mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
a173cc9c38
openssl/test/cmp_vfy_test.c
Dr. David von Oheimb 62dcd2aa17 Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing 
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
2020-03-10 16:09:44 +01:00

641 lines
22 KiB
C
Raw Blame History

/*
* Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cmp_testlib.h"
#include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */
static const char *server_f;
static const char *client_f;
static const char *endentity1_f;
static const char *endentity2_f;
static const char *root_f;
static const char *intermediate_f;
static const char *ir_protected_f;
static const char *ir_unprotected_f;
static const char *ir_rmprotection_f;
static const char *ip_waiting_f;
static const char *instacert_f;
static const char *instaca_f;
static const char *ir_protected_0_extracerts;
static const char *ir_protected_2_extracerts;
typedef struct test_fixture {
const char *test_case_name;
int expected;
OSSL_CMP_CTX *cmp_ctx;
OSSL_CMP_MSG *msg;
X509 *cert;
ossl_cmp_allow_unprotected_cb_t allow_unprotected_cb;
int additional_arg;
} CMP_VFY_TEST_FIXTURE;
static void tear_down(CMP_VFY_TEST_FIXTURE *fixture)
{
OSSL_CMP_MSG_free(fixture->msg);
OSSL_CMP_CTX_free(fixture->cmp_ctx);
OPENSSL_free(fixture);
}
static int print_to_bio_out(const char *func, const char *file, int line,
OSSL_CMP_severity level, const char *msg)
{
return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg);
}
static time_t test_time_valid = 0, test_time_after_expiration = 0;
static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
{
X509_STORE *ts = X509_STORE_new();
CMP_VFY_TEST_FIXTURE *fixture;
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
return NULL;
fixture->test_case_name = test_case_name;
if (ts == NULL
|| !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())
|| !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts)
|| !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
tear_down(fixture);
X509_STORE_free(ts);
return NULL;
}
X509_VERIFY_PARAM_set_time(X509_STORE_get0_param(ts), test_time_valid);
X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb);
return fixture;
}
static X509 *srvcert = NULL;
static X509 *clcert = NULL;
/* chain */
static X509 *endentity1 = NULL, *endentity2 = NULL,
*intermediate = NULL, *root = NULL;
/* INSTA chain */
static X509 *insta_cert = NULL, *instaca_cert = NULL;
static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection;
static int flip_bit(ASN1_BIT_STRING *bitstr)
{
int bit_num = 7;
int bit = ASN1_BIT_STRING_get_bit(bitstr, bit_num);
return ASN1_BIT_STRING_set_bit(bitstr, bit_num, !bit);
}
static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
{
if ((fixture->msg = load_pkimsg(ir_protected_f)) == NULL)
return 0;
if (fixture->expected == 0) {
const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0);
if (req == NULL || !flip_bit(req->popo->value.signature->signature))
return 0;
}
return TEST_int_eq(fixture->expected,
ossl_cmp_verify_popo(fixture->msg,
fixture->additional_arg));
}
static int test_verify_popo(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
EXECUTE_TEST(execute_verify_popo_test, tear_down);
return result;
}
static int test_verify_popo_bad(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
EXECUTE_TEST(execute_verify_popo_test, tear_down);
return result;
}
static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture)
{
return TEST_int_eq(fixture->expected,
OSSL_CMP_validate_msg(fixture->cmp_ctx, fixture->msg));
}
static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
{
X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
int res = TEST_int_eq(fixture->expected,
OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
ts, fixture->cert));
OSSL_CMP_CTX_print_errors(fixture->cmp_ctx);
return res;
}
static int test_validate_msg_mac_alg_protection(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
/* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */
const unsigned char sec_1[] = {
'9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
'Q', '-', 'u', 'd', 'N', 'R'
};
