check_securechannel.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4. #include <open62541/transport_generated.h>
  5. #include <open62541/transport_generated_encoding_binary.h>
  6. #include <open62541/transport_generated_handling.h>
  7. #include <open62541/types_generated.h>
  8. #include <open62541/types_generated_encoding_binary.h>
  9. #include "ua_securechannel.h"
  10. #include <ua_types_encoding_binary.h>
  11. #include "check.h"
  12. #include "testing_networklayers.h"
  13. #include "testing_policy.h"
  14. #define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)(s)}
  15. // Some default testing sizes. Can be overwritten in testing functions.
  16. #define DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE 2
  17. #define DEFAULT_SYM_SIGNING_KEY_LENGTH 3
  18. #define DEFAULT_SYM_ENCRYPTION_KEY_LENGTH 5
  19. #define DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE 7
  20. #define DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE 11
  21. #define DEFAULT_SYM_SIGNATURE_SIZE 13
  22. #define DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE 256
  23. #define DEFAULT_ASYM_REMOTE_BLOCKSIZE 256
  24. UA_SecureChannel testChannel;
  25. UA_ByteString dummyCertificate =
  26. UA_BYTESTRING_STATIC("DUMMY CERTIFICATE DUMMY CERTIFICATE DUMMY CERTIFICATE");
  27. UA_SecurityPolicy dummyPolicy;
  28. UA_Connection testingConnection;
  29. UA_ByteString sentData;
  30. static funcs_called fCalled;
  31. static key_sizes keySizes;
  32. static void
  33. setup_secureChannel(void) {
  34. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  35. UA_SecureChannel_init(&testChannel);
  36. UA_SecureChannel_setSecurityPolicy(&testChannel, &dummyPolicy, &dummyCertificate);
  37. testingConnection = createDummyConnection(65535, &sentData);
  38. UA_Connection_attachSecureChannel(&testingConnection, &testChannel);
  39. testChannel.connection = &testingConnection;
  40. }
  41. static void
  42. teardown_secureChannel(void) {
  43. UA_SecureChannel_close(&testChannel);
  44. UA_SecureChannel_deleteMembers(&testChannel);
  45. dummyPolicy.clear(&dummyPolicy);
  46. testingConnection.close(&testingConnection);
  47. }
  48. static void
  49. setup_funcs_called(void) {
  50. memset(&fCalled, 0, sizeof(struct funcs_called));
  51. }
  52. static void
  53. teardown_funcs_called(void) {
  54. memset(&fCalled, 0, sizeof(struct funcs_called));
  55. }
  56. static void
  57. setup_key_sizes(void) {
  58. memset(&keySizes, 0, sizeof(struct key_sizes));
  59. keySizes.sym_sig_keyLen = DEFAULT_SYM_SIGNING_KEY_LENGTH;
  60. keySizes.sym_enc_blockSize = DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE;
  61. keySizes.sym_enc_keyLen = DEFAULT_SYM_ENCRYPTION_KEY_LENGTH;
  62. keySizes.sym_sig_size = DEFAULT_SYM_SIGNATURE_SIZE;
  63. keySizes.asym_lcl_sig_size = DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE;
  64. keySizes.asym_rmt_sig_size = DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE;
  65. keySizes.asym_rmt_ptext_blocksize = DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE;
  66. keySizes.asym_rmt_blocksize = DEFAULT_ASYM_REMOTE_BLOCKSIZE;
  67. keySizes.asym_rmt_enc_key_size = 2048;
  68. keySizes.asym_lcl_enc_key_size = 1024;
  69. }
  70. static void
  71. teardown_key_sizes(void) {
  72. memset(&keySizes, 0, sizeof(struct key_sizes));
  73. }
  74. START_TEST(SecureChannel_initAndDelete) {
  75. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  76. UA_StatusCode retval;
  77. UA_SecureChannel channel;
  78. UA_SecureChannel_init(&channel);
  79. retval = UA_SecureChannel_setSecurityPolicy(&channel, &dummyPolicy, &dummyCertificate);
  80. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected StatusCode to be good");
  81. ck_assert_msg(channel.state == UA_SECURECHANNELSTATE_FRESH, "Expected state to be fresh");
  82. ck_assert_msg(fCalled.newContext, "Expected newContext to have been called");
  83. ck_assert_msg(fCalled.makeCertificateThumbprint,
  84. "Expected makeCertificateThumbprint to have been called");
  85. ck_assert_msg(channel.securityPolicy == &dummyPolicy, "SecurityPolicy not set correctly");
  86. UA_SecureChannel_close(&channel);
  87. UA_SecureChannel_deleteMembers(&channel);
  88. ck_assert_msg(fCalled.deleteContext, "Expected deleteContext to have been called");
  89. dummyPolicy.clear(&dummyPolicy);
  90. }END_TEST
  91. START_TEST(SecureChannel_generateNewKeys) {
  92. UA_StatusCode retval = UA_SecureChannel_generateNewKeys(&testChannel);
  93. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected Statuscode to be good");
  94. ck_assert_msg(fCalled.generateKey, "Expected generateKey to have been called");
  95. ck_assert_msg(fCalled.setLocalSymEncryptingKey,
  96. "Expected setLocalSymEncryptingKey to have been called");
  97. ck_assert_msg(fCalled.setLocalSymSigningKey,
  98. "Expected setLocalSymSigningKey to have been called");
