|
@@ -19,7 +19,15 @@
|
|
|
|
|
|
#include "check.h"
|
|
|
|
|
|
-#define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
|
|
|
+#define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)(s)}
|
|
|
+
|
|
|
+// Some default testing sizes. Can be overwritten in testing functions.
|
|
|
+#define DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE 2
|
|
|
+#define DEFAULT_SYM_SIGNING_KEY_LENGTH 3
|
|
|
+#define DEFAULT_SYM_ENCRYPTION_KEY_LENGTH 5
|
|
|
+#define DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE 7
|
|
|
+#define DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE 11
|
|
|
+#define DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE 256
|
|
|
|
|
|
UA_SecureChannel testChannel;
|
|
|
UA_ByteString dummyCertificate = UA_BYTESTRING_STATIC("DUMMY CERTIFICATE DUMMY CERTIFICATE DUMMY CERTIFICATE");
|
|
@@ -28,11 +36,12 @@ UA_Connection testingConnection;
|
|
|
UA_ByteString sentData;
|
|
|
|
|
|
|
|
|
-funcs_called fCalled;
|
|
|
+static funcs_called fCalled;
|
|
|
+static key_sizes keySizes;
|
|
|
|
|
|
static void
|
|
|
setup_secureChannel(void) {
|
|
|
- TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled);
|
|
|
+ TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
|
|
|
UA_SecureChannel_init(&testChannel, &dummyPolicy, &dummyCertificate);
|
|
|
|
|
|
testingConnection = createDummyConnection(&sentData);
|
|
@@ -58,6 +67,27 @@ teardown_funcs_called(void) {
|
|
|
memset(&fCalled, 0, sizeof(struct funcs_called));
|
|
|
}
|
|
|
|
|
|
+static void
|
|
|
+setup_key_sizes(void) {
|
|
|
+ memset(&keySizes, 0, sizeof(struct key_sizes));
|
|
|
+
|
|
|
+ keySizes.sym_sig_keyLen = DEFAULT_SYM_SIGNING_KEY_LENGTH;
|
|
|
+ keySizes.sym_enc_blockSize = DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE;
|
|
|
+ keySizes.sym_enc_keyLen = DEFAULT_SYM_ENCRYPTION_KEY_LENGTH;
|
|
|
+
|
|
|
+ keySizes.asym_lcl_sig_size = DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE;
|
|
|
+ keySizes.asym_rmt_sig_size = DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE;
|
|
|
+
|
|
|
+ keySizes.asym_rmt_ptext_blocksize = DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE;
|
|
|
+ keySizes.asym_rmt_enc_key_size = 2048;
|
|
|
+ keySizes.asym_lcl_enc_key_size = 1024;
|
|
|
+}
|
|
|
+
|
|
|
+static void
|
|
|
+teardown_key_sizes(void) {
|
|
|
+ memset(&keySizes, 0, sizeof(struct key_sizes));
|
|
|
+}
|
|
|
+
|
|
|
/*
|
|
|
static void
|
|
|
setup_dummyPolicy(void) {
|
|
@@ -71,7 +101,7 @@ teardown_dummyPolicy(void) {
|
|
|
|
|
|
START_TEST(SecureChannel_initAndDelete)
|
|
|
{
|
|
|
- TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled);
|
|
|
+ TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
|
|
|
UA_StatusCode retval;
|
|
|
|
|
|
UA_SecureChannel channel;
|
|
@@ -322,6 +352,99 @@ START_TEST(SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid)
|
|
|
ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
|
|
|
"Expected the sent response to be equal to the one supplied to the send function");
|
|
|
|
|
|
+ UA_Byte paddingByte = sentData.data[offset];
|
|
|
+ size_t paddingSize = (size_t) paddingByte;
|
|
|
+
|
|
|
+ for(size_t i = 0; i <= paddingSize; ++i) {
|
|
|
+ ck_assert_msg(sentData.data[offset + i] == paddingByte,
|
|
|
+ "Expected padding byte %i to be %i but got value %i",
|
|
|
+ i,
|
|
|
+ paddingByte,
|
|
|
+ sentData.data[offset + i]);
|
|
|
+ }
|
|
|
+
|
|
|
+ ck_assert_msg(sentData.data[offset + paddingSize + 1] == '*', "Expected first byte of signature");
|
|
|
+
|
|
|
+ UA_SecureConversationMessageHeader_deleteMembers(&header);
|
|
|
+ UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
|
|
|
+ UA_SequenceHeader_deleteMembers(&sequenceHeader);
|
|
|
+ UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
|
|
|
+ }
|
|
|
+END_TEST
|
|
|
+
|
|
|
+START_TEST(Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits)
|
|
|
+ {
|
|
|
+ keySizes.asym_rmt_enc_key_size = 4096;
|
|
|
+ keySizes.asym_rmt_ptext_blocksize = 4096;
|
|
|
+
|
|
|
+ UA_OpenSecureChannelResponse dummyResponse;
|
|
|
+ createDummyResponse(&dummyResponse);
|
|
|
+
|
|
|
+ testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
|
|
|
+ UA_UInt32 requestId = UA_UInt32_random();
|
|
|
+
|
|
|
+ UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel,
|
|
|
+ requestId,
|
|
|
+ &dummyResponse,
|
|
|
+ &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
|
|
|
+ ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
|
|
|
+
|
|
|
+ size_t offset = 0;
|
|
|
+ UA_SecureConversationMessageHeader header;
|
|
|
+ UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
|
|
|
+
|
|
|
+ UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
|
|
|
+ UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
|
|
|
+ ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
|
|
|
+ "Expected the certificate to be equal to the one used by the secureChannel");
|
|
|
+ ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
|
|
|
