check_securechannel.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4. #include <stdio.h>
  5. #include <stdlib.h>
  6. #include <src_generated/ua_types_generated.h>
  7. #include <ua_types_encoding_binary.h>
  8. #include <src_generated/ua_transport_generated_encoding_binary.h>
  9. #include <src_generated/ua_transport_generated.h>
  10. #include <ua_types.h>
  11. #include <src_generated/ua_types_generated_encoding_binary.h>
  12. #include <ua_plugin_securitypolicy.h>
  13. #include <src_generated/ua_transport_generated_handling.h>
  14. #include "testing_networklayers.h"
  15. #include "testing_policy.h"
  16. #include "ua_securechannel.h"
  17. #include "check.h"
  18. #define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)(s)}
  19. // Some default testing sizes. Can be overwritten in testing functions.
  20. #define DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE 2
  21. #define DEFAULT_SYM_SIGNING_KEY_LENGTH 3
  22. #define DEFAULT_SYM_ENCRYPTION_KEY_LENGTH 5
  23. #define DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE 7
  24. #define DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE 11
  25. #define DEFAULT_SYM_SIGNATURE_SIZE 13
  26. #define DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE 256
  27. #define DEFAULT_ASYM_REMOTE_BLOCKSIZE 256
  28. UA_SecureChannel testChannel;
  29. UA_ByteString dummyCertificate = UA_BYTESTRING_STATIC("DUMMY CERTIFICATE DUMMY CERTIFICATE DUMMY CERTIFICATE");
  30. UA_SecurityPolicy dummyPolicy;
  31. UA_Connection testingConnection;
  32. UA_ByteString sentData;
  33. static funcs_called fCalled;
  34. static key_sizes keySizes;
  35. static void
  36. setup_secureChannel(void) {
  37. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  38. UA_SecureChannel_init(&testChannel);
  39. UA_SecureChannel_setSecurityPolicy(&testChannel, &dummyPolicy, &dummyCertificate);
  40. testingConnection = createDummyConnection(65535, &sentData);
  41. UA_Connection_attachSecureChannel(&testingConnection, &testChannel);
  42. testChannel.connection = &testingConnection;
  43. }
  44. static void
  45. teardown_secureChannel(void) {
  46. UA_SecureChannel_close(&testChannel);
  47. UA_SecureChannel_deleteMembers(&testChannel);
  48. dummyPolicy.deleteMembers(&dummyPolicy);
  49. testingConnection.close(&testingConnection);
  50. }
  51. static void
  52. setup_funcs_called(void) {
  53. memset(&fCalled, 0, sizeof(struct funcs_called));
  54. }
  55. static void
  56. teardown_funcs_called(void) {
  57. memset(&fCalled, 0, sizeof(struct funcs_called));
  58. }
  59. static void
  60. setup_key_sizes(void) {
  61. memset(&keySizes, 0, sizeof(struct key_sizes));
  62. keySizes.sym_sig_keyLen = DEFAULT_SYM_SIGNING_KEY_LENGTH;
  63. keySizes.sym_enc_blockSize = DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE;
  64. keySizes.sym_enc_keyLen = DEFAULT_SYM_ENCRYPTION_KEY_LENGTH;
  65. keySizes.sym_sig_size = DEFAULT_SYM_SIGNATURE_SIZE;
  66. keySizes.asym_lcl_sig_size = DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE;
  67. keySizes.asym_rmt_sig_size = DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE;
  68. keySizes.asym_rmt_ptext_blocksize = DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE;
  69. keySizes.asym_rmt_blocksize = DEFAULT_ASYM_REMOTE_BLOCKSIZE;
  70. keySizes.asym_rmt_enc_key_size = 2048;
  71. keySizes.asym_lcl_enc_key_size = 1024;
  72. }
  73. static void
  74. teardown_key_sizes(void) {
  75. memset(&keySizes, 0, sizeof(struct key_sizes));
  76. }
  77. START_TEST(SecureChannel_initAndDelete)
  78. {
  79. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  80. UA_StatusCode retval;
  81. UA_SecureChannel channel;
  82. UA_SecureChannel_init(&channel);
  83. retval = UA_SecureChannel_setSecurityPolicy(&channel, &dummyPolicy, &dummyCertificate);
  84. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected StatusCode to be good");
  85. ck_assert_msg(channel.state == UA_SECURECHANNELSTATE_FRESH, "Expected state to be fresh");
  86. ck_assert_msg(fCalled.newContext, "Expected newContext to have been called");
  87. ck_assert_msg(fCalled.makeCertificateThumbprint, "Expected makeCertificateThumbprint to have been called");
  88. ck_assert_msg(channel.securityPolicy == &dummyPolicy, "SecurityPolicy not set correctly");
  89. UA_SecureChannel_close(&channel);
  90. UA_SecureChannel_deleteMembers(&channel);
  91. ck_assert_msg(fCalled.deleteContext, "Expected deleteContext to have been called");
  92. dummyPolicy.deleteMembers(&dummyPolicy);
  93. }END_TEST
  94. START_TEST(SecureChannel_generateNewKeys)
  95. {
  96. UA_StatusCode retval = UA_SecureChannel_generateNewKeys(&testChannel);
  97. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected Statuscode to be good");
  98. ck_assert_msg(fCalled.generateKey, "Expected generateKey to have been called");