  99. ck_assert_msg(fCalled.setLocalSymIv, "Expected setLocalSymIv to have been called");
  100. ck_assert_msg(fCalled.setRemoteSymEncryptingKey,
  101. "Expected setRemoteSymEncryptingKey to have been called");
  102. ck_assert_msg(fCalled.setRemoteSymSigningKey,
  103. "Expected setRemoteSymSigningKey to have been called");
  104. ck_assert_msg(fCalled.setRemoteSymIv, "Expected setRemoteSymIv to have been called");
  105. }END_TEST
  106. START_TEST(SecureChannel_revolveTokens) {
  107. // Fake that no token was issued by setting 0
  108. testChannel.nextSecurityToken.tokenId = 0;
  109. UA_StatusCode retval = UA_SecureChannel_revolveTokens(&testChannel);
  110. ck_assert_msg(retval == UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN,
  111. "Expected failure because tokenId 0 signifies that no token was issued");
  112. // Fake an issued token by setting an id
  113. testChannel.nextSecurityToken.tokenId = 10;
  114. retval = UA_SecureChannel_revolveTokens(&testChannel);
  115. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to return GOOD");
  116. ck_assert_msg(fCalled.generateKey,
  117. "Expected generateKey to be called because new keys need to be generated,"
  118. "when switching to the next token.");
  119. UA_ChannelSecurityToken testToken;
  120. UA_ChannelSecurityToken_init(&testToken);
  121. ck_assert_msg(memcmp(&testChannel.nextSecurityToken, &testToken,
  122. sizeof(UA_ChannelSecurityToken)) == 0,
  123. "Expected the next securityToken to be freshly initialized");
  124. ck_assert_msg(testChannel.securityToken.tokenId == 10, "Expected token to have been copied");
  125. }END_TEST
  126. static void
  127. createDummyResponse(UA_OpenSecureChannelResponse *response) {
  128. UA_OpenSecureChannelResponse_init(response);
  129. memset(response, 0, sizeof(UA_OpenSecureChannelResponse));
  130. }
  131. START_TEST(SecureChannel_sendAsymmetricOPNMessage_withoutConnection) {
  132. UA_OpenSecureChannelResponse dummyResponse;
  133. createDummyResponse(&dummyResponse);
  134. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  135. // Remove connection to provoke error
  136. UA_Connection_detachSecureChannel(testChannel.connection);
  137. testChannel.connection = NULL;
  138. UA_StatusCode retval =
  139. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  140. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  141. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure without a connection");
  142. }END_TEST
  143. START_TEST(SecureChannel_sendAsymmetricOPNMessage_invalidParameters) {
  144. UA_OpenSecureChannelResponse dummyResponse;
  145. createDummyResponse(&dummyResponse);
  146. UA_StatusCode retval =
  147. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, NULL,
  148. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  149. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  150. retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse, NULL);
  151. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  152. }END_TEST
  153. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid) {
  154. // Configure our channel correctly for OPN messages and setup dummy message
  155. UA_OpenSecureChannelResponse dummyResponse;
  156. createDummyResponse(&dummyResponse);
  157. testChannel.securityMode = UA_MESSAGESECURITYMODE_INVALID;
  158. UA_StatusCode retval =
  159. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  160. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  161. ck_assert_msg(retval == UA_STATUSCODE_BADSECURITYMODEREJECTED,
  162. "Expected SecurityMode rejected error");
  163. }
  164. END_TEST
  165. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone) {
  166. // Configure our channel correctly for OPN messages and setup dummy message
  167. UA_OpenSecureChannelResponse dummyResponse;
  168. createDummyResponse(&dummyResponse);
  169. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  170. UA_StatusCode retval =
  171. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  172. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  173. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  174. ck_assert_msg(!fCalled.asym_enc, "Message encryption was called but should not have been");
  175. ck_assert_msg(!fCalled.asym_sign, "Message signing was called but should not have been");
  176. }
  177. END_TEST
  178. #ifdef UA_ENABLE_ENCRYPTION
  179. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign) {
  180. // Configure our channel correctly for OPN messages and setup dummy message
  181. UA_OpenSecureChannelResponse dummyResponse;
  182. createDummyResponse(&dummyResponse);
  183. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  184. UA_StatusCode retval =
