1 /* tests/test_scep.c */
2
3 #include <check.h>
4 #include <stdlib.h>
5 #include "scep.h"
6
7 SCEP *handle;
8
9 #define TEST_ERRMSG(ival, sval) \
10 ck_assert_str_eq(scep_strerror(ival), sval)
11
12 #define TEST_CSR_1 "tests/test-files/test-1-csr.pem"
13 #define TEST_CSR_2 "tests/test-files/test-2-csr.pem"
14 #define TEST_B64_PKCS7_BIN "tests/test-files/util_b64_pkcs7.bin"
15 #define TEST_B64_PKCS7_PEM "tests/test-files/util_b64_pkcs7.pem"
16
17 char *test_new_key = "-----BEGIN RSA PRIVATE KEY-----\n"
18 "MIICXAIBAAKBgQCnCz5qi3kW8avPCPhmKOUwSRpCcqOi0RH3tGburtCoHl56nhL3\n"
19 "X1Xuv+3e6HWS74IOWbwuZXADdSWswFMefJuh6D4tRACzvgbOuXaxxopj9PYnieNu\n"
20 "nATNl1O1fy1QG3uJiy+QuQe3/xfIIwIVtvsx5ckMfRHk4g4lsOJwLofIvwIDAQAB\n"
21 "AoGAGt9dMCi11zITsJ/BzjWAAU+RUOU+W+AEYvP7pyQqXxFbo6AwbulAWsM3kieV\n"
22 "Woj7RDG9az1YUsYSxILAHGRxaMzpMtJISEECUqlmDYU+/vinU/vYp0a2oAuqFg4G\n"
23 "8nSoOQ2aTG5owNNcSrK7FbEcI2XdKZNNHM+82iYv7DA4tBECQQDYJLdeudpBhgiE\n"
24 "u6XaRfvlOeRWK7kfgIloz23qjfbgpDkVO40gIOMxUfU7ut19PuwJ5yJJG4mYCCbP\n"
25 "wR9Bu1snAkEAxdi7hfgj4Lkdh3C/Qki5K5Q7KR2K6Xhfzpn+fY4SmsLHd/v6QYhF\n"
26 "+igQv3Y357dz67+9dxWBzaMsMBFOM7QEqQJBAJadXzofADvQjncP246yXclqAfca\n"
27 "GLIe+6GRieJ8cqAvT6fAC6Nrx2VC20R3/oecJRbxfS68hbDvXTxAMuu3BtkCQGdP\n"
28 "q2xjjOiWAZNuDpFgREE7YEEyCg2sK+tIgpmxjIl/2IUQ8TczH8dnEIfKBZtcMo4S\n"
29 "S69ZbbSh1jsrbjiVcjECQAlyT5MO1eWxksYaW4aFx8w+QO9vxQh0vgkI1fBArbzt\n"
30 "sj4kcSMpE9Tn8CeAhi1d0Qwayo8QO1TPbIgay02syMo=\n"
31 "-----END RSA PRIVATE KEY-----";
32
33 char *test_new_csr = "-----BEGIN CERTIFICATE REQUEST-----\n"
34 "MIIBtTCCAR4CAQAwVzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx\n"
35 "ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAxMHZm9v\n"
36 "LmJhcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApws+aot5FvGrzwj4Zijl\n"
37 "MEkaQnKjotER97Rm7q7QqB5eep4S919V7r/t3uh1ku+CDlm8LmVwA3UlrMBTHnyb\n"
38 "oeg+LUQAs74Gzrl2scaKY/T2J4njbpwEzZdTtX8tUBt7iYsvkLkHt/8XyCMCFbb7\n"
39 "MeXJDH0R5OIOJbDicC6HyL8CAwEAAaAeMBwGCSqGSIb3DQEJBzEPEw1GT09CQVJU\n"
40 "RVNUUFdEMA0GCSqGSIb3DQEBBQUAA4GBACHwu5U6KNAsgFkmgU6DNBQXriPwRvvn\n"
41 "uGCzClbjbwGnoi9XCtgepO6I6AbDokjpuuU8/JEGAqKwtRzOsvGJyq4tphAPf/89\n"
42 "/H+xoHva5tgIGv9zUQSj/6Q0B7TEUKLfVC4H0K9wde+5g13l82EzXXrsCjnyB3S7\n"
43 "SLYGjIEJ2RwX\n"
44 "-----END CERTIFICATE REQUEST-----";
45
46 char *issuedCert_str ="-----BEGIN CERTIFICATE-----\n"
47 "MIIB7TCCAZegAwIBAgIBBDANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJERTEN\n"
48 "MAsGA1UECAwEYXNkZjENMAsGA1UEBwwEYXNkZjENMAsGA1UECgwEYXNkZjELMAkG\n"
49 "A1UEAwwCY2EwHhcNMTUwMzE1MTQyMzI1WhcNMTYwMzE0MTQyMzI1WjBXMQswCQYD\n"
50 "VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQg\n"
51 "V2lkZ2l0cyBQdHkgTHRkMRAwDgYDVQQDEwdmb28uYmFyMIGfMA0GCSqGSIb3DQEB\n"
52 "AQUAA4GNADCBiQKBgQCnCz5qi3kW8avPCPhmKOUwSRpCcqOi0RH3tGburtCoHl56\n"
