123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585 |
- #include <open62541/transport_generated.h>
- #include <open62541/transport_generated_encoding_binary.h>
- #include <open62541/transport_generated_handling.h>
- #include <open62541/types_generated.h>
- #include <open62541/types_generated_encoding_binary.h>
- #include "ua_securechannel.h"
- #include <ua_types_encoding_binary.h>
- #include "check.h"
- #include "testing_networklayers.h"
- #include "testing_policy.h"
- #define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)(s)}
- #define DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE 2
- #define DEFAULT_SYM_SIGNING_KEY_LENGTH 3
- #define DEFAULT_SYM_ENCRYPTION_KEY_LENGTH 5
- #define DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE 7
- #define DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE 11
- #define DEFAULT_SYM_SIGNATURE_SIZE 13
- #define DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE 256
- #define DEFAULT_ASYM_REMOTE_BLOCKSIZE 256
- UA_SecureChannel testChannel;
- UA_ByteString dummyCertificate =
- UA_BYTESTRING_STATIC("DUMMY CERTIFICATE DUMMY CERTIFICATE DUMMY CERTIFICATE");
- UA_SecurityPolicy dummyPolicy;
- UA_Connection testingConnection;
- UA_ByteString sentData;
- static funcs_called fCalled;
- static key_sizes keySizes;
- static void
- setup_secureChannel(void) {
- TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
- UA_SecureChannel_init(&testChannel);
- UA_SecureChannel_setSecurityPolicy(&testChannel, &dummyPolicy, &dummyCertificate);
- testingConnection = createDummyConnection(65535, &sentData);
- UA_Connection_attachSecureChannel(&testingConnection, &testChannel);
- testChannel.connection = &testingConnection;
- }
- static void
- teardown_secureChannel(void) {
- UA_SecureChannel_close(&testChannel);
- UA_SecureChannel_deleteMembers(&testChannel);
- dummyPolicy.clear(&dummyPolicy);
- testingConnection.close(&testingConnection);
- }
- static void
- setup_funcs_called(void) {
- memset(&fCalled, 0, sizeof(struct funcs_called));
- }
- static void
- teardown_funcs_called(void) {
- memset(&fCalled, 0, sizeof(struct funcs_called));
- }
- static void
- setup_key_sizes(void) {
- memset(&keySizes, 0, sizeof(struct key_sizes));
- keySizes.sym_sig_keyLen = DEFAULT_SYM_SIGNING_KEY_LENGTH;
- keySizes.sym_enc_blockSize = DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE;
- keySizes.sym_enc_keyLen = DEFAULT_SYM_ENCRYPTION_KEY_LENGTH;
- keySizes.sym_sig_size = DEFAULT_SYM_SIGNATURE_SIZE;
- keySizes.asym_lcl_sig_size = DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE;
- keySizes.asym_rmt_sig_size = DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE;
- keySizes.asym_rmt_ptext_blocksize = DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE;
- keySizes.asym_rmt_blocksize = DEFAULT_ASYM_REMOTE_BLOCKSIZE;
- keySizes.asym_rmt_enc_key_size = 2048;
- keySizes.asym_lcl_enc_key_size = 1024;
- }
- static void
- teardown_key_sizes(void) {
- memset(&keySizes, 0, sizeof(struct key_sizes));
- }
- START_TEST(SecureChannel_initAndDelete) {
- TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
- UA_StatusCode retval;
- UA_SecureChannel channel;
- UA_SecureChannel_init(&channel);
- retval = UA_SecureChannel_setSecurityPolicy(&channel, &dummyPolicy, &dummyCertificate);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected StatusCode to be good");
- ck_assert_msg(channel.state == UA_SECURECHANNELSTATE_FRESH, "Expected state to be fresh");
- ck_assert_msg(fCalled.newContext, "Expected newContext to have been called");
- ck_assert_msg(fCalled.makeCertificateThumbprint,
- "Expected makeCertificateThumbprint to have been called");
- ck_assert_msg(channel.securityPolicy == &dummyPolicy, "SecurityPolicy not set correctly");
- UA_SecureChannel_close(&channel);
- UA_SecureChannel_deleteMembers(&channel);
- ck_assert_msg(fCalled.deleteContext, "Expected deleteContext to have been called");
- dummyPolicy.clear(&dummyPolicy);
- }END_TEST
- START_TEST(SecureChannel_generateNewKeys) {
- UA_StatusCode retval = UA_SecureChannel_generateNewKeys(&testChannel);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected Statuscode to be good");
- ck_assert_msg(fCalled.generateKey, "Expected generateKey to have been called");
- ck_assert_msg(fCalled.setLocalSymEncryptingKey,
- "Expected setLocalSymEncryptingKey to have been called");
- ck_assert_msg(fCalled.setLocalSymSigningKey,
- "Expected setLocalSymSigningKey to have been called");
- ck_assert_msg(fCalled.setLocalSymIv, "Expected setLocalSymIv to have been called");
- ck_assert_msg(fCalled.setRemoteSymEncryptingKey,
- "Expected setRemoteSymEncryptingKey to have been called");
- ck_assert_msg(fCalled.setRemoteSymSigningKey,
- "Expected setRemoteSymSigningKey to have been called");
- ck_assert_msg(fCalled.setRemoteSymIv, "Expected setRemoteSymIv to have been called");
- }END_TEST
- START_TEST(SecureChannel_revolveTokens) {
-
- testChannel.nextSecurityToken.tokenId = 0;
- UA_StatusCode retval = UA_SecureChannel_revolveTokens(&testChannel);