  185. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  186. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  187. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  188. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  189. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  190. }END_TEST
  191. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt) {
  192. // Configure our channel correctly for OPN messages and setup dummy message
  193. UA_OpenSecureChannelResponse dummyResponse;
  194. createDummyResponse(&dummyResponse);
  195. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  196. UA_StatusCode retval =
  197. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  198. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  199. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  200. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  201. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  202. }END_TEST
  203. #endif /* UA_ENABLE_ENCRYPTION */
  204. START_TEST(SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid) {
  205. UA_OpenSecureChannelResponse dummyResponse;
  206. createDummyResponse(&dummyResponse);
  207. /* Enable encryption for the SecureChannel */
  208. #ifdef UA_ENABLE_ENCRYPTION
  209. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  210. #else
  211. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  212. #endif
  213. UA_UInt32 requestId = UA_UInt32_random();
  214. UA_StatusCode retval =
  215. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  216. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  217. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  218. size_t offset = 0;
  219. UA_SecureConversationMessageHeader header;
  220. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  221. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  222. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  223. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  224. &asymSecurityHeader.securityPolicyUri),
  225. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  226. #ifdef UA_ENABLE_ENCRYPTION
  227. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  228. "Expected the certificate to be equal to the one used by the secureChannel");
  229. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  230. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  231. &asymSecurityHeader.receiverCertificateThumbprint),
  232. "Expected receiverCertificateThumbprint to be equal to the one set "
  233. "in the secureChannel");
  234. /* Dummy encryption */
  235. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  236. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  237. }
  238. #endif
  239. UA_SequenceHeader sequenceHeader;
  240. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  241. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  242. requestId,
  243. sequenceHeader.requestId);
  244. UA_NodeId original =
  245. UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  246. UA_NodeId requestTypeId;
  247. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  248. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  249. UA_OpenSecureChannelResponse sentResponse;
  250. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  251. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  252. "Expected the sent response to be equal to the one supplied to the send function");
  253. #ifdef UA_ENABLE_ENCRYPTION
  254. UA_Byte paddingByte = sentData.data[offset];
  255. size_t paddingSize = (size_t)paddingByte;
  256. for(size_t i = 0; i <= paddingSize; ++i) {
  257. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  258. "Expected padding byte %i to be %i but got value %i",
  259. i, paddingByte, sentData.data[offset + i]);
  260. }
  261. ck_assert_msg(sentData.data[offset + paddingSize + 1] == '*', "Expected first byte of signature");
  262. #endif
  263. UA_SecureConversationMessageHeader_deleteMembers(&header);
  264. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  265. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  266. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  267. } END_TEST
  268. #ifdef UA_ENABLE_ENCRYPTION
  269. START_TEST(Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits) {
  270. keySizes.asym_rmt_enc_key_size = 4096;
  271. keySizes.asym_rmt_blocksize = 4096;
  272. keySizes.asym_rmt_ptext_blocksize = 4096;
  273. UA_OpenSecureChannelResponse dummyResponse;
  274. createDummyResponse(&dummyResponse);
  275. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  276. UA_UInt32 requestId = UA_UInt32_random();
  277. UA_StatusCode retval =
  278. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  279. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  280. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  281. size_t offset = 0;
  282. UA_SecureConversationMessageHeader header;