  99. ck_assert_msg(fCalled.setLocalSymEncryptingKey, "Expected setLocalSymEncryptingKey to have been called");
  100. ck_assert_msg(fCalled.setLocalSymSigningKey, "Expected setLocalSymSigningKey to have been called");
  101. ck_assert_msg(fCalled.setLocalSymIv, "Expected setLocalSymIv to have been called");
  102. ck_assert_msg(fCalled.setRemoteSymEncryptingKey, "Expected setRemoteSymEncryptingKey to have been called");
  103. ck_assert_msg(fCalled.setRemoteSymSigningKey, "Expected setRemoteSymSigningKey to have been called");
  104. ck_assert_msg(fCalled.setRemoteSymIv, "Expected setRemoteSymIv to have been called");
  105. }END_TEST
  106. START_TEST(SecureChannel_revolveTokens)
  107. {
  108. // Fake that no token was issued by setting 0
  109. testChannel.nextSecurityToken.tokenId = 0;
  110. UA_StatusCode retval = UA_SecureChannel_revolveTokens(&testChannel);
  111. ck_assert_msg(retval == UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN,
  112. "Expected failure because tokenId 0 signifies that no token was issued");
  113. // Fake an issued token by setting an id
  114. testChannel.nextSecurityToken.tokenId = 10;
  115. retval = UA_SecureChannel_revolveTokens(&testChannel);
  116. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to return GOOD");
  117. ck_assert_msg(fCalled.generateKey,
  118. "Expected generateKey to be called because new keys need to be generated,"
  119. "when switching to the next token.");
  120. UA_ChannelSecurityToken testToken;
  121. UA_ChannelSecurityToken_init(&testToken);
  122. ck_assert_msg(memcmp(&testChannel.nextSecurityToken, &testToken, sizeof(UA_ChannelSecurityToken)) == 0,
  123. "Expected the next securityToken to be freshly initialized");
  124. ck_assert_msg(testChannel.securityToken.tokenId == 10, "Expected token to have been copied");
  125. }END_TEST
  126. static void
  127. createDummyResponse(UA_OpenSecureChannelResponse *response) {
  128. UA_OpenSecureChannelResponse_init(response);
  129. memset(response, 0, sizeof(UA_OpenSecureChannelResponse));
  130. }
  131. START_TEST(SecureChannel_sendAsymmetricOPNMessage_withoutConnection)
  132. {
  133. UA_OpenSecureChannelResponse dummyResponse;
  134. createDummyResponse(&dummyResponse);
  135. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  136. // Remove connection to provoke error
  137. UA_Connection_detachSecureChannel(testChannel.connection);
  138. testChannel.connection = NULL;
  139. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  140. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  141. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure without a connection");
  142. }END_TEST
  143. START_TEST(SecureChannel_sendAsymmetricOPNMessage_invalidParameters)
  144. {
  145. UA_OpenSecureChannelResponse dummyResponse;
  146. createDummyResponse(&dummyResponse);
  147. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, NULL,
  148. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  149. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  150. retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse, NULL);
  151. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  152. }END_TEST
  153. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid)
  154. {
  155. // Configure our channel correctly for OPN messages and setup dummy message
  156. UA_OpenSecureChannelResponse dummyResponse;
  157. createDummyResponse(&dummyResponse);
  158. testChannel.securityMode = UA_MESSAGESECURITYMODE_INVALID;
  159. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  160. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  161. ck_assert_msg(retval == UA_STATUSCODE_BADSECURITYMODEREJECTED, "Expected SecurityMode rejected error");
  162. }
  163. END_TEST
  164. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone)
  165. {
  166. // Configure our channel correctly for OPN messages and setup dummy message
  167. UA_OpenSecureChannelResponse dummyResponse;
  168. createDummyResponse(&dummyResponse);
  169. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  170. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  171. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  172. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  173. ck_assert_msg(!fCalled.asym_enc, "Message encryption was called but should not have been");
  174. ck_assert_msg(!fCalled.asym_sign, "Message signing was called but should not have been");
  175. }
  176. END_TEST
  177. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign)
  178. {
  179. // Configure our channel correctly for OPN messages and setup dummy message
  180. UA_OpenSecureChannelResponse dummyResponse;
  181. createDummyResponse(&dummyResponse);