53 "nhL3X1Xuv+3e6HWS74IOWbwuZXADdSWswFMefJuh6D4tRACzvgbOuXaxxopj9PYn\n"
54 "ieNunATNl1O1fy1QG3uJiy+QuQe3/xfIIwIVtvsx5ckMfRHk4g4lsOJwLofIvwID\n"
55 "AQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQUFAANB\n"
56 "AGZRYophSHisfLzjA0EV766X+e7hAK1J+G3IZHHn4WvxRGEGRZmEYMwbV3/gIRW8\n"
57 "bIEcl2LeuPgUGWhLIowjKF0=\n"
58 "-----END CERTIFICATE-----\n";
59
60
setup()61 void setup()
62 {
63 ck_assert(scep_init(&handle) == SCEPE_OK);
64 }
65
teardown()66 void teardown()
67 {
68 ERR_print_errors_fp(stderr);
69 scep_cleanup(handle);
70 }
71
START_TEST(test_scep_strerror)72 START_TEST(test_scep_strerror)
73 {
74 int i;
75 for(i=SCEPE_OK; i < SCEPE_DUMMY_LAST_ERROR; i++)
76 ck_assert_int_ne(strlen(scep_strerror(i)), 0);
77 for(i=SCEPE_DUMMY_LAST_ERROR; i <= SCEPE_DUMMY_LAST_ERROR + 1; ++i)
78 TEST_ERRMSG(i, "Unknown error");
79 }
80 END_TEST
81
START_TEST(test_scep_fail_info_str)82 START_TEST(test_scep_fail_info_str)
83 {
84 int i;
85 for(i=SCEP_BAD_ALG; i <= SCEP_BAD_CERT_ID; i++)
86 ck_assert_int_ne(strlen(scep_fail_info_str(i)), 0);
87 ck_assert_str_eq(scep_fail_info_str(5), "Unknown failInfo");
88 }
89 END_TEST
90
START_TEST(test_scep_calculate_transaction_id_pubkey)91 START_TEST(test_scep_calculate_transaction_id_pubkey)
92 {
93 X509_REQ *req;
94 FILE *fp;
95 char *tid;
96 SCEP_ERROR error;
97 fp = fopen(TEST_CSR_1, "r");
98 req = PEM_read_X509_REQ(fp, NULL, NULL, NULL);
99 EVP_PKEY *pubkey = X509_REQ_get_pubkey(req);
100 fclose(fp);
101 X509_REQ_free(req);
102
103 error = scep_calculate_transaction_id_pubkey(handle, pubkey, &tid);
104 ck_assert(error == SCEPE_OK);
105 ck_assert_str_eq(tid, "5418898A0D8052E60EB9E9F9BEB2E402F8138122C8503213CF5FD86DBB8267CF");
106 free(tid);
107 EVP_PKEY_free(pubkey);
108
109 fp = fopen(TEST_CSR_2, "r");
110 req = PEM_read_X509_REQ(fp, NULL, NULL, NULL);
111 pubkey = X509_REQ_get_pubkey(req);
112 fclose(fp);
113 X509_REQ_free(req);
114
115 error = scep_calculate_transaction_id_pubkey(handle, pubkey, &tid);
116 ck_assert(error == SCEPE_OK);
117 ck_assert_str_eq(tid, "569673452595B161A6F8D272D9A214152F828133994D5B166EFFB2C140A88EA2");
118 free(tid);
119 EVP_PKEY_free(pubkey);
120 }
121 END_TEST
122
START_TEST(test_scep_calculate_transaction_id_ias_type)123 START_TEST(test_scep_calculate_transaction_id_ias_type)
124 {
125 char *tid1, *tid2, *tid3, *tid4;
126 SCEP_ERROR error;
127
128 BIO *b = BIO_new(BIO_s_mem());
129 BIO_puts(b, issuedCert_str);
130 X509 *cert = PEM_read_bio_X509(b, NULL, 0, 0);
131 ck_assert(issuedCert_str != NULL);
132 BIO_free(b);
133
134 PKCS7_ISSUER_AND_SERIAL *ias = malloc(sizeof(PKCS7_ISSUER_AND_SERIAL));
135 ias->serial = X509_get_serialNumber(cert);
136 ias->issuer = X509_get_issuer_name(cert);
137
138 error = scep_calculate_transaction_id_ias_type(handle, ias, "foo", &tid1);