- ck_assert_msg(retval == UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN,
- "Expected failure because tokenId 0 signifies that no token was issued");
-
- testChannel.nextSecurityToken.tokenId = 10;
- retval = UA_SecureChannel_revolveTokens(&testChannel);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to return GOOD");
- ck_assert_msg(fCalled.generateKey,
- "Expected generateKey to be called because new keys need to be generated,"
- "when switching to the next token.");
- UA_ChannelSecurityToken testToken;
- UA_ChannelSecurityToken_init(&testToken);
- ck_assert_msg(memcmp(&testChannel.nextSecurityToken, &testToken,
- sizeof(UA_ChannelSecurityToken)) == 0,
- "Expected the next securityToken to be freshly initialized");
- ck_assert_msg(testChannel.securityToken.tokenId == 10, "Expected token to have been copied");
- }END_TEST
- static void
- createDummyResponse(UA_OpenSecureChannelResponse *response) {
- UA_OpenSecureChannelResponse_init(response);
- memset(response, 0, sizeof(UA_OpenSecureChannelResponse));
- }
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_withoutConnection) {
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
-
- UA_Connection_detachSecureChannel(testChannel.connection);
- testChannel.connection = NULL;
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure without a connection");
- }END_TEST
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_invalidParameters) {
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, NULL,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse, NULL);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- }END_TEST
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid) {
-
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- testChannel.securityMode = UA_MESSAGESECURITYMODE_INVALID;
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval == UA_STATUSCODE_BADSECURITYMODEREJECTED,
- "Expected SecurityMode rejected error");
- }
- END_TEST
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone) {
-
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
- ck_assert_msg(!fCalled.asym_enc, "Message encryption was called but should not have been");
- ck_assert_msg(!fCalled.asym_sign, "Message signing was called but should not have been");
- }
- END_TEST
- #ifdef UA_ENABLE_ENCRYPTION
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign) {
-
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
- ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
- ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
- }END_TEST
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt) {
-
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
- ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
- ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
- }END_TEST
- #endif
- START_TEST(SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid) {
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
-
- #ifdef UA_ENABLE_ENCRYPTION
- testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
- #else
- testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
- #endif
- UA_UInt32 requestId = UA_UInt32_random();
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
- size_t offset = 0;
- UA_SecureConversationMessageHeader header;
- UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
- UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
- UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
- ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
- &asymSecurityHeader.securityPolicyUri),
- "Expected securityPolicyUri to be equal to the one used by the secureChannel");
- #ifdef UA_ENABLE_ENCRYPTION
- ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
- "Expected the certificate to be equal to the one used by the secureChannel");
- UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
- ck_assert_msg(UA_ByteString_equal(&thumbPrint,
- &asymSecurityHeader.receiverCertificateThumbprint),
- "Expected receiverCertificateThumbprint to be equal to the one set "
- "in the secureChannel");
-
- for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
- sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
- }
- #endif
- UA_SequenceHeader sequenceHeader;
- UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
- ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
- requestId,
- sequenceHeader.requestId);
- UA_NodeId original =
- UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
- UA_NodeId requestTypeId;
- UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
- ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
- UA_OpenSecureChannelResponse sentResponse;
- UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
- ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
- "Expected the sent response to be equal to the one supplied to the send function");
- #ifdef UA_ENABLE_ENCRYPTION
- UA_Byte paddingByte = sentData.data[offset];
- size_t paddingSize = (size_t)paddingByte;
- for(size_t i = 0; i <= paddingSize; ++i) {
- ck_assert_msg(sentData.data[offset + i] == paddingByte,