  182. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  183. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  184. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  185. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  186. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  187. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  188. }END_TEST
  189. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt)
  190. {
  191. // Configure our channel correctly for OPN messages and setup dummy message
  192. UA_OpenSecureChannelResponse dummyResponse;
  193. createDummyResponse(&dummyResponse);
  194. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  195. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  196. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  197. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  198. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  199. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  200. }END_TEST
  201. START_TEST(SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid)
  202. {
  203. UA_OpenSecureChannelResponse dummyResponse;
  204. createDummyResponse(&dummyResponse);
  205. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  206. UA_UInt32 requestId = UA_UInt32_random();
  207. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  208. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  209. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  210. size_t offset = 0;
  211. UA_SecureConversationMessageHeader header;
  212. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  213. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  214. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  215. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  216. "Expected the certificate to be equal to the one used by the secureChannel");
  217. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  218. &asymSecurityHeader.securityPolicyUri),
  219. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  220. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  221. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  222. &asymSecurityHeader.receiverCertificateThumbprint),
  223. "Expected receiverCertificateThumbprint to be equal to the one set in the secureChannel");
  224. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  225. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  226. }
  227. UA_SequenceHeader sequenceHeader;
  228. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  229. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  230. requestId,
  231. sequenceHeader.requestId);
  232. UA_NodeId original = UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  233. UA_NodeId requestTypeId;
  234. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  235. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  236. UA_OpenSecureChannelResponse sentResponse;
  237. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  238. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  239. "Expected the sent response to be equal to the one supplied to the send function");
  240. UA_Byte paddingByte = sentData.data[offset];
  241. size_t paddingSize = (size_t)paddingByte;
  242. for(size_t i = 0; i <= paddingSize; ++i) {
  243. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  244. "Expected padding byte %i to be %i but got value %i",
  245. i, paddingByte, sentData.data[offset + i]);
  246. }
  247. ck_assert_msg(sentData.data[offset + paddingSize + 1] == '*', "Expected first byte of signature");
  248. UA_SecureConversationMessageHeader_deleteMembers(&header);
  249. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  250. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  251. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  252. }
  253. END_TEST
  254. START_TEST(Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits)
  255. {
  256. keySizes.asym_rmt_enc_key_size = 4096;
  257. keySizes.asym_rmt_blocksize = 4096;
  258. keySizes.asym_rmt_ptext_blocksize = 4096;
  259. UA_OpenSecureChannelResponse dummyResponse;
  260. createDummyResponse(&dummyResponse);
  261. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  262. UA_UInt32 requestId = UA_UInt32_random();
  263. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  264. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  265. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  266. size_t offset = 0;
  267. UA_SecureConversationMessageHeader header;
  268. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  269. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  270. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  271. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  272. "Expected the certificate to be equal to the one used by the secureChannel");
  273. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  274. &asymSecurityHeader.securityPolicyUri),