+ &asymSecurityHeader.securityPolicyUri),
|
|
|
+ "Expected securityPolicyUri to be equal to the one used by the secureChannel");
|
|
|
+ UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
|
|
|
+ ck_assert_msg(UA_ByteString_equal(&thumbPrint,
|
|
|
+ &asymSecurityHeader.receiverCertificateThumbprint),
|
|
|
+ "Expected receiverCertificateThumbprint to be equal to the one set in the secureChannel");
|
|
|
+
|
|
|
+ for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
|
|
|
+ sentData.data[i] = (UA_Byte) ((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
|
|
|
+ }
|
|
|
+
|
|
|
+ UA_SequenceHeader sequenceHeader;
|
|
|
+ UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
|
|
|
+ ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
|
|
|
+ requestId,
|
|
|
+ sequenceHeader.requestId);
|
|
|
+
|
|
|
+ UA_NodeId original = UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
|
|
|
+ UA_NodeId requestTypeId;
|
|
|
+ UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
|
|
|
+ ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
|
|
|
+
|
|
|
+ UA_OpenSecureChannelResponse sentResponse;
|
|
|
+ UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
|
|
|
+
|
|
|
+ ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
|
|
|
+ "Expected the sent response to be equal to the one supplied to the send function");
|
|
|
+
|
|
|
+ UA_Byte paddingByte = sentData.data[offset];
|
|
|
+ UA_Byte extraPaddingByte = sentData.data[sentData.length - keySizes.asym_lcl_sig_size - 1];
|
|
|
+ size_t paddingSize = (size_t) paddingByte;
|
|
|
+ paddingSize |= extraPaddingByte << 8;
|
|
|
+
|
|
|
+ for(size_t i = 0; i <= paddingSize; ++i) {
|
|
|
+ ck_assert_msg(sentData.data[offset + i] == paddingByte,
|
|
|
+ "Expected padding byte %i to be %i but got value %i",
|
|
|
+ i,
|
|
|
+ paddingByte,
|
|
|
+ sentData.data[offset + i]);
|
|
|
+ }
|
|
|
+
|
|
|
+ ck_assert_msg(sentData.data[offset + paddingSize + 1] == extraPaddingByte, "Expected extra padding byte to be "
|
|
|
+ "%i but got %i",
|
|
|
+ extraPaddingByte, sentData.data[offset + paddingSize + 1]);
|
|
|
+ ck_assert_msg(sentData.data[offset + paddingSize + 2] == '*', "Expected first byte 42 of signature but got %i",
|
|
|
+ sentData.data[offset + paddingSize + 2]);
|
|
|
+
|
|
|
UA_SecureConversationMessageHeader_deleteMembers(&header);
|
|
|
UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
|
|
|
UA_SequenceHeader_deleteMembers(&sequenceHeader);
|
|
@@ -335,24 +458,28 @@ testSuite_SecureChannel(void) {
|
|
|
|
|
|
TCase *tc_initAndDelete = tcase_create("Initialize and delete Securechannel");
|
|
|
tcase_add_checked_fixture(tc_initAndDelete, setup_funcs_called, teardown_funcs_called);
|
|
|
+ tcase_add_checked_fixture(tc_initAndDelete, setup_key_sizes, teardown_key_sizes);
|
|
|
tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete);
|
|
|
tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete_invalidParameters);
|
|
|
suite_add_tcase(s, tc_initAndDelete);
|
|
|
|
|
|
TCase *tc_generateNewKeys = tcase_create("Test generateNewKeys function");
|
|
|
tcase_add_checked_fixture(tc_generateNewKeys, setup_funcs_called, teardown_funcs_called);
|
|
|
+ tcase_add_checked_fixture(tc_generateNewKeys, setup_key_sizes, teardown_key_sizes);
|
|
|
tcase_add_checked_fixture(tc_generateNewKeys, setup_secureChannel, teardown_secureChannel);
|
|
|
tcase_add_test(tc_generateNewKeys, SecureChannel_generateNewKeys);
|
|
|
suite_add_tcase(s, tc_generateNewKeys);
|
|
|
|
|
|
TCase *tc_revolveTokens = tcase_create("Test revolveTokens function");
|
|
|
tcase_add_checked_fixture(tc_revolveTokens, setup_funcs_called, teardown_funcs_called);
|
|
|
+ tcase_add_checked_fixture(tc_revolveTokens, setup_key_sizes, teardown_key_sizes);
|
|
|
tcase_add_checked_fixture(tc_revolveTokens, setup_secureChannel, teardown_secureChannel);
|
|
|
tcase_add_test(tc_revolveTokens, SecureChannel_revolveTokens);
|
|
|
suite_add_tcase(s, tc_revolveTokens);
|
|
|
|
|
|
TCase *tc_sendAsymmetricOPNMessage = tcase_create("Test sendAsymmetricOPNMessage function");
|
|
|
tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_funcs_called, teardown_funcs_called);
|
|
|
+ tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_key_sizes, teardown_key_sizes);
|
|
|
tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_secureChannel, teardown_secureChannel);
|
|
|
tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_withoutConnection);
|
|
|
tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_invalidParameters);
|
|
@@ -361,6 +488,8 @@ testSuite_SecureChannel(void) {
|
|
|
tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign);
|
|
|
tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt);
|
|
|
tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid);
|
|
|
+ tcase_add_test(tc_sendAsymmetricOPNMessage,
|
|
|
+ Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits);
|
|
|
suite_add_tcase(s, tc_sendAsymmetricOPNMessage);
|
|
|
|
|
|
|