diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-10 10:29:46 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-10 16:09:44 +0100 |
| commit | 62dcd2aa17b27b7892ad62540f9034c9192f6530 (patch) | |
| tree | edaeb955151ff3c43c7d6a33b5f6047bd05e637c /test | |
| parent | da42c2a3d752628e15b47aa7511e7044745080cb (diff) | |
Chunk 8 of CMP contribution to OpenSSL: CMP server and cmp_mock_srv.c for testing
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11142)
Diffstat (limited to 'test')
| -rw-r--r-- | test/build.info | 9 | ||||
| -rw-r--r-- | test/cmp_ctx_test.c | 1 | ||||
| -rw-r--r-- | test/cmp_hdr_test.c | 4 | ||||
| -rw-r--r-- | test/cmp_msg_test.c | 10 | ||||
| -rw-r--r-- | test/cmp_server_test.c | 160 | ||||
| -rw-r--r-- | test/cmp_status_test.c | 16 | ||||
| -rw-r--r-- | test/cmp_vfy_test.c | 10 | ||||
| -rw-r--r-- | test/recipes/65-test_cmp_server.t | 26 | ||||
| -rw-r--r-- | test/recipes/65-test_cmp_server_data/CR_protected_PBM_1234.der | bin | 0 -> 420 bytes |
9 files changed, 215 insertions, 21 deletions
diff --git a/test/build.info b/test/build.info index 1573087c28..fcf2ac57ac 100644 --- a/test/build.info +++ b/test/build.info @@ -438,7 +438,8 @@ IF[{- !$disabled{tests} -}] IF[{- !$disabled{cmp} -}] PROGRAMS{noinst}=cmp_asn_test cmp_ctx_test cmp_status_test cmp_hdr_test \ - cmp_protect_test cmp_msg_test cmp_vfy_test + cmp_protect_test cmp_msg_test cmp_vfy_test \ + cmp_server_test ENDIF SOURCE[cmp_asn_test]=cmp_asn_test.c cmp_testlib.c @@ -465,10 +466,14 @@ IF[{- !$disabled{tests} -}] INCLUDE[cmp_msg_test]=.. ../include ../apps/include DEPEND[cmp_msg_test]=../libcrypto.a libtestutil.a - SOURCE[cmp_vfy_test]=cmp_status_test.c cmp_testlib.c + SOURCE[cmp_vfy_test]=cmp_vfy_test.c cmp_testlib.c INCLUDE[cmp_vfy_test]=.. ../include ../apps/include DEPEND[cmp_vfy_test]=../libcrypto.a libtestutil.a + SOURCE[cmp_server_test]=cmp_server_test.c cmp_testlib.c + INCLUDE[cmp_server_test]=.. ../include ../apps/include + DEPEND[cmp_server_test]=../libcrypto.a libtestutil.a + # Internal test programs. These are essentially a collection of internal # test routines. Some of them need to reach internal symbols that aren't # available through the shared library (at least on Linux, Solaris, Windows diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 26c65778b9..903e204622 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -118,6 +118,7 @@ static int msg_total_size_log_cb(const char *func, const char *file, int line, OSSL_CMP_severity level, const char *msg) { msg_total_size += strlen(msg); + TEST_note("total=%d len=%ld msg='%s'\n", msg_total_size, strlen(msg), msg); return 1; } diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index c12b72f29e..25d0dad9f6 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -350,9 +350,9 @@ static int execute_HDR_set_and_check_implicitConfirm_test(CMP_HDR_TEST_FIXTURE * fixture) { - return TEST_false(ossl_cmp_hdr_check_implicitConfirm(fixture->hdr)) + return TEST_false(ossl_cmp_hdr_has_implicitConfirm(fixture->hdr)) && TEST_true(ossl_cmp_hdr_set_implicitConfirm(fixture->hdr)) - && TEST_true(ossl_cmp_hdr_check_implicitConfirm(fixture->hdr)); + && TEST_true(ossl_cmp_hdr_has_implicitConfirm(fixture->hdr)); } static int test_HDR_set_and_check_implicit_confirm(void) diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index 8f95865869..3919480610 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -91,8 +91,7 @@ static int execute_errormsg_create_test(CMP_MSG_TEST_FIXTURE *fixture) { EXECUTE_MSG_CREATION_TEST(ossl_cmp_error_new(fixture->cmp_ctx, fixture->si, fixture->err_code, - NULL /* fixture->free_text */, - 0)); + "details", 0)); } static int execute_rr_create_test(CMP_MSG_TEST_FIXTURE *fixture) @@ -317,7 +316,7 @@ static int test_cmp_create_certconf_fail_info_max(void) static int test_cmp_create_error_msg(void) { SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); - fixture->si = ossl_cmp_statusinfo_new(OSSL_CMP_PKISTATUS_rejection, + fixture->si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, OSSL_CMP_PKIFAILUREINFO_systemFailure, NULL); fixture->err_code = -1; @@ -419,7 +418,7 @@ static int test_cmp_create_certrep(void) static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) { - OSSL_CMP_PKISI *si = ossl_cmp_statusinfo_new(33, 44, "a text"); + OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text"); X509_NAME *issuer = X509_NAME_new(); ASN1_INTEGER *serial = ASN1_INTEGER_new(); OSSL_CRMF_CERTID *cid = NULL; @@ -439,8 +438,7 @@ static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) if (!TEST_ptr(ossl_cmp_revrepcontent_get_CertId(rpmsg->body->value.rp, 0))) goto err; - if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkistatusinfo(rpmsg->body-> - value.rp, 0))) + if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkisi(rpmsg->body->value.rp, 0))) goto err; res = 1; diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c new file mode 100644 index 0000000000..13159299e9 --- /dev/null +++ b/test/cmp_server_test.c @@ -0,0 +1,160 @@ +/* + * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2020 + * Copyright Siemens AG 2015-2020 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cmp_testlib.h" + +typedef struct test_fixture { + const char *test_case_name; + int expected; + OSSL_CMP_SRV_CTX *srv_ctx; + OSSL_CMP_MSG *req; +} CMP_SRV_TEST_FIXTURE; + +static OSSL_CMP_MSG *request = NULL; + +static void tear_down(CMP_SRV_TEST_FIXTURE *fixture) +{ + OSSL_CMP_SRV_CTX_free(fixture->srv_ctx); + OPENSSL_free(fixture); +} + +static CMP_SRV_TEST_FIXTURE *set_up(const char *const test_case_name) +{ + CMP_SRV_TEST_FIXTURE *fixture; + + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + return NULL; + fixture->test_case_name = test_case_name; + if (!TEST_ptr(fixture->srv_ctx = OSSL_CMP_SRV_CTX_new())) + goto err; + return fixture; + + err: + tear_down(fixture); + return NULL; +} + +static int dummy_errorCode = CMP_R_MULTIPLE_SAN_SOURCES; /* any reason code */ + +static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *cert_req, + int certReqId, + const OSSL_CRMF_MSG *crm, + const X509_REQ *p10cr, + X509 **certOut, + STACK_OF(X509) **chainOut, + STACK_OF(X509) **caPubs) +{ + CMPerr(0, dummy_errorCode); + return NULL; +} + +static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture) +{ + OSSL_CMP_SRV_CTX *ctx = fixture->srv_ctx; + OSSL_CMP_CTX *client_ctx; + OSSL_CMP_CTX *cmp_ctx; + char *dummy_custom_ctx = "@test_dummy", *custom_ctx; + OSSL_CMP_MSG *rsp = NULL; + OSSL_CMP_ERRORMSGCONTENT *errorContent; + int res = 0; + + if (!TEST_ptr(client_ctx = OSSL_CMP_CTX_new()) + || !TEST_true(OSSL_CMP_CTX_set_transfer_cb_arg(client_ctx, ctx))) + goto end; + + if (!TEST_true(OSSL_CMP_SRV_CTX_init(ctx, dummy_custom_ctx, + process_cert_request, NULL, NULL, + NULL, NULL, NULL)) + || !TEST_ptr(custom_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(ctx)) + || !TEST_int_eq(strcmp(custom_ctx, dummy_custom_ctx), 0)) + goto end; + + if (!TEST_true(OSSL_CMP_SRV_CTX_set_send_unprotected_errors(ctx, 0)) + || !TEST_true(OSSL_CMP_SRV_CTX_set_accept_unprotected(ctx, 0)) + || !TEST_true(OSSL_CMP_SRV_CTX_set_accept_raverified(ctx, 1)) + || !TEST_true(OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(ctx, 1))) + goto end; + + if (!TEST_ptr(cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(ctx)) + || !OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, + (unsigned char *)"server", 6) + || !OSSL_CMP_CTX_set1_secretValue(cmp_ctx, + (unsigned char *)"1234", 4)) + goto end; + + if (!TEST_ptr(rsp = OSSL_CMP_CTX_server_perform(client_ctx, fixture->req)) + || !TEST_int_eq(ossl_cmp_msg_get_bodytype(rsp), + OSSL_CMP_PKIBODY_ERROR) + || !TEST_ptr(errorContent = rsp->body->value.error) + || !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode), + dummy_errorCode)) + goto end; + + res = 1; + + end: + OSSL_CMP_MSG_free(rsp); + OSSL_CMP_CTX_free(client_ctx); + return res; +} + +static int test_handle_request(void) +{ + SETUP_TEST_FIXTURE(CMP_SRV_TEST_FIXTURE, set_up); + fixture->req = request; + fixture->expected = 1; + EXECUTE_TEST(execute_test_handle_request, tear_down); + return result; +} + +void cleanup_tests(void) +{ + OSSL_CMP_MSG_free(request); + return; +} + +int setup_tests(void) +{ + const char *request_f; + + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + + if (!TEST_ptr(request_f = test_get_argument(0))) { + TEST_error("usage: cmp_server_test CR_protected_PBM_1234.der\n"); + return 0; + } + + if (!TEST_ptr(request = load_pkimsg(request_f))) { + cleanup_tests(); + return 0; + } + + /* + * this (indirectly) calls + * OSSL_CMP_SRV_CTX_new(), + * OSSL_CMP_SRV_CTX_free(), + * OSSL_CMP_CTX_server_perform(), + * OSSL_CMP_SRV_process_request(), + * OSSL_CMP_SRV_CTX_init(), + * OSSL_CMP_SRV_CTX_get0_cmp_ctx(), + * OSSL_CMP_SRV_CTX_get0_custom_ctx(), + * OSSL_CMP_SRV_CTX_set_send_unprotected_errors(), + * OSSL_CMP_SRV_CTX_set_accept_unprotected(), + * OSSL_CMP_SRV_CTX_set_accept_raverified(), and + * OSSL_CMP_SRV_CTX_set_grant_implicit_confirm() + */ + ADD_TEST(test_handle_request); + return 1; +} diff --git a/test/cmp_status_test.c b/test/cmp_status_test.c index 7311c2e444..15cd6a5fd0 100644 --- a/test/cmp_status_test.c +++ b/test/cmp_status_test.c @@ -45,18 +45,18 @@ static int execute_PKISI_test(CMP_STATUS_TEST_FIXTURE *fixture) ASN1_UTF8STRING *statusString = NULL; int res = 0, i; - if (!TEST_ptr(si = ossl_cmp_statusinfo_new(fixture->pkistatus, + if (!TEST_ptr(si = OSSL_CMP_STATUSINFO_new(fixture->pkistatus, fixture->pkifailure, fixture->text))) goto end; - status = ossl_cmp_pkisi_get_pkistatus(si); + status = ossl_cmp_pkisi_get_status(si); if (!TEST_int_eq(fixture->pkistatus, status) || !TEST_str_eq(fixture->str, ossl_cmp_PKIStatus_to_string(status))) goto end; if (!TEST_ptr(statusString = - sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusstring(si), + sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si), 0)) || !TEST_str_eq(fixture->text, (char *)statusString->data)) goto end; @@ -66,7 +66,7 @@ static int execute_PKISI_test(CMP_STATUS_TEST_FIXTURE *fixture) goto end; for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) if (!TEST_int_eq((fixture->pkifailure >> i) & 1, - ossl_cmp_pkisi_pkifailureinfo_check(si, i))) + ossl_cmp_pkisi_check_pkifailureinfo(si, i))) goto end; res = 1; @@ -99,12 +99,12 @@ int setup_tests(void) { /*- * this tests all of: - * ossl_cmp_statusinfo_new() - * ossl_cmp_pkisi_get_pkistatus() + * OSSL_CMP_STATUSINFO_new() + * ossl_cmp_pkisi_get_status() * ossl_cmp_PKIStatus_to_string() - * ossl_cmp_pkisi_get0_statusstring() + * ossl_cmp_pkisi_get0_statusString() * ossl_cmp_pkisi_get_pkifailureinfo() - * ossl_cmp_pkisi_pkifailureinfo_check() + * ossl_cmp_pkisi_check_pkifailureinfo() */ ADD_TEST(test_PKISI); return 1; diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 41ddad86ba..f52efa9855 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -69,7 +69,7 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name) return NULL; } X509_VERIFY_PARAM_set_time(X509_STORE_get0_param(ts), test_time_valid); - X509_STORE_set_verify_cb(ts, OSSL_CMP_print_cert_verify_cb); + X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb); return fixture; } @@ -437,8 +437,7 @@ static void setup_check_received(CMP_VFY_TEST_FIXTURE **fixture, int expected, nonce_data, nonce_len))) { tear_down((*fixture)); (*fixture) = NULL; - } - else if (trid_data != NULL) { + } else if (trid_data != NULL) { ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new(); if (trid == NULL || !ASN1_OCTET_STRING_set(trid, trid_data, @@ -549,6 +548,11 @@ int setup_tests(void) ts.tm_year += 10; /* February 18th 2028 */ test_time_after_expiration = mktime(&ts); + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); if (!TEST_ptr(server_f = test_get_argument(0)) || !TEST_ptr(client_f = test_get_argument(1)) diff --git a/test/recipes/65-test_cmp_server.t b/test/recipes/65-test_cmp_server.t new file mode 100644 index 0000000000..87dbdb10b2 --- /dev/null +++ b/test/recipes/65-test_cmp_server.t @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright Nokia 2007-2020 +# Copyright Siemens AG 2015-2020 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +setup("test_cmp_server"); + +plan skip_all => "This test is not supported in a no-cmp build" + if disabled("cmp"); + +plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +plan tests => 1; + +ok(run(test(["cmp_server_test", + data_file("CR_protected_PBM_1234.der")]))); diff --git a/test/recipes/65-test_cmp_server_data/CR_protected_PBM_1234.der b/test/recipes/65-test_cmp_server_data/CR_protected_PBM_1234.der Binary files differnew file mode 100644 index 0000000000..fc1c0aff9b --- /dev/null +++ b/test/recipes/65-test_cmp_server_data/CR_protected_PBM_1234.der |