  283. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  284. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  285. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  286. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  287. "Expected the certificate to be equal to the one used by the secureChannel");
  288. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  289. &asymSecurityHeader.securityPolicyUri),
  290. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  291. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  292. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  293. &asymSecurityHeader.receiverCertificateThumbprint),
  294. "Expected receiverCertificateThumbprint to be equal to the one set "
  295. "in the secureChannel");
  296. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  297. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  298. }
  299. UA_SequenceHeader sequenceHeader;
  300. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  301. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  302. requestId, sequenceHeader.requestId);
  303. UA_NodeId original =
  304. UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  305. UA_NodeId requestTypeId;
  306. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  307. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  308. UA_OpenSecureChannelResponse sentResponse;
  309. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  310. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  311. "Expected the sent response to be equal to the one supplied to the send function");
  312. UA_Byte paddingByte = sentData.data[offset];
  313. UA_Byte extraPaddingByte = sentData.data[sentData.length - keySizes.asym_lcl_sig_size - 1];
  314. size_t paddingSize = (size_t)paddingByte;
  315. paddingSize |= extraPaddingByte << 8;
  316. for(size_t i = 0; i <= paddingSize; ++i) {
  317. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  318. "Expected padding byte %i to be %i but got value %i",
  319. i,
  320. paddingByte,
  321. sentData.data[offset + i]);
  322. }
  323. ck_assert_msg(sentData.data[offset + paddingSize + 1] == extraPaddingByte,
  324. "Expected extra padding byte to be %i but got %i",
  325. extraPaddingByte, sentData.data[offset + paddingSize + 1]);
  326. ck_assert_msg(sentData.data[offset + paddingSize + 2] == '*',
  327. "Expected first byte 42 of signature but got %i",
  328. sentData.data[offset + paddingSize + 2]);
  329. UA_SecureConversationMessageHeader_deleteMembers(&header);
  330. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  331. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  332. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  333. }END_TEST
  334. #endif /* UA_ENABLE_ENCRYPTION */
  335. START_TEST(SecureChannel_sendSymmetricMessage) {
  336. // initialize dummy message
  337. UA_ReadRequest dummyMessage;
  338. UA_ReadRequest_init(&dummyMessage);
  339. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  340. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  341. &dummyMessage, &dummyType);
  342. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  343. // TODO: expand test
  344. }
  345. END_TEST
  346. START_TEST(SecureChannel_sendSymmetricMessage_modeNone) {
  347. // initialize dummy message
  348. UA_ReadRequest dummyMessage;
  349. UA_ReadRequest_init(&dummyMessage);
  350. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  351. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  352. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  353. &dummyMessage, &dummyType);
  354. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  355. ck_assert_msg(!fCalled.sym_sign, "Expected message to not have been signed");
  356. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  357. } END_TEST
  358. #ifdef UA_ENABLE_ENCRYPTION
  359. START_TEST(SecureChannel_sendSymmetricMessage_modeSign) {
  360. // initialize dummy message
  361. UA_ReadRequest dummyMessage;
  362. UA_ReadRequest_init(&dummyMessage);
  363. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  364. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  365. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  366. &dummyMessage, &dummyType);
  367. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  368. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  369. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  370. } END_TEST
  371. START_TEST(SecureChannel_sendSymmetricMessage_modeSignAndEncrypt)
  372. {
  373. // initialize dummy message
  374. UA_ReadRequest dummyMessage;
  375. UA_ReadRequest_init(&dummyMessage);
  376. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  377. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  378. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  379. &dummyMessage, &dummyType);
  380. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  381. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  382. ck_assert_msg(fCalled.sym_enc, "Expected message to have been encrypted");