139 ck_assert(error == SCEPE_OK);
140 ck_assert_str_eq(tid1, "AADB3ED997777E20F63B1C30999274F8C07A0849CA11633F7CBBDC8090CF8F5F");
141
142 error = scep_calculate_transaction_id_ias_type(handle, ias, "foO", &tid2);
143 ck_assert(error == SCEPE_OK);
144 ck_assert_str_ne(tid1, tid2);
145
146 ASN1_INTEGER *old_serial = ias->serial;
147 ias->serial = ASN1_INTEGER_new();
148 ASN1_INTEGER_set(ias->serial, 1337);
149
150 error = scep_calculate_transaction_id_ias_type(handle, ias, "foo", &tid3);
151 ck_assert(error == SCEPE_OK);
152 ck_assert_str_ne(tid1, tid2);
153 ck_assert_str_ne(tid2, tid3);
154
155 ASN1_INTEGER_free(ias->serial);
156 ias->serial = old_serial;
157
158 X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_pop(ias->issuer->entries);
159 X509_NAME_ENTRY_free(e);
160 ias->issuer->modified = 1;
161
162 error = scep_calculate_transaction_id_ias_type(handle, ias, "foo", &tid4);
163 ck_assert(error == SCEPE_OK);
164 ck_assert_str_ne(tid1, tid4);
165 ck_assert_str_ne(tid2, tid4);
166 ck_assert_str_ne(tid3, tid4);
167
168 X509_free(cert);
169 free(ias);
170 free(tid1);
171 free(tid2);
172 free(tid3);
173 free(tid4);
174 }
175 END_TEST
176
START_TEST(test_scep_PKCS7_base64_encode)177 START_TEST(test_scep_PKCS7_base64_encode)
178 {
179 BIO *inbio;
180 PKCS7 *p7;
181 char *out = NULL, *b64_pem;
182 FILE *f;
183 int f_size;
184
185 inbio = BIO_new_file(TEST_B64_PKCS7_BIN, "rb");
186 p7 = d2i_PKCS7_bio(inbio, NULL);
187 BIO_free(inbio);
188
189 f = fopen(TEST_B64_PKCS7_PEM, "rb");
190 fseek(f, 0, SEEK_END);
191 f_size = ftell(f);
192 fseek(f, 0, SEEK_SET);
193 b64_pem = malloc(f_size + 1);
194 ck_assert(fread(b64_pem, 1, f_size, f) == f_size);
195 b64_pem[f_size] = '\0';
196
197 ck_assert(scep_PKCS7_base64_encode(handle, p7, &out) == SCEPE_OK);
198 ck_assert_str_eq(out, b64_pem);
199 free(b64_pem);
200 free(out);
201 PKCS7_free(p7);
202 fclose(f);
203 }
204 END_TEST
205
START_TEST(test_scep_log)206 START_TEST(test_scep_log)
207 {
208 BIO *bio;
209 char *log_str, *check_str;
210 int lineno;
211 size_t log_str_len;
212 scep_conf_set(handle, SCEPCFG_VERBOSITY, DEBUG);
213
214 bio = BIO_new(BIO_s_mem());
215 scep_conf_set(handle, SCEPCFG_LOG, bio);
216 // hack needed for log testing
217 lineno = __LINE__; scep_log(handle, WARN, "This is a test");
218 int ref_len = snprintf(NULL, 0, "test_util.c:%d: This is a test\n", lineno) + 1;
219 check_str = malloc(ref_len);
220 snprintf(check_str, ref_len, "test_util.c:%d: This is a test\n", lineno);
221 log_str = malloc(ref_len);
222 BIO_gets(bio, log_str, ref_len);
223 ck_assert_str_eq(check_str, log_str);
224 free(check_str);
225 free(log_str);
226 BIO_free(bio);
227 }
228 END_TEST
229
START_TEST(test_scep_new_selfsigned)230 START_TEST(test_scep_new_selfsigned)