- "Expected padding byte %i to be %i but got value %i",
- i, paddingByte, sentData.data[offset + i]);
- }
- ck_assert_msg(sentData.data[offset + paddingSize + 1] == '*', "Expected first byte of signature");
- #endif
- UA_SecureConversationMessageHeader_deleteMembers(&header);
- UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
- UA_SequenceHeader_deleteMembers(&sequenceHeader);
- UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
- } END_TEST
- #ifdef UA_ENABLE_ENCRYPTION
- START_TEST(Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits) {
- keySizes.asym_rmt_enc_key_size = 4096;
- keySizes.asym_rmt_blocksize = 4096;
- keySizes.asym_rmt_ptext_blocksize = 4096;
- UA_OpenSecureChannelResponse dummyResponse;
- createDummyResponse(&dummyResponse);
- testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
- UA_UInt32 requestId = UA_UInt32_random();
- UA_StatusCode retval =
- UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
- &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
- size_t offset = 0;
- UA_SecureConversationMessageHeader header;
- UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
- UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
- UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
- ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
- "Expected the certificate to be equal to the one used by the secureChannel");
- ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
- &asymSecurityHeader.securityPolicyUri),
- "Expected securityPolicyUri to be equal to the one used by the secureChannel");
- UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
- ck_assert_msg(UA_ByteString_equal(&thumbPrint,
- &asymSecurityHeader.receiverCertificateThumbprint),
- "Expected receiverCertificateThumbprint to be equal to the one set "
- "in the secureChannel");
- for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
- sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
- }
- UA_SequenceHeader sequenceHeader;
- UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
- ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
- requestId, sequenceHeader.requestId);
- UA_NodeId original =
- UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
- UA_NodeId requestTypeId;
- UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
- ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
- UA_OpenSecureChannelResponse sentResponse;
- UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
- ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
- "Expected the sent response to be equal to the one supplied to the send function");
- UA_Byte paddingByte = sentData.data[offset];
- UA_Byte extraPaddingByte = sentData.data[sentData.length - keySizes.asym_lcl_sig_size - 1];
- size_t paddingSize = (size_t)paddingByte;
- paddingSize |= extraPaddingByte << 8;
- for(size_t i = 0; i <= paddingSize; ++i) {
- ck_assert_msg(sentData.data[offset + i] == paddingByte,
- "Expected padding byte %i to be %i but got value %i",
- i,
- paddingByte,
- sentData.data[offset + i]);
- }
- ck_assert_msg(sentData.data[offset + paddingSize + 1] == extraPaddingByte,
- "Expected extra padding byte to be %i but got %i",
- extraPaddingByte, sentData.data[offset + paddingSize + 1]);
- ck_assert_msg(sentData.data[offset + paddingSize + 2] == '*',
- "Expected first byte 42 of signature but got %i",
- sentData.data[offset + paddingSize + 2]);
- UA_SecureConversationMessageHeader_deleteMembers(&header);
- UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
- UA_SequenceHeader_deleteMembers(&sequenceHeader);
- UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
- }END_TEST
- #endif
- START_TEST(SecureChannel_sendSymmetricMessage) {
-
- UA_ReadRequest dummyMessage;
- UA_ReadRequest_init(&dummyMessage);
- UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
- UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
- &dummyMessage, &dummyType);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
-
- }
- END_TEST
- START_TEST(SecureChannel_sendSymmetricMessage_modeNone) {
-
- UA_ReadRequest dummyMessage;
- UA_ReadRequest_init(&dummyMessage);
- UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
- testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
- UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
- &dummyMessage, &dummyType);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
- ck_assert_msg(!fCalled.sym_sign, "Expected message to not have been signed");
- ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
- } END_TEST
- #ifdef UA_ENABLE_ENCRYPTION
- START_TEST(SecureChannel_sendSymmetricMessage_modeSign) {
-
- UA_ReadRequest dummyMessage;
- UA_ReadRequest_init(&dummyMessage);
- UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
- testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
- UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
- &dummyMessage, &dummyType);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
- ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
- ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
- } END_TEST