fixture->expected = 1;
if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
sizeof(sec_1)))
|| !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_mac_alg_protection_bad(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
const unsigned char sec_bad[] = {
'9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3',
'Q', '-', 'u', 'd', 'N', 'r'
};
fixture->expected = 0;
if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
sizeof(sec_bad)))
|| !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
{
return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trustedStore(ctx), cert);
}
static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
{
return ossl_cmp_sk_X509_add1_cert(OSSL_CMP_CTX_get0_untrusted_certs(ctx),
cert, 0, 0);
}
static int test_validate_msg_signature_partial_chain(int expired)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
fixture->expected = !expired;
if (ts == NULL
|| !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
|| !add_trusted(fixture->cmp_ctx, srvcert)) {
tear_down(fixture);
fixture = NULL;
} else {
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
if (expired)
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_trusted_ok(void)
{
return test_validate_msg_signature_partial_chain(0);
}
static int test_validate_msg_signature_trusted_expired(void)
{
return test_validate_msg_signature_partial_chain(1);
}
static int test_validate_msg_signature_srvcert_wrong(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
|| !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_srvcert(int bad_sig)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = !bad_sig;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
|| !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
|| (bad_sig && !flip_bit(fixture->msg->protection))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_bad(void)
{
return test_validate_msg_signature_srvcert(1);
}
static int test_validate_msg_signature_sender_cert_srvcert(void)
{
return test_validate_msg_signature_srvcert(0);
}
static int test_validate_msg_signature_sender_cert_untrusted(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))
|| !add_trusted(fixture->cmp_ctx, instaca_cert)
|| !add_untrusted(fixture->cmp_ctx, insta_cert)) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_sender_cert_trusted(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))
|| !add_trusted(fixture->cmp_ctx, instaca_cert)
|| !add_trusted(fixture->cmp_ctx, insta_cert)) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_sender_cert_extracert(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts))
|| !add_trusted(fixture->cmp_ctx, instaca_cert)) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_sender_cert_absent(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_with_sender(X509_NAME *name, int expected)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = expected;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
|| !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name))
|| !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static int test_validate_msg_signature_expected_sender(void)
{
return test_validate_with_sender(X509_get_subject_name(srvcert), 1);
}
static int test_validate_msg_signature_unexpected_sender(void)
{
return test_validate_with_sender(X509_get_subject_name(root), 0);
}
static int test_validate_msg_unprotected_request(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))) {
tear_down(fixture);
fixture = NULL;
}
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
{
(*fixture)->cert = endentity2;
(*fixture)->expected = wrong == NULL && !expired;
if (expired) {
X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore((*fixture)->cmp_ctx);
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
}
if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
|| !add_untrusted((*fixture)->cmp_ctx, endentity1)
|| !add_untrusted((*fixture)->cmp_ctx, intermediate)) {
tear_down((*fixture));
(*fixture) = NULL;
}
}
static int test_validate_cert_path_ok(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_path(&fixture, NULL, 0);
EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
