort); @@ -809,29 +815,31 @@ int setup_tests(void) ADD_TEST(test_CTX_set_get_http_cb_arg); ADD_TEST(test_CTX_set_get_transfer_cb); ADD_TEST(test_CTX_set_get_transfer_cb_arg); -/* server authentication: */ + /* server authentication: */ ADD_TEST(test_CTX_set1_get0_srvCert); ADD_TEST(test_CTX_set0_get0_validatedSrvCert); ADD_TEST(test_CTX_set1_get0_expected_sender); ADD_TEST(test_CTX_set0_get0_trustedStore); ADD_TEST(test_CTX_set1_get0_untrusted_certs); -/* client authentication: */ + /* client authentication: */ ADD_TEST(test_CTX_set1_get0_clCert); ADD_TEST(test_CTX_set1_get0_pkey); /* the following two also test ossl_cmp_asn1_octet_string_set1_bytes(): */ ADD_TEST(test_CTX_set1_get1_referenceValue_str); ADD_TEST(test_CTX_set1_get1_secretValue_str); -/* CMP message header and extra certificates: */ + /* CMP message header and extra certificates: */ ADD_TEST(test_CTX_set1_get0_recipient); ADD_TEST(test_CTX_push0_geninfo_ITAV); ADD_TEST(test_CTX_set1_get0_extraCertsOut); -/* certificate template: */ + /* certificate template: */ ADD_TEST(test_CTX_set0_get0_newPkey_1); ADD_TEST(test_CTX_set0_get0_newPkey_0); ADD_TEST(test_CTX_set1_get0_issuer); ADD_TEST(test_CTX_set1_get0_subjectName); #ifdef ISSUE_9504_RESOLVED -/* test currently fails, see https://github.com/openssl/openssl/issues/9504 */ + /* + * test currently fails, see https://github.com/openssl/openssl/issues/9504 + */ ADD_TEST(test_CTX_push1_subjectAltName); #endif ADD_TEST(test_CTX_set0_get0_reqExtensions); @@ -839,28 +847,28 @@ int setup_tests(void) ADD_TEST(test_CTX_push0_policy); ADD_TEST(test_CTX_set1_get0_oldCert); #ifdef ISSUE_9504_RESOLVED -/* test currently fails, see https://github.com/openssl/openssl/issues/9504 */ + /* + * test currently fails, see https://github.com/openssl/openssl/issues/9504 + */ ADD_TEST(test_CTX_set1_get0_p10CSR); #endif -/* misc body contents: */ + /* misc body contents: */ ADD_TEST(test_CTX_push0_genm_ITAV); -/* certificate confirmation: */ + /* certificate confirmation: */ ADD_TEST(test_CTX_set_get_certConf_cb); ADD_TEST(test_CTX_set_get_certConf_cb_arg); -/* result fetching: */ + /* result fetching: */ ADD_TEST(test_CTX_set_get_status); ADD_TEST(test_CTX_set0_get0_statusString); ADD_TEST(test_CTX_set_get_failInfoCode); ADD_TEST(test_CTX_set0_get0_newCert); ADD_TEST(test_CTX_set1_get1_caPubs); ADD_TEST(test_CTX_set1_get1_extraCertsIn); -/* exported for testing and debugging purposes: */ + /* exported for testing and debugging purposes: */ /* the following three also test ossl_cmp_asn1_octet_string_set1(): */ ADD_TEST(test_CTX_set1_get0_transactionID); ADD_TEST(test_CTX_set1_get0_senderNonce); ADD_TEST(test_CTX_set1_get0_recipNonce); - - /* TODO ossl_cmp_build_cert_chain() will be tested with cmp_protect.c*/ - + /* ossl_cmp_build_cert_chain() is tested in cmp_protect.c */ return 1; } diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index 4f1b4a5a79..a9b2aff79c 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -193,7 +193,9 @@ static int execute_HDR_set1_senderKID_test(CMP_HDR_TEST_FIXTURE *fixture) if (!TEST_ptr(senderKID)) return 0; - ASN1_OCTET_STRING_set(senderKID, rand_data, sizeof(rand_data)); + if (!TEST_int_eq(ASN1_OCTET_STRING_set(senderKID, rand_data, + sizeof(rand_data)), 1)) + return 0; if (!TEST_int_eq(ossl_cmp_hdr_set1_senderKID(fixture->hdr, senderKID), 1)) return 0; if (!TEST_int_eq( @@ -372,7 +374,7 @@ static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) || !TEST_true(0 == ASN1_OCTET_STRING_cmp( ossl_cmp_hdr_get0_senderNonce(fixture->hdr), fixture->cmp_ctx->senderNonce)) - || !TEST_true(0 == ASN1_OCTET_STRING_cmp( + || !TEST_true(0 == ASN1_OCTET_STRING_cmp( OSSL_CMP_HDR_get0_transactionID(fixture->hdr), fixture->cmp_ctx->transactionID))) goto err; @@ -414,9 +416,9 @@ static int test_HDR_init_with_subject(void) fixture->expected = 1; if (!TEST_ptr(subject = X509_NAME_new()) - || !TEST_true(X509_NAME_ADD(subject, "CN", "Common Name")) - || !TEST_true(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, - subject))) { + || !TEST_true(X509_NAME_ADD(subject, "CN", "Common Name")) + || !TEST_true(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, + subject))) { tear_down(fixture); fixture = NULL; } @@ -461,8 +463,10 @@ int setup_tests(void) ADD_TEST(test_HDR_init); ADD_TEST(test_HDR_init_with_subject); ADD_TEST(test_HDR_init_no_ref_no_subject); - /* TODO make sure that total number of tests (here currently 24) is shown, - also for other cmp_*text.c. Currently the test drivers always show 1. */ + /* + * TODO make sure that total number of tests (here currently 24) is shown, + * also for other cmp_*text.c. Currently the test drivers always show 1. + */ return 1; } diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c new file mode 100644 index 0000000000..103ff58af4 --- /dev/null +++ b/test/cmp_msg_test.c @@ -0,0 +1,577 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cmp_testlib.h" + +static const char *server_cert_f; +static const char *pkcs10_f; + +typedef struct test_fixture { + const char *test_case_name; + OSSL_CMP_CTX *cmp_ctx; + /* for msg create tests */ + int bodytype; + int err_code; + /* for certConf */ + int fail_info; + /* for protection tests */ + OSSL_CMP_MSG *msg; + int expected; + /* for error and response