- START_TEST(SecureChannel_sendSymmetricMessage_modeSignAndEncrypt)
- {
-
- UA_ReadRequest dummyMessage;
- UA_ReadRequest_init(&dummyMessage);
- UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
- testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
- UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
- &dummyMessage, &dummyType);
- ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
- ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
- ck_assert_msg(fCalled.sym_enc, "Expected message to have been encrypted");
- } END_TEST
- #endif
- START_TEST(SecureChannel_sendSymmetricMessage_invalidParameters) {
-
- UA_ReadRequest dummyMessage;
- UA_ReadRequest_init(&dummyMessage);
- UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
- UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(NULL, 42, UA_MESSAGETYPE_MSG,
- &dummyMessage, &dummyType);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
- UA_MESSAGETYPE_HEL, &dummyMessage, &dummyType);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
- UA_MESSAGETYPE_ACK, &dummyMessage, &dummyType);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
- UA_MESSAGETYPE_ERR, &dummyMessage, &dummyType);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
- UA_MESSAGETYPE_OPN, &dummyMessage, &dummyType);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
- UA_MESSAGETYPE_MSG, NULL, &dummyType);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
- UA_MESSAGETYPE_MSG, &dummyMessage, NULL);
- ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
- } END_TEST
- static Suite *
- testSuite_SecureChannel(void) {
- Suite *s = suite_create("SecureChannel");
- TCase *tc_initAndDelete = tcase_create("Initialize and delete Securechannel");
- tcase_add_checked_fixture(tc_initAndDelete, setup_funcs_called, teardown_funcs_called);
- tcase_add_checked_fixture(tc_initAndDelete, setup_key_sizes, teardown_key_sizes);
- tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete);
- suite_add_tcase(s, tc_initAndDelete);
- TCase *tc_generateNewKeys = tcase_create("Test generateNewKeys function");
- tcase_add_checked_fixture(tc_generateNewKeys, setup_funcs_called, teardown_funcs_called);
- tcase_add_checked_fixture(tc_generateNewKeys, setup_key_sizes, teardown_key_sizes);
- tcase_add_checked_fixture(tc_generateNewKeys, setup_secureChannel, teardown_secureChannel);
- tcase_add_test(tc_generateNewKeys, SecureChannel_generateNewKeys);
- suite_add_tcase(s, tc_generateNewKeys);
- TCase *tc_revolveTokens = tcase_create("Test revolveTokens function");
- tcase_add_checked_fixture(tc_revolveTokens, setup_funcs_called, teardown_funcs_called);
- tcase_add_checked_fixture(tc_revolveTokens, setup_key_sizes, teardown_key_sizes);
- tcase_add_checked_fixture(tc_revolveTokens, setup_secureChannel, teardown_secureChannel);
- tcase_add_test(tc_revolveTokens, SecureChannel_revolveTokens);
- suite_add_tcase(s, tc_revolveTokens);
- TCase *tc_sendAsymmetricOPNMessage = tcase_create("Test sendAsymmetricOPNMessage function");
- tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_funcs_called, teardown_funcs_called);
- tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_key_sizes, teardown_key_sizes);
- tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_secureChannel, teardown_secureChannel);
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_withoutConnection);
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_invalidParameters);
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid);
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone);
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid);
- #ifdef UA_ENABLE_ENCRYPTION
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign);
- tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt);
- tcase_add_test(tc_sendAsymmetricOPNMessage,
- Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits);
- #endif
- suite_add_tcase(s, tc_sendAsymmetricOPNMessage);
- TCase *tc_sendSymmetricMessage = tcase_create("Test sendSymmetricMessage function");
- tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_funcs_called, teardown_funcs_called);
- tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_key_sizes, teardown_key_sizes);
- tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_secureChannel, teardown_secureChannel);
- tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage);
- tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_invalidParameters);
- tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeNone);
- #ifdef UA_ENABLE_ENCRYPTION
- tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSign);
- tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSignAndEncrypt);
- #endif
- suite_add_tcase(s, tc_sendSymmetricMessage);
- return s;
- }
- int
- main(void) {
- Suite *s = testSuite_SecureChannel();
- SRunner *sr = srunner_create(s);
- srunner_set_fork_status(sr, CK_NOFORK);
- srunner_run_all(sr, CK_NORMAL);
- int number_failed = srunner_ntests_failed(sr);
- srunner_free(sr);
- return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
- }
|