  275. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  276. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  277. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  278. &asymSecurityHeader.receiverCertificateThumbprint),
  279. "Expected receiverCertificateThumbprint to be equal to the one set in the secureChannel");
  280. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  281. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  282. }
  283. UA_SequenceHeader sequenceHeader;
  284. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  285. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  286. requestId,
  287. sequenceHeader.requestId);
  288. UA_NodeId original = UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  289. UA_NodeId requestTypeId;
  290. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  291. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  292. UA_OpenSecureChannelResponse sentResponse;
  293. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  294. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  295. "Expected the sent response to be equal to the one supplied to the send function");
  296. UA_Byte paddingByte = sentData.data[offset];
  297. UA_Byte extraPaddingByte = sentData.data[sentData.length - keySizes.asym_lcl_sig_size - 1];
  298. size_t paddingSize = (size_t)paddingByte;
  299. paddingSize |= extraPaddingByte << 8;
  300. for(size_t i = 0; i <= paddingSize; ++i) {
  301. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  302. "Expected padding byte %i to be %i but got value %i",
  303. i,
  304. paddingByte,
  305. sentData.data[offset + i]);
  306. }
  307. ck_assert_msg(sentData.data[offset + paddingSize + 1] == extraPaddingByte,
  308. "Expected extra padding byte to be %i but got %i",
  309. extraPaddingByte, sentData.data[offset + paddingSize + 1]);
  310. ck_assert_msg(sentData.data[offset + paddingSize + 2] == '*',
  311. "Expected first byte 42 of signature but got %i",
  312. sentData.data[offset + paddingSize + 2]);
  313. UA_SecureConversationMessageHeader_deleteMembers(&header);
  314. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  315. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  316. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  317. }END_TEST
  318. START_TEST(SecureChannel_sendSymmetricMessage)
  319. {
  320. // initialize dummy message
  321. UA_ReadRequest dummyMessage;
  322. UA_ReadRequest_init(&dummyMessage);
  323. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  324. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  325. &dummyMessage, &dummyType);
  326. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  327. // TODO: expand test
  328. }
  329. END_TEST
  330. START_TEST(SecureChannel_sendSymmetricMessage_modeNone)
  331. {
  332. // initialize dummy message
  333. UA_ReadRequest dummyMessage;
  334. UA_ReadRequest_init(&dummyMessage);
  335. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  336. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  337. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  338. &dummyMessage, &dummyType);
  339. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  340. ck_assert_msg(!fCalled.sym_sign, "Expected message to not have been signed");
  341. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  342. }
  343. END_TEST
  344. START_TEST(SecureChannel_sendSymmetricMessage_modeSign)
  345. {
  346. // initialize dummy message
  347. UA_ReadRequest dummyMessage;
  348. UA_ReadRequest_init(&dummyMessage);
  349. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  350. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  351. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  352. &dummyMessage, &dummyType);
  353. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  354. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  355. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  356. }
  357. END_TEST
  358. START_TEST(SecureChannel_sendSymmetricMessage_modeSignAndEncrypt)
  359. {
  360. // initialize dummy message
  361. UA_ReadRequest dummyMessage;
  362. UA_ReadRequest_init(&dummyMessage);
  363. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  364. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  365. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  366. &dummyMessage, &dummyType);
  367. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  368. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  369. ck_assert_msg(fCalled.sym_enc, "Expected message to have been encrypted");
  370. }
  371. END_TEST
  372. START_TEST(SecureChannel_sendSymmetricMessage_invalidParameters)
  373. {
  374. // initialize dummy message
  375. UA_ReadRequest dummyMessage;
  376. UA_ReadRequest_init(&dummyMessage);