231 {
232 X509_REQ *req;
233 EVP_PKEY *req_key;
234 BIO *data;
235 X509 *cert;
236 data = BIO_new(BIO_s_mem());
237 BIO_puts(data, test_new_csr);
238 req = PEM_read_bio_X509_REQ(data, NULL, 0, 0);
239 ck_assert(req != NULL);
240 BIO_free(data);
241
242 data = BIO_new(BIO_s_mem());
243 BIO_puts(data, test_new_key);
244 req_key = PEM_read_bio_PrivateKey(data, NULL, 0, 0);
245 ck_assert(req_key != NULL);
246 BIO_free(data);
247
248 ck_assert(scep_new_selfsigned_X509(handle, req, req_key, &cert) == SCEPE_OK);
249 char *tmp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
250 ck_assert_str_eq(tmp, "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foo.bar");
251 free(tmp);
252 tmp = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
253 ck_assert_str_eq(tmp, "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foo.bar");
254 free(tmp);
255 tmp = i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert));
256 ck_assert_str_eq(tmp, "1");
257 free(tmp);
258 ck_assert_int_ne(X509_verify(cert, req_key), 0);
259 EVP_PKEY_free(req_key);
260 X509_free(cert);
261 X509_REQ_free(req);
262 }
263 END_TEST
264
START_TEST(test_X509_REQ_cmp)265 START_TEST(test_X509_REQ_cmp)
266 {
267 X509_REQ *a, *b;
268 BIO *data = BIO_new(BIO_s_mem());
269 BIO_puts(data, test_new_csr);
270 a = PEM_read_bio_X509_REQ(data, NULL, 0, 0);
271 ck_assert(a != NULL);
272 BIO_free(data);
273
274 data = BIO_new(BIO_s_mem());
275 BIO_puts(data, test_new_csr);
276 b = PEM_read_bio_X509_REQ(data, NULL, 0, 0);
277 ck_assert(b != NULL);
278 BIO_free(data);
279
280 ck_assert_int_eq(X509_REQ_cmp(a, b), 0);
281 X509_REQ_free(a);
282 X509_REQ_free(b);
283 }
284 END_TEST
285
scep_util_suite(void)286 Suite * scep_util_suite(void)
287 {
288 Suite *s = suite_create("Util");
289
290 /* Core test case */
291 TCase *tc_core = tcase_create("Core");
292 tcase_add_checked_fixture(tc_core, setup, teardown);
293 tcase_add_test(tc_core, test_scep_strerror);
294 tcase_add_test(tc_core, test_scep_fail_info_str);
295 tcase_add_test(tc_core, test_scep_calculate_transaction_id_pubkey);
296 tcase_add_test(tc_core, test_scep_calculate_transaction_id_ias_type);
297 tcase_add_test(tc_core, test_scep_PKCS7_base64_encode);
298 tcase_add_test(tc_core, test_scep_log);
299 tcase_add_test(tc_core, test_scep_new_selfsigned);
300 tcase_add_test(tc_core, test_X509_REQ_cmp);
301
302 suite_add_tcase(s, tc_core);
303
304 return s;
305 }
306
main(void)307 int main(void)
308 {
309 int number_failed;
310 Suite *s = scep_util_suite();
311 SRunner *sr = srunner_create(s);
312 srunner_run_all(sr, CK_NORMAL);
313 srunner_set_fork_status(sr, CK_NOFORK);
314 number_failed = srunner_ntests_failed(sr);
315 srunner_free(sr);
316 return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
317 }
318