return result;
}
static int test_validate_cert_path_wrong_anchor(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_path(&fixture, srvcert /* wrong/non-root cert */, 0);
EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
return result;
}
static int test_validate_cert_path_expired(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_path(&fixture, NULL, 1);
EXECUTE_TEST(execute_validate_cert_path_test, tear_down);
return result;
}
static int execute_MSG_check_received_test(CMP_VFY_TEST_FIXTURE *fixture)
{
const OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(fixture->msg);
const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr);
if (!TEST_int_eq(fixture->expected,
ossl_cmp_msg_check_received(fixture->cmp_ctx,
fixture->msg,
fixture->allow_unprotected_cb,
fixture->additional_arg)))
return 0;
if (fixture->expected < 0) /* error expected aready during above check */
return 1;
return
TEST_int_eq(0,
ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr),
fixture->cmp_ctx->recipNonce))
&& TEST_int_eq(0,
ASN1_OCTET_STRING_cmp(tid,
fixture->cmp_ctx->transactionID));
}
static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
int invalid_protection, int allow)
{
return allow;
}
static void setup_check_received(CMP_VFY_TEST_FIXTURE **fixture, int expected,
ossl_cmp_allow_unprotected_cb_t cb, int arg,
const unsigned char *trid_data,
const unsigned char *nonce_data)
{
OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx;
int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH;
(*fixture)->expected = expected;
(*fixture)->allow_unprotected_cb = cb;
(*fixture)->additional_arg = arg;
(*fixture)->msg = OSSL_CMP_MSG_dup(ir_rmprotection);
if ((*fixture)->msg == NULL
|| (nonce_data != NULL
&& !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce,
nonce_data, nonce_len))) {
tear_down((*fixture));
(*fixture) = NULL;
} else if (trid_data != NULL) {
ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
if (trid == NULL
|| !ASN1_OCTET_STRING_set(trid, trid_data,
OSSL_CMP_TRANSACTIONID_LENGTH)
|| !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) {
tear_down((*fixture));
(*fixture) = NULL;
}
ASN1_OCTET_STRING_free(trid);
}
}
static int test_MSG_check_received_no_protection_no_cb(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, -1, NULL, 0, NULL, NULL);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
static int test_MSG_check_received_no_protection_restrictive_cb(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, -1, allow_unprotected, 0, NULL, NULL);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
static int test_MSG_check_received_no_protection_permissive_cb(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, OSSL_CMP_PKIBODY_IP, allow_unprotected, 1,
NULL, NULL);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
static int test_MSG_check_received_check_transaction_id(void)
{
/* Transaction id belonging to CMP_IR_rmprotection.der */
const unsigned char trans_id[OSSL_CMP_TRANSACTIONID_LENGTH] = {
0x39, 0xB6, 0x90, 0x28, 0xC4, 0xBC, 0x7A, 0xF6,
0xBE, 0xC6, 0x4A, 0x88, 0x97, 0xA6, 0x95, 0x0B
};
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, OSSL_CMP_PKIBODY_IP, allow_unprotected, 1,
trans_id, NULL);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
static int test_MSG_check_received_check_transaction_id_bad(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, -1, allow_unprotected, 1, rand_data, NULL);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
static int test_MSG_check_received_check_recipient_nonce(void)
{
/* Recipient nonce belonging to CMP_IP_ir_rmprotection.der */
const unsigned char rec_nonce[OSSL_CMP_SENDERNONCE_LENGTH] = {
0x48, 0xF1, 0x71, 0x1F, 0xE5, 0xAF, 0x1C, 0x8B,
0x21, 0x97, 0x5C, 0x84, 0x74, 0x49, 0xBA, 0x32
};
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, OSSL_CMP_PKIBODY_IP, allow_unprotected, 1,
NULL, rec_nonce);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
static int test_MSG_check_received_check_recipient_nonce_bad(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
setup_check_received(&fixture, -1, allow_unprotected, 1, NULL, rand_data);