  377. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  378. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(NULL, 42, UA_MESSAGETYPE_MSG,
  379. &dummyMessage, &dummyType);
  380. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  381. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_HEL, &dummyMessage, &dummyType);
  382. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  383. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_ACK, &dummyMessage, &dummyType);
  384. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  385. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_ERR, &dummyMessage, &dummyType);
  386. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  387. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_OPN, &dummyMessage, &dummyType);
  388. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  389. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG, NULL, &dummyType);
  390. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  391. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG, &dummyMessage, NULL);
  392. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  393. }
  394. END_TEST
  395. static Suite *
  396. testSuite_SecureChannel(void) {
  397. Suite *s = suite_create("SecureChannel");
  398. TCase *tc_initAndDelete = tcase_create("Initialize and delete Securechannel");
  399. tcase_add_checked_fixture(tc_initAndDelete, setup_funcs_called, teardown_funcs_called);
  400. tcase_add_checked_fixture(tc_initAndDelete, setup_key_sizes, teardown_key_sizes);
  401. tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete);
  402. suite_add_tcase(s, tc_initAndDelete);
  403. TCase *tc_generateNewKeys = tcase_create("Test generateNewKeys function");
  404. tcase_add_checked_fixture(tc_generateNewKeys, setup_funcs_called, teardown_funcs_called);
  405. tcase_add_checked_fixture(tc_generateNewKeys, setup_key_sizes, teardown_key_sizes);
  406. tcase_add_checked_fixture(tc_generateNewKeys, setup_secureChannel, teardown_secureChannel);
  407. tcase_add_test(tc_generateNewKeys, SecureChannel_generateNewKeys);
  408. suite_add_tcase(s, tc_generateNewKeys);
  409. TCase *tc_revolveTokens = tcase_create("Test revolveTokens function");
  410. tcase_add_checked_fixture(tc_revolveTokens, setup_funcs_called, teardown_funcs_called);
  411. tcase_add_checked_fixture(tc_revolveTokens, setup_key_sizes, teardown_key_sizes);
  412. tcase_add_checked_fixture(tc_revolveTokens, setup_secureChannel, teardown_secureChannel);
  413. tcase_add_test(tc_revolveTokens, SecureChannel_revolveTokens);
  414. suite_add_tcase(s, tc_revolveTokens);
  415. TCase *tc_sendAsymmetricOPNMessage = tcase_create("Test sendAsymmetricOPNMessage function");
  416. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_funcs_called, teardown_funcs_called);
  417. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_key_sizes, teardown_key_sizes);
  418. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_secureChannel, teardown_secureChannel);
  419. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_withoutConnection);
  420. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_invalidParameters);
  421. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid);
  422. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone);
  423. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign);
  424. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt);
  425. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid);
  426. tcase_add_test(tc_sendAsymmetricOPNMessage,
  427. Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits);
  428. suite_add_tcase(s, tc_sendAsymmetricOPNMessage);
  429. TCase *tc_sendSymmetricMessage = tcase_create("Test sendSymmetricMessage function");
  430. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_funcs_called, teardown_funcs_called);
  431. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_key_sizes, teardown_key_sizes);
  432. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_secureChannel, teardown_secureChannel);
  433. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage);
  434. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_invalidParameters);
  435. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeNone);
  436. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSign);
  437. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSignAndEncrypt);
  438. suite_add_tcase(s, tc_sendSymmetricMessage);
  439. return s;
  440. }
  441. int
  442. main(void) {
  443. Suite *s = testSuite_SecureChannel();
  444. SRunner *sr = srunner_create(s);
  445. srunner_set_fork_status(sr, CK_NOFORK);
  446. srunner_run_all(sr, CK_NORMAL);
  447. int number_failed = srunner_ntests_failed(sr);
  448. srunner_free(sr);
  449. return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
  450. }