  383. } END_TEST
  384. #endif /* UA_ENABLE_ENCRYPTION */
  385. START_TEST(SecureChannel_sendSymmetricMessage_invalidParameters) {
  386. // initialize dummy message
  387. UA_ReadRequest dummyMessage;
  388. UA_ReadRequest_init(&dummyMessage);
  389. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  390. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(NULL, 42, UA_MESSAGETYPE_MSG,
  391. &dummyMessage, &dummyType);
  392. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  393. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  394. UA_MESSAGETYPE_HEL, &dummyMessage, &dummyType);
  395. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  396. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  397. UA_MESSAGETYPE_ACK, &dummyMessage, &dummyType);
  398. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  399. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  400. UA_MESSAGETYPE_ERR, &dummyMessage, &dummyType);
  401. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  402. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  403. UA_MESSAGETYPE_OPN, &dummyMessage, &dummyType);
  404. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  405. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  406. UA_MESSAGETYPE_MSG, NULL, &dummyType);
  407. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  408. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  409. UA_MESSAGETYPE_MSG, &dummyMessage, NULL);
  410. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  411. } END_TEST
  412. static Suite *
  413. testSuite_SecureChannel(void) {
  414. Suite *s = suite_create("SecureChannel");
  415. TCase *tc_initAndDelete = tcase_create("Initialize and delete Securechannel");
  416. tcase_add_checked_fixture(tc_initAndDelete, setup_funcs_called, teardown_funcs_called);
  417. tcase_add_checked_fixture(tc_initAndDelete, setup_key_sizes, teardown_key_sizes);
  418. tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete);
  419. suite_add_tcase(s, tc_initAndDelete);
  420. TCase *tc_generateNewKeys = tcase_create("Test generateNewKeys function");
  421. tcase_add_checked_fixture(tc_generateNewKeys, setup_funcs_called, teardown_funcs_called);
  422. tcase_add_checked_fixture(tc_generateNewKeys, setup_key_sizes, teardown_key_sizes);
  423. tcase_add_checked_fixture(tc_generateNewKeys, setup_secureChannel, teardown_secureChannel);
  424. tcase_add_test(tc_generateNewKeys, SecureChannel_generateNewKeys);
  425. suite_add_tcase(s, tc_generateNewKeys);
  426. TCase *tc_revolveTokens = tcase_create("Test revolveTokens function");
  427. tcase_add_checked_fixture(tc_revolveTokens, setup_funcs_called, teardown_funcs_called);
  428. tcase_add_checked_fixture(tc_revolveTokens, setup_key_sizes, teardown_key_sizes);
  429. tcase_add_checked_fixture(tc_revolveTokens, setup_secureChannel, teardown_secureChannel);
  430. tcase_add_test(tc_revolveTokens, SecureChannel_revolveTokens);
  431. suite_add_tcase(s, tc_revolveTokens);
  432. TCase *tc_sendAsymmetricOPNMessage = tcase_create("Test sendAsymmetricOPNMessage function");
  433. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_funcs_called, teardown_funcs_called);
  434. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_key_sizes, teardown_key_sizes);
  435. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_secureChannel, teardown_secureChannel);
  436. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_withoutConnection);
  437. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_invalidParameters);
  438. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid);
  439. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone);
  440. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid);
  441. #ifdef UA_ENABLE_ENCRYPTION
  442. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign);
  443. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt);
  444. tcase_add_test(tc_sendAsymmetricOPNMessage,
  445. Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits);
  446. #endif
  447. suite_add_tcase(s, tc_sendAsymmetricOPNMessage);
  448. TCase *tc_sendSymmetricMessage = tcase_create("Test sendSymmetricMessage function");
  449. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_funcs_called, teardown_funcs_called);
  450. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_key_sizes, teardown_key_sizes);
  451. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_secureChannel, teardown_secureChannel);
  452. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage);
  453. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_invalidParameters);
  454. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeNone);
  455. #ifdef UA_ENABLE_ENCRYPTION
  456. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSign);
  457. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSignAndEncrypt);
  458. #endif
  