messages */ + OSSL_CMP_PKISI *si; +} CMP_MSG_TEST_FIXTURE; + +static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; + +static void tear_down(CMP_MSG_TEST_FIXTURE *fixture) +{ + OSSL_CMP_CTX_free(fixture->cmp_ctx); + OSSL_CMP_MSG_free(fixture->msg); + OSSL_CMP_PKISI_free(fixture->si); + OPENSSL_free(fixture); +} + +#define SET_OPT_UNPROTECTED_SEND(ctx, val) \ + OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) +static CMP_MSG_TEST_FIXTURE *set_up(const char *const test_case_name) +{ + CMP_MSG_TEST_FIXTURE *fixture; + + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + return NULL; + fixture->test_case_name = test_case_name; + + if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new()) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1)) + || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, + ref, sizeof(ref)))) { + tear_down(fixture); + return NULL; + } + return fixture; +} + +static EVP_PKEY *newkey = NULL; +static X509 *cert = NULL; + +#define EXECUTE_MSG_CREATION_TEST(expr) \ + do { \ + OSSL_CMP_MSG *msg = NULL; \ + int good = fixture->expected != 0 ? \ + TEST_ptr(msg = (expr)) && TEST_true(valid_asn1_encoding(msg)) : \ + TEST_ptr_null(msg = (expr)); \ + \ + OSSL_CMP_MSG_free(msg); \ + return good; \ + } while (0) + +/*- + * The following tests call a cmp message creation function. + * if fixture->expected != 0: + * returns 1 if the message is created and syntactically correct. + * if fixture->expected == 0 + * returns 1 if message creation returns NULL + */ +static int execute_certreq_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_certReq_new(fixture->cmp_ctx, + fixture->bodytype, + fixture->err_code)); +} + +static int execute_errormsg_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_error_new(fixture->cmp_ctx, fixture->si, + fixture->err_code, + NULL /* fixture->free_text */, + 0)); +} + +static int execute_rr_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_rr_new(fixture->cmp_ctx)); +} + +static int execute_certconf_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_certConf_new + (fixture->cmp_ctx, fixture->fail_info, NULL)); +} + +static int execute_genm_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_genm_new(fixture->cmp_ctx)); +} + +static int execute_pollreq_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_pollReq_new(fixture->cmp_ctx, 4711)); +} + +static int execute_pkimessage_create_test(CMP_MSG_TEST_FIXTURE *fixture) +{ + EXECUTE_MSG_CREATION_TEST(ossl_cmp_msg_create + (fixture->cmp_ctx, fixture->bodytype)); +} + +static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY* pkey) +{ + if (!EVP_PKEY_up_ref(pkey)) + return 0; + + if (!OSSL_CMP_CTX_set0_newPkey(ctx, 1, pkey)) { + EVP_PKEY_free(pkey); + return 0; + } + return 1; +} + +static int test_cmp_create_ir_protection_set(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + OSSL_CMP_CTX *ctx = fixture->cmp_ctx; + unsigned char secret[16]; + + fixture->bodytype = OSSL_CMP_PKIBODY_IR; + fixture->err_code = CMP_R_ERROR_CREATING_IR; + fixture->expected = 1; + if (!TEST_int_eq(1, RAND_bytes(secret, sizeof(secret))) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) + || !TEST_true(set1_newPkey(ctx, newkey)) + || !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret, + sizeof(secret)))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_ir_protection_fails(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_IR; + fixture->err_code = CMP_R_ERROR_CREATING_IR; + fixture->expected = 0; + if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, newkey)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) + || !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_cr_without_key(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_CR; + fixture->err_code = CMP_R_ERROR_CREATING_CR; + fixture->expected = 0; + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_cr(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_CR; + fixture->err_code = CMP_R_ERROR_CREATING_CR; + fixture->expected = 1; + if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_certreq_with_invalid_bodytype(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_RR; + fixture->err_code = CMP_R_ERROR_CREATING_IR; + fixture->expected = 0; + if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_p10cr(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + OSSL_CMP_CTX *ctx = fixture->cmp_ctx; + X509_REQ *p10cr = NULL; + + fixture->bodytype = OSSL_CMP_PKIBODY_P10CR; + fixture->err_code = CMP_R_ERROR_CREATING_P10CR; + fixture->expected = 1; + if (!TEST_ptr(p10cr = load_csr(pkcs10_f)) + || !TEST_true(set1_newPkey(ctx, newkey)) + || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) { + tear_down(fixture); + fixture = NULL; + } + X509_REQ_free(p10cr); + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_p10cr_null(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_P10CR; + fixture->err_code = CMP_R_ERROR_CREATING_P10CR; + fixture->expected = 0; + if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_kur(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_KUR; + fixture->err_code = CMP_R_ERROR_CREATING_KUR; + fixture->expected = 1; + if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey)) + || !TEST_true(OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, cert))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_kur_without_oldcert(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->bodytype = OSSL_CMP_PKIBODY_KUR; + fixture->err_code = CMP_R_ERROR_CREATING_KUR; + fixture->expected = 0; + if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_certconf(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->fail_info = 0; + fixture->expected = 1; + if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, + X509_dup(cert)))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certconf_create_test, tear_down); + return result; +} + +static int test_cmp_create_certconf_badAlg(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg; + fixture->expected = 1; + if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, + X509_dup(cert)))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certconf_create_test, tear_down); + return result; +} + +static int test_cmp_create_certconf_fail_info_max(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX; + fixture->expected = 1; + if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, + X509_dup(cert)))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_certconf_create_test, tear_down); + return result; +} + +static int test_cmp_create_error_msg(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->si = ossl_cmp_statusinfo_new(OSSL_CMP_PKISTATUS_rejection, + OSSL_CMP_PKIFAILUREINFO_systemFailure, + NULL); + fixture->err_code = -1; + fixture->expected = 1; /* Expected: Message creation is successful */ + if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_errormsg_create_test, tear_down); + return result; +} + + +static int test_cmp_create_pollreq(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->expected = 1; + EXECUTE_TEST(execute_pollreq_create_test, tear_down); + return result; +} + +static int test_cmp_create_rr(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->expected = 1; + if (!TEST_true(OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, cert))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_rr_create_test, tear_down); + return result; +} + +static int test_cmp_create_genm(void) +{ + OSSL_CMP_ITAV *iv = NULL; + + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + fixture->expected = 1; + iv = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm), NULL); + if (!TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1)) + || !TEST_ptr(iv) + || !TEST_true(OSSL_CMP_CTX_push0_genm_ITAV(fixture->cmp_ctx, iv))) { + OSSL_CMP_ITAV_free(iv); + tear_down(fixture); + fixture = NULL; + } + + EXECUTE_TEST(execute_genm_create_test, tear_down); + return result; +} + +static int execute_certrep_create(CMP_MSG_TEST_FIXTURE *fixture) +{ + OSSL_CMP_CERTREPMESSAGE *crepmsg = OSSL_CMP_CERTREPMESSAGE_new(); + OSSL_CMP_CERTRESPONSE *read_cresp, *cresp = OSSL_CMP_CERTRESPONSE_new(); + EVP_PKEY *privkey; + X509 *certfromresp = NULL; + int res = 0; + + if (crepmsg == NULL || cresp == NULL) + goto err; + if (!ASN1_INTEGER_set(cresp->certReqId, 99)) + goto err; + if ((cresp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) == NULL) + goto err; + cresp->certifiedKeyPair->certOrEncCert->type = + OSSL_CMP_CERTORENCCERT_CERTIFICATE; + if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate = + X509_dup(cert)) == NULL + || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp)) + goto err; + cresp = NULL; + read_cresp = ossl_cmp_certrepmessage_get0_certresponse(crepmsg, 99); + if (!TEST_ptr(read_cresp)) + goto err; + if (!TEST_ptr_null(ossl_cmp_certrepmessage_get0_certresponse(crepmsg, 88))) + goto err; + privkey = OSSL_CMP_CTX_get0_newPkey(fixture->cmp_ctx, 1); /* may be NULL */ + certfromresp = ossl_cmp_certresponse_get1_certificate(privkey, read_cresp); + if (certfromresp == NULL || !TEST_int_eq(X509_cmp(cert, certfromresp), 0)) + goto err; + + res = 1; + err: + X509_free(certfromresp); + OSSL_CMP_CERTRESPONSE_free(cresp); + OSSL_CMP_CERTREPMESSAGE_free(crepmsg); + return res; +} + +static int test_cmp_create_certrep(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + EXECUTE_TEST(execute_certrep_create, tear_down); + return result; +} + + +static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) +{ + OSSL_CMP_PKISI *si = ossl_cmp_statusinfo_new(33, 44, "a text"); + X509_NAME *issuer = X509_NAME_new(); + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + OSSL_CRMF_CERTID *cid = NULL; + OSSL_CMP_MSG *rpmsg = NULL; + int res = 0; + + if (si == NULL || issuer == NULL || serial == NULL) + goto err; + + if (!X509_NAME_add_entry_by_txt(issuer, "CN", MBSTRING_ASC, + (unsigned char*)"The Issuer", -1, -1, 0) + || !ASN1_INTEGER_set(serial, 99) + || (cid = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL + || (rpmsg = ossl_cmp_rp_new(fixture->cmp_ctx, si, cid, 1)) == NULL) + goto err; + + if (!TEST_ptr(ossl_cmp_revrepcontent_get_CertId(rpmsg->body->value.rp, 0))) + goto err; + + if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkistatusinfo(rpmsg->body->value.rp, + 0))) + goto err; + + res = 1; + err: + ASN1_INTEGER_free(serial); + X509_NAME_free(issuer); + OSSL_CRMF_CERTID_free(cid); + OSSL_CMP_PKISI_free(si); + OSSL_CMP_MSG_free(rpmsg); + return res; +} + +static int test_cmp_create_rp(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + EXECUTE_TEST(execute_rp_create, tear_down); + return result; +} + +static int execute_pollrep_create(CMP_MSG_TEST_FIXTURE *fixture) +{ + OSSL_CMP_MSG *pollrep; + int res = 0; + + pollrep = ossl_cmp_pollRep_new(fixture->cmp_ctx, 77, 2000); + if (!TEST_ptr(pollrep)) + return 0; + if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep( + pollrep->body->value.pollRep, 77))) + goto err; + if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep( + pollrep->body->value.pollRep, 88))) + goto err; + + res = 1; + err: + OSSL_CMP_MSG_free(pollrep); + return res; +} + +static int test_cmp_create_pollrep(void) +{ + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + EXECUTE_TEST(execute_pollrep_create, tear_down); + return result; +} + +static int test_cmp_pkimessage_create(int bodytype) +{ + X509_REQ *p10cr = NULL; + + SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); + + switch (fixture->bodytype = bodytype) { + case OSSL_CMP_PKIBODY_P10CR: + fixture->expected = 1; + if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, + p10cr = load_csr(pkcs10_f)))) { + tear_down(fixture); + fixture = NULL; + } + X509_REQ_free(p10cr); + break; + case OSSL_CMP_PKIBODY_IR: + case OSSL_CMP_PKIBODY_IP: + case OSSL_CMP_PKIBODY_CR: + case OSSL_CMP_PKIBODY_CP: + case OSSL_CMP_PKIBODY_KUR: + case OSSL_CMP_PKIBODY_KUP: + case OSSL_CMP_PKIBODY_RR: + case OSSL_CMP_PKIBODY_RP: + case OSSL_CMP_PKIBODY_PKICONF: + case OSSL_CMP_PKIBODY_GENM: + case OSSL_CMP_PKIBODY_GENP: + case OSSL_CMP_PKIBODY_ERROR: + case OSSL_CMP_PKIBODY_CERTCONF: + case OSSL_CMP_PKIBODY_POLLREQ: + case OSSL_CMP_PKIBODY_POLLREP: + fixture->expected = 1; + break; + default: + fixture->expected = 0; + break; + } + + EXECUTE_TEST(execute_pkimessage_create_test, tear_down); + return result; +} + +void cleanup_tests(void) +{ + EVP_PKEY_free(newkey); + X509_free(cert); +} + +int setup_tests(void) +{ + if (!TEST_ptr(server_cert_f = test_get_argument(0)) + || !TEST_ptr(pkcs10_f = test_get_argument(1))) { + TEST_error("usage: cmp_msg_test server.crt pkcs10.der\n"); + return 0; + } + + if (!TEST_ptr(newkey = gen_rsa()) + || !TEST_ptr(cert = load_pem_cert(server_cert_f)) + || !TEST_int_eq(1, RAND_bytes(ref, sizeof(ref)))) { + cleanup_tests(); + return 0; + } + + /* Message creation tests */ + ADD_TEST(test_cmp_create_certreq_with_invalid_bodytype); + ADD_TEST(test_cmp_create_ir_protection_fails); + ADD_TEST(test_cmp_create_ir_protection_set); + ADD_TEST(test_cmp_create_error_msg); + ADD_TEST(test_cmp_create_certconf); + ADD_TEST(test_cmp_create_certconf_badAlg); + ADD_TEST(test_cmp_create_certconf_fail_info_max); + ADD_TEST(test_cmp_create_kur); + ADD_TEST(test_cmp_create_kur_without_oldcert); + ADD_TEST(test_cmp_create_cr); + ADD_TEST(test_cmp_create_cr_without_key); + ADD_TEST(test_cmp_create_p10cr); + ADD_TEST(test_cmp_create_p10cr_null); + ADD_TEST(test_cmp_create_pollreq); + ADD_TEST(test_cmp_create_rr); + ADD_TEST(test_cmp_create_rp); + ADD_TEST(test_cmp_create_genm); + ADD_TEST(test_cmp_create_certrep); + ADD_TEST(test_cmp_create_pollrep); + ADD_ALL_TESTS_NOSUBTEST(test_cmp_pkimessage_create, + OSSL_CMP_PKIBODY_POLLREP + 1); + return 1; +} diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c new file mode 100644 index 0000000000..89be39f7fc --- /dev/null +++ b/test/cmp_protect_test.c @@ -0,0 +1,517 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cmp_testlib.h" + +static const char *ir_protected_f; +static const char *ir_unprotected_f; +static const char *ip_PBM_f; + +typedef struct test_fixture { + const char *test_case_name; + OSSL_CMP_CTX *cmp_ctx; + /* for protection tests */ + OSSL_CMP_MSG *msg; + OSSL_CMP_PKISI *si; /* for error and response messages */ + ASN1_OCTET_STRING *secret; + EVP_PKEY *privkey; + EVP_PKEY *pubkey; + unsigned char *mem; + int memlen; + X509 *cert; + STACK_OF(X509) *certs; + STACK_OF(X509) *chain; + int callback_arg; + int expected; +} CMP_PROTECT_TEST_FIXTURE; + +static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + OSSL_CMP_CTX_free(fixture->cmp_ctx); + OSSL_CMP_MSG_free(fixture->msg); + ASN1_OCTET_STRING_free(fixture->secret); + OSSL_CMP_PKISI_free(fixture->si); + + OPENSSL_free(fixture->mem); + sk_X509_free(fixture->certs); + sk_X509_free(fixture->chain); + + OPENSSL_free(fixture); +} + +static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) +{ + CMP_PROTECT_TEST_FIXTURE *fixture; + + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + return NULL; + fixture->test_case_name = test_case_name; + if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())) { + tear_down(fixture); + return NULL; + } + return fixture; +} + +static EVP_PKEY *loadedprivkey = NULL; +static EVP_PKEY *loadedpubkey = NULL; +static EVP_PKEY *loadedkey = NULL; +static X509 *cert = NULL; +static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; +static OSSL_CMP_MSG *ir_unprotected, *ir_protected; +static X509 *endentity1 = NULL, *endentity2 = NULL, + *root = NULL, *intermediate = NULL; + +static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + ASN1_BIT_STRING *protection = + ossl_cmp_calc_protection(fixture->msg, fixture->secret, + fixture->privkey); + int res = TEST_ptr_null(protection); + + ASN1_BIT_STRING_free(protection); + return res; +} + +static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + ASN1_BIT_STRING *protection = + ossl_cmp_calc_protection(fixture->msg, fixture->secret, NULL); + int res = TEST_ptr(protection) + && TEST_true(ASN1_STRING_cmp(protection, fixture->msg->protection) == 0); + + ASN1_BIT_STRING_free(protection); + return res; +} + +/* + * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, + * but without the need for a OSSL_CMP_CTX or a X509 certificate + */ +static int verify_signature(OSSL_CMP_MSG *msg, + ASN1_BIT_STRING *protection, + EVP_PKEY *pkey, int digest_nid) +{ + CMP_PROTECTEDPART prot_part; + unsigned char *prot_part_der = NULL; + int len; + EVP_MD_CTX *ctx = NULL; + const EVP_MD *digest = EVP_get_digestbynid(digest_nid); + int res; + + prot_part.header = OSSL_CMP_MSG_get0_header(msg); + prot_part.body = msg->body; + res = + TEST_int_ge(len = i2d_CMP_PROTECTEDPART(&prot_part, &prot_part_der), 0) + && TEST_ptr(ctx = EVP_MD_CTX_new()) + && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) + && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, + protection->length, + prot_part_der, len), 1); + /* cleanup */ + EVP_MD_CTX_free(ctx); + OPENSSL_free(prot_part_der); + return res; +} + +/* Calls OSSL_CMP_calc_protection and compares and verifies signature */ +static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * + fixture) +{ + ASN1_BIT_STRING *protection = + ossl_cmp_calc_protection(fixture->msg, NULL, fixture->privkey); + int ret = (TEST_ptr(protection) + && TEST_true(ASN1_STRING_cmp(protection, + fixture->msg->protection) == 0) + && TEST_true(verify_signature(fixture->msg, protection, + fixture->pubkey, + fixture->cmp_ctx->digest))); + + ASN1_BIT_STRING_free(protection); + return ret; +} + +static int test_cmp_calc_protection_no_key_no_secret(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f)) + || !TEST_ptr(fixture->msg->header->protectionAlg = + X509_ALGOR_new() /* no specific alg needed here */)) { + tear_down(fixture); + fixture = NULL; + } + + EXECUTE_TEST(execute_calc_protection_fails_test, tear_down); + return result; +} + +static int test_cmp_calc_protection_pkey(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->pubkey = loadedpubkey; + fixture->privkey = loadedprivkey; + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); + return result; +} + +static int test_cmp_calc_protection_pbmac(void) +{ + unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' }; + + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + if (!TEST_ptr(fixture->secret = ASN1_OCTET_STRING_new()) + || !TEST_true(ASN1_OCTET_STRING_set + (fixture->secret, sec_insta, sizeof(sec_insta))) + || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down); + return result; +} +static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + return TEST_int_eq(fixture->expected, + ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); +} + +#define SET_OPT_UNPROTECTED_SEND(ctx, val) \ + OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val)) +static int test_MSG_protect_unprotected_request(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + + fixture->expected = 1; + if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_MSG_protect_test, tear_down); + return result; +} + +static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void) +{ + const size_t size = sizeof(rand_data) / 2; + + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 1; + + if (!TEST_ptr(fixture->msg = + OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) + /* + * Use half of the 16 bytes of random input + * for each reference and secret value + */ + || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, + rand_data, size)) + || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, + rand_data + size, + size))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_MSG_protect_test, tear_down); + return result; +} + +static int test_MSG_protect_with_certificate_and_key(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 1; + + if (!TEST_ptr(fixture->msg = + OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) + || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) + || !TEST_true(OSSL_CMP_CTX_set1_clCert(fixture->cmp_ctx, cert))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_MSG_protect_test, tear_down); + return result; +} + +static int test_MSG_protect_certificate_based_without_cert(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + OSSL_CMP_CTX *ctx = fixture->cmp_ctx; + + fixture->expected = 0; + if (!TEST_ptr(fixture->msg = + OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) + || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { + tear_down(fixture); + fixture = NULL; + } + EVP_PKEY_up_ref(loadedkey); + EXECUTE_TEST(execute_MSG_protect_test, tear_down); + return result; +} + +static int test_MSG_protect_no_key_no_secret(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 0; + if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_MSG_protect_test, tear_down); + return result; +} + +static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, + fixture->msg)); +} + +static int test_MSG_add_extraCerts(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down); + return result; +} + +static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + STACK_OF(X509) *result = NULL; + int ret = 0; + + if (TEST_ptr(result = ossl_cmp_build_cert_chain(fixture->certs, + fixture->cert))) { + /* Check whether chain built is equal to the expected one */ + ret = TEST_int_eq(0, STACK_OF_X509_cmp(result, fixture->chain)); + sk_X509_pop_free(result, X509_free); + } + return ret; +} + +static int test_cmp_build_cert_chain(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->cert = endentity2; + if (!TEST_ptr(fixture->certs = sk_X509_new_null()) + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->certs, intermediate)) + || !TEST_true(sk_X509_push(fixture->chain, endentity2)) + || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); + return result; +} + +static int test_cmp_build_cert_chain_missing_intermediate(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->cert = endentity2; + if (!TEST_ptr(fixture->certs = sk_X509_new_null()) + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); + return result; +} + +static int test_cmp_build_cert_chain_missing_root(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->cert = endentity2; + if (!TEST_ptr(fixture->certs = sk_X509_new_null()) + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, intermediate)) + || !TEST_true(sk_X509_push(fixture->chain, endentity2)) + || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); + return result; +} + +static int test_cmp_build_cert_chain_no_certs(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->cert = endentity2; + if (!TEST_ptr(fixture->certs = sk_X509_new_null()) + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); + return result; +} + +static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) +{ + X509_STORE *store = X509_STORE_new(); + STACK_OF(X509) *sk = NULL; + int res = 0; + + if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, + fixture->certs, + fixture->callback_arg))) + goto err; + sk = ossl_cmp_X509_STORE_get1_certs(store); + if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) + goto err; + res = 1; + err: + X509_STORE_free(store); + sk_X509_pop_free(sk, X509_free); + return res; + +} + +static int test_X509_STORE(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->callback_arg = 0; /* self-signed allowed */ + if (!TEST_ptr(fixture->certs = sk_X509_new_null()) + || !sk_X509_push(fixture->certs, endentity1) + || !sk_X509_push(fixture->certs, endentity2) + || !sk_X509_push(fixture->certs, root) + || !sk_X509_push(fixture->certs, intermediate) + || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_X509_STORE_test, tear_down); + return result; +} + +static int test_X509_STORE_only_self_signed(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->certs = sk_X509_new_null(); + fixture->chain = sk_X509_new_null(); + fixture->callback_arg = 1; /* only self-signed */ + if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, endentity2)) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->certs, intermediate)) + || !TEST_true(sk_X509_push(fixture->chain, root))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_X509_STORE_test, tear_down); + return result; +} + + +void cleanup_tests(void) +{ + EVP_PKEY_free(loadedprivkey); + EVP_PKEY_free(loadedpubkey); + EVP_PKEY_free(loadedkey); + X509_free(cert); + X509_free(endentity1); + X509_free(endentity2); + X509_free(root); + X509_free(intermediate); + OSSL_CMP_MSG_free(ir_protected); + OSSL_CMP_MSG_free(ir_unprotected); + +} + +int setup_tests(void) +{ + char *server_f; + char *server_key_f; + char *server_cert_f; + char *endentity1_f; + char *endentity2_f; + char *root_f; + char *intermediate_f; + + RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); + if (!TEST_ptr(server_f = test_get_argument(0)) + || !TEST_ptr(ir_protected_f = test_get_argument(1)) + || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) + || !TEST_ptr(ip_PBM_f = test_get_argument(3)) + || !TEST_ptr(server_cert_f = test_get_argument(4)) + || !TEST_ptr(server_key_f = test_get_argument(5)) + || !TEST_ptr(endentity1_f = test_get_argument(6)) + || !TEST_ptr(endentity2_f = test_get_argument(7)) + || !TEST_ptr(root_f = test_get_argument(8)) + || !TEST_ptr(intermediate_f = test_get_argument(9))) { + TEST_error("usage: cmp_protect_test server.pem " + "IR_protected.der IR_unprotected.der IP_PBM.der " + "server.crt server.pem" + "EndEntity1.crt EndEntity2.crt " + "Root_CA.crt Intermediate_CA.crt\n"); + return 0; + } + if (!TEST_ptr(loadedkey = load_pem_key(server_key_f)) + || !TEST_ptr(cert = load_pem_cert(server_cert_f))) + return 0; + + if (!TEST_ptr(loadedprivkey = load_pem_key(server_f))) + return 0; + if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) + loadedpubkey = loadedprivkey; + if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) + return 0; + if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f)) + || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f)) + || !TEST_ptr(root = load_pem_cert(root_f)) + || !TEST_ptr(intermediate = load_pem_cert(intermediate_f))) + return 0; + if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) + return 0; + + /* Message protection tests */ + ADD_TEST(test_cmp_calc_protection_no_key_no_secret); + ADD_TEST(test_cmp_calc_protection_pkey); + ADD_TEST(test_cmp_calc_protection_pbmac); + + ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); + ADD_TEST(test_MSG_protect_with_certificate_and_key); + ADD_TEST(test_MSG_protect_certificate_based_without_cert); + ADD_TEST(test_MSG_protect_unprotected_request); + ADD_TEST(test_MSG_protect_no_key_no_secret); + + ADD_TEST(test_MSG_add_extraCerts); + + ADD_TEST(test_cmp_build_cert_chain); + ADD_TEST(test_cmp_build_cert_chain_missing_root); + ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); + ADD_TEST(test_cmp_build_cert_chain_no_certs); + + ADD_TEST(test_X509_STORE); + ADD_TEST(test_X509_STORE_only_self_signed); + + return 1; +} diff --git a/test/cmp_testlib.h b/test/cmp_testlib.h index 22b96bf113..96b577e46e 100644 --- a/test/cmp_testlib.h +++ b/test/cmp_testlib.h @@ -16,7 +16,7 @@ # include <openssl/pem.h> # include <openssl/rand.h> -#include "../crypto/cmp/cmp_local.h" +# include "../crypto/cmp/cmp_local.h" # include "testutil.h" diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t new file mode 100644 index 0000000000..e1b08ccfa2 --- /dev/null +++ b/test/recipes/65-test_cmp_msg.t @@ -0,0 +1,24 @@ +#! /usr/bin/env perl +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright Nokia 2007-2019 +# Copyright Siemens AG 2015-2019 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +setup("test_cmp_msg"); + +plan skip_all => "This test is not supported in a no-cmp build" + if disabled("cmp"); + +plan tests => 1; + +ok(run(test(["cmp_msg_test", + data_file("server.crt"), + data_file("pkcs10.der")]))); diff --git a/test/recipes/65-test_cmp_msg_data/pkcs10.der b/test/recipes/65-test_cmp_msg_data/pkcs10.der Binary files differnew file mode 100644 index 0000000000..510a4fc5b0 --- /dev/null +++ b/test/recipes/65-test_cmp_msg_data/pkcs10.der diff --git a/test/recipes/65-test_cmp_msg_data/server.crt b/test/recipes/65-test_cmp_msg_data/server.crt new file mode 100644 index 0000000000..ed1d43333e --- /dev/null +++ b/test/recipes/65-test_cmp_msg_data/server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t new file mode 100644 index 0000000000..cc36d2674d --- /dev/null +++ b/test/recipes/65-test_cmp_protect.t @@ -0,0 +1,35 @@ +#! /usr/bin/env perl +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright Nokia 2007-2019 +# Copyright Siemens AG 2015-2019 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +setup("test_cmp_protect"); + +plan skip_all => "This test is not supported in a no-cmp build" + if disabled("cmp"); + +plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +plan tests => 1; + +ok(run(test(["cmp_protect_test", + data_file("server.pem"), + data_file("IR_protected.der"), + data_file("IR_unprotected.der"), + data_file("IP_PBM.der"), + data_file("server.crt"), + data_file("server.pem"), + data_file("EndEntity1.crt"), + data_file("EndEntity2.crt"), + data_file("Root_CA.crt"), + data_file("Intermediate_CA.crt")]))); diff --git a/test/recipes/65-test_cmp_protect_data/EndEntity1.crt b/test/recipes/65-test_cmp_protect_data/EndEntity1.crt new file mode 100644 index 0000000000..4e05449889 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/EndEntity1.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICnDCCAYSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdSb290 +IENBMB4XDTE3MTEwODE1NDgwMFoXDTE4MTEwODExMTkwMFowETEPMA0GA1UEAxMG +Q2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNiWJufEotHe +p6E/4b0laX7K1NRamNoUokLIsq78RoBieBXaGxIdbT6zmhLnLmZdb0UN3v7FUP75 +rqPN2yyj3TbS4o5ilh5El8bDDAPhW5lthCddvH/uBziRAM5oIB4xxOumNbgHpLUT +Clh49sdXd4ydYpCTWld5emRouBmMUeP/0EkyWMBIrHGSBxrqtFVRXhxvVHImQv6Z +hIKql7dCVCZbhUtxw6sLxIGL4xlhKoM2o31k4I/9tjZrWSZZ7KAIOlOLrjxZc/bQ +MwvxVUgS+C+iXzhCY8v+N/K37jwtAAk4C1aOGv/VygNcN0C/ynfKSzFmtnfei4+3 +6GC7HtFzewIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB3GYpPSCCYsJM5owKcODr/ +I1aJ8jQ+u5jCKjvYLp6Cnbr4AbRXzvKuMyV6UfIAQbrGOxAClvX++5/ZQbhY+TxN +iiUM3yr5yYCLqj4MeYHhJ3gOzcppAO9LQ9V7eA8C830giZMm3cpApFSLP8CpwNUD +W/fgoQfaOae5IYPZdea88Gmt5RVNbtHgVqtm4ifTQo577kfxTeh20s+M6pgYW3/R +vftXy2ITEtk/j3NcRvOyZ7Bu1mAg7wNeUjL+gDWAaxs16LsWsCsUGwfr/Z2Rq1CF +zB0XwIyigkVLDLqDzUShcw0Eb/zYy2KXsxNWA2tb27mw+T+tmmOszpn7JjLrlVks +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_protect_data/EndEntity2.crt b/test/recipes/65-test_cmp_protect_data/EndEntity2.crt new file mode 100644 index 0000000000..ba06210794 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/EndEntity2.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB3zCCAZSgAwIBAgIBBjAKBggqhkjOPQQDAzAVMRMwEQYDVQQDEwpad2lzY2hl +bkNBMB4XDTE3MTEwODE2MDUwMFoXDTE4MTEwODExMTkwMFowEjEQMA4GA1UEAxMH +Q2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTYlibnxKLR +3qehP+G9JWl+ytTUWpjaFKJCyLKu/EaAYngV2hsSHW0+s5oS5y5mXW9FDd7+xVD+ ++a6jzdsso9020uKOYpYeRJfGwwwD4VuZbYQnXbx/7gc4kQDOaCAeMcTrpjW4B6S1 +EwpYePbHV3eMnWKQk1pXeXpkaLgZjFHj/9BJMljASKxxkgca6rRVUV4cb1RyJkL+ +mYSCqpe3QlQmW4VLccOrC8SBi+MZYSqDNqN9ZOCP/bY2a1kmWeygCDpTi648WXP2 +0DML8VVIEvgvol84QmPL/jfyt+48LQAJOAtWjhr/1coDXDdAv8p3yksxZrZ33ouP +t+hgux7Rc3sCAwEAAaMNMAswCQYDVR0TBAIwADAKBggqhkjOPQQDAwM5ADA2AhkA +qASBLwTauET6FGp/EBe7b/99jTyGB861AhkA5ILGkLX4KmjRkTcNxJ3JKB1Sumya +cbqF +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_protect_data/IP_PBM.der b/test/recipes/65-test_cmp_protect_data/IP_PBM.der Binary files differnew file mode 100644 index 0000000000..d0890712e6 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/IP_PBM.der diff --git a/test/recipes/65-test_cmp_protect_data/IP_PBM.txt b/test/recipes/65-test_cmp_protect_data/IP_PBM.txt new file mode 100644 index 0000000000..177f2601a3 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/IP_PBM.txt @@ -0,0 +1 @@ +Reference#: 3078Secret Value: insta
\ No newline at end of file diff --git a/test/recipes/65-test_cmp_protect_data/IR_protected.der b/test/recipes/65-test_cmp_protect_data/IR_protected.der Binary files differnew file mode 100644 index 0000000000..ce0a7a46dc --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/IR_protected.der diff --git a/test/recipes/65-test_cmp_protect_data/IR_unprotected.der b/test/recipes/65-test_cmp_protect_data/IR_unprotected.der Binary files differnew file mode 100644 index 0000000000..41a649691f --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/IR_unprotected.der diff --git a/test/recipes/65-test_cmp_protect_data/Intermediate_CA.crt b/test/recipes/65-test_cmp_protect_data/Intermediate_CA.crt new file mode 100644 index 0000000000..3416cdb959 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/Intermediate_CA.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCBv6ADAgECAgEFMA0GCSqGSIb3DQEBDQUAMBIxEDAOBgNVBAMTB1Jvb3Qg +Q0EwHhcNMTcxMTA4MTYwNDAwWhcNMTgxMTA4MTExOTAwWjAVMRMwEQYDVQQDEwpa +d2lzY2hlbkNBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE9bJcmZWj2CmO6aW8 +9Qylkj1WgPREf9/s4Z1VYqFODeJnebPXFBLVH/aoGxnds9E9oxAwDjAMBgNVHRME +BTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBwQD4NTIWMMevEsSrBpKjjQEWc81Ct +eXoyAXr/d8wgVyuIZe9C7ekxPQCwowcmONUyeYQv9N2eYpdhkAQuk6DS4+aDR4s7 +I6rg5R5CUGGla5NUxM0BKIS3ZIezvEGlP1NFN+HBgJI7ZIIYQ3zDr0EYgo4J7Xvm +5p58pcCZSsbVyKwKs6T+rTzOVVmJ2L1bWzywZEDmzxMkPmA6fP9XtB4Kx/b4oviw +TEQl3Jf9EkBvBkKX2rRJs7aMJo4MwOnE4HHOV5GAQqhGrXltsuXmVfIQPtRN4xlK +oNf/FukI1NcBh4A/iY4PmbyxHYmKy6qjFjng2u2VFtH15HDT4XlLP5gq +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_protect_data/Root_CA.crt b/test/recipes/65-test_cmp_protect_data/Root_CA.crt new file mode 100644 index 0000000000..6ccf362546 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/Root_CA.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZegAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdSb290 +IENBMB4XDTE3MTEwODE1NDUwMFoXDTE4MTEwODExMTkwMFowEjEQMA4GA1UEAxMH +Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiHdLAD2Wu+ +C5UDMK6WCL53Wz0CeU61RRRlGEVSqHrQOWnffgVutgftzsddxxgJJyGsqKo1B+nQ +vapyJyugYJWYNQLN5+iffe4y1UBPnHMQFHiZ4cNR6PB0eHja2wpcN3QmJzOcpRYE +xf+QQwJNFqhRi0cZGfd/JfFi/ybJalqClbnYMPcJo7g6S7M3lWbOnEOUWnbM2EBp +h849mC+kd80vXcRcb7U/3MJKK3Ee72TDye5/kWFf9zcxj2ac0oCiS66JKYobiVJr +NmbGM0I9U6T6ejXVUu2J3pGUFlcf3RCUYf1aWhkmzEzbm/FGMRJ7vVyCXm/OWIh9 +bqtwH5YfljsCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC +AQEAF7tSa9oVan7kPR5/TXB330Ca1xQt5C38afaJbacR9mM8ZkL0HceQTuJGrnAR +4kK7CaB5iraU6Lxyql7drq8aixz/7TXna6c172J6HxDeFhQMeSt1LAh7XN5Ir6Y6 +iO7XD5I5lw3Xv6qvhoD0ktkNk/WtF7aBw2ZAi+RcDMgWzWjoS4WqMbvWEHw10j9b +s8R0YG4yi6wb89UNIMfQtC2XviHKcRS9MzIJQHw73r2EY2t6o9TO+5ukHYDB6/Zo +/CLXu21MzsFvhupHgX6zdptU324tq2za1+4LvmOHSW+D36jEPT22SndXmHo5VmAn +6bQ52MhBI0rrWwju9aBpVzsUUg== +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_protect_data/server.crt b/test/recipes/65-test_cmp_protect_data/server.crt new file mode 100644 index 0000000000..ed1d43333e --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_protect_data/server.pem b/test/recipes/65-test_cmp_protect_data/server.pem new file mode 100644 index 0000000000..2324266798 --- /dev/null +++ b/test/recipes/65-test_cmp_protect_data/server.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZA +JHnq0ypW/PZccrWjo7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVV +pLicMnItNFElfCohBzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuW +q/vWW9r96/gBKKddmj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SO +Zf9bH1olBVsmBMsUshFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6Gv +Z/i5KOhaqgJCnRKdHHzijz9cLec5p9NSOuC1OwIDAQABAoIBAGiYVO+rIfqc38jG +sMxJED2NSBFnvE7k2LoeEgktBA0daxQgziYXtIkOXC3jkwAw1RXLuGH5RTDuJt3/ +LX6nsCW3NCCB6lTGERNaJyKg4dLHpzA+juY3/2P/MKHD1bGncpV7jNk2fpV7gBY1 +pu0wld1Oi+S3DPCaxs3w6Zl39Y4Z7oSNf6DRO5lGN3Asc8TSVjIOWpAl8LIg+P2B +ZvFeHRANVXaV9YmF2uEi7iMgH4vGrK2svsmM9VThVO4ArGcTRTvGYn7aw3/H4Pt+ +lYuhERdpkKBT0tCgIpO5IJXMl4/5RSDTtcBwiJcReN5IHUAItBIPSHcMflNSKG/I +aQf4u0ECgYEA8+PAyzn096Y2UrKzE75yuadCveLjsUWx2NN5ZMohQru99F4k7Pab +/Te4qOe5zlxHAPK3LRwvbwUWo5mLfs45wFrSgZoRlYcCuL+JaX0y2oXMMF9E+UkY +tljMt/HpLo1SfSjN2Sae4LVhC7rWJ43LtyRepptzBPGqd26eLPGAMr8CgYEA7P8u +RGkMOrMzEKAb0A9smrzq2xW88T1VejqEt6R8mUcNt8PFHMgjuzVU4zDysrlb7G/0 +VSkQWnJxBh1yNGc1Av7YgwicIgApr4ty0hZhLcnKX2VrNw+L/sSe/cnwVAc6RtPK +RR6xQubuLlrCGcbYXmyn5Jv+nlY0S3uCyDFHqIUCgYAwtpLxhJf7RwWeqva9wNJl +ZpUcHE9iPwtwxXx/tyfBjoI4Zv11HyS1BQYrJm2kXCYKeHBB4FlREXEeKDMGluZO +F1XocP+GIDtY71jg6xLXNtY76yt5pzH6ae4p53WtyKhrO1UyRFaDh3bkwuK3b8j6 +wZbuLCpjGGn2BPAvBeWXPQKBgEewKN6op/pZmmi9Bay5/bAQ1TnQKYcPdnuyl9K0 +/ruespeTsFw0bhqC11qhw8gsKZIri0z3TusNEwM2hQU08uQlEnkQcaoXQoTHOcQy +4NJo575Tf0r4ePBnqXA7VWcViJtEFTszPYtvLzz2VyBU9b4aP+73AN4EVW0/vx+v +SG3BAoGBAMzESFA2TXwUFmozK5zowIszc995Xqpi7mXKk77WESOpoS1dQ1wF1dSg +XOwxzFoYovLxcc1K9lqOrod8BV+qGuEfc/PIJ2aiXjvEDeZYX2eWaANNmj4OSLoJ +MNYj9tZxbq56slD7snf7AgUBnwKz0Pj6H6UsbE3gdJqZWCDyw/bB +-----END RSA PRIVATE KEY----- |