EXECUTE_TEST(execute_MSG_check_received_test, tear_down);
return result;
}
void cleanup_tests(void)
{
X509_free(srvcert);
X509_free(clcert);
X509_free(endentity1);
X509_free(endentity2);
X509_free(intermediate);
X509_free(root);
X509_free(insta_cert);
X509_free(instaca_cert);
OSSL_CMP_MSG_free(ir_unprotected);
OSSL_CMP_MSG_free(ir_rmprotection);
return;
}
int setup_tests(void)
{
/* Set test time stamps */
struct tm ts = { 0 };
ts.tm_year = 2018 - 1900; /* 2018 */
ts.tm_mon = 1; /* February */
ts.tm_mday = 18; /* 18th */
test_time_valid = mktime(&ts); /* February 18th 2018 */
ts.tm_year += 10; /* February 18th 2028 */
test_time_after_expiration = mktime(&ts);
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
}
RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
if (!TEST_ptr(server_f = test_get_argument(0))
|| !TEST_ptr(client_f = test_get_argument(1))
|| !TEST_ptr(endentity1_f = test_get_argument(2))
|| !TEST_ptr(endentity2_f = test_get_argument(3))
|| !TEST_ptr(root_f = test_get_argument(4))
|| !TEST_ptr(intermediate_f = test_get_argument(5))
|| !TEST_ptr(ir_protected_f = test_get_argument(6))
|| !TEST_ptr(ir_unprotected_f = test_get_argument(7))
|| !TEST_ptr(ip_waiting_f = test_get_argument(8))
|| !TEST_ptr(ir_rmprotection_f = test_get_argument(9))
|| !TEST_ptr(instacert_f = test_get_argument(10))
|| !TEST_ptr(instaca_f = test_get_argument(11))
|| !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
|| !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
TEST_error("usage: cmp_vfy_test server.crt client.crt "
"EndEntity1.crt EndEntity2.crt "
"Root_CA.crt Intermediate_CA.crt "
"CMP_IR_protected.der CMP_IR_unprotected.der "
"IP_waitingStatus_PBM.der IR_rmprotection.der "
"insta.cert.pem insta_ca.cert.pem "
"IR_protected_0_extraCerts.der "
"IR_protected_2_extraCerts.der\n");
return 0;
}
/* Load certificates for cert chain */
if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f))
|| !TEST_ptr(endentity2 = load_pem_cert(endentity2_f))
|| !TEST_ptr(root = load_pem_cert(root_f))
|| !TEST_ptr(intermediate = load_pem_cert(intermediate_f)))
goto err;
if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f))
|| !TEST_ptr(instaca_cert = load_pem_cert(instaca_f)))
goto err;
/* Load certificates for message validation */
if (!TEST_ptr(srvcert = load_pem_cert(server_f))
|| !TEST_ptr(clcert = load_pem_cert(client_f)))
goto err;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
goto err;
if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))
|| !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f)))
goto err;
/* Message validation tests */
ADD_TEST(test_verify_popo);
ADD_TEST(test_verify_popo_bad);
ADD_TEST(test_validate_msg_signature_trusted_ok);
ADD_TEST(test_validate_msg_signature_trusted_expired);
ADD_TEST(test_validate_msg_signature_srvcert_wrong);
ADD_TEST(test_validate_msg_signature_bad);
ADD_TEST(test_validate_msg_signature_sender_cert_srvcert);
ADD_TEST(test_validate_msg_signature_sender_cert_untrusted);
ADD_TEST(test_validate_msg_signature_sender_cert_trusted);
ADD_TEST(test_validate_msg_signature_sender_cert_extracert);
ADD_TEST(test_validate_msg_signature_sender_cert_absent);
ADD_TEST(test_validate_msg_signature_expected_sender);
ADD_TEST(test_validate_msg_signature_unexpected_sender);
ADD_TEST(test_validate_msg_unprotected_request);
ADD_TEST(test_validate_msg_mac_alg_protection);
ADD_TEST(test_validate_msg_mac_alg_protection_bad);
/* Cert path validation tests */
ADD_TEST(test_validate_cert_path_ok);
ADD_TEST(test_validate_cert_path_expired);
ADD_TEST(test_validate_cert_path_wrong_anchor);
ADD_TEST(test_MSG_check_received_no_protection_no_cb);
ADD_TEST(test_MSG_check_received_no_protection_restrictive_cb);
ADD_TEST(test_MSG_check_received_no_protection_permissive_cb);
ADD_TEST(test_MSG_check_received_check_transaction_id);
ADD_TEST(test_MSG_check_received_check_transaction_id_bad);
ADD_TEST(test_MSG_check_received_check_recipient_nonce);
ADD_TEST(test_MSG_check_received_check_recipient_nonce_bad);
return 1;
err:
cleanup_tests();
return 0;
}
Reference in New Issue View Git Blame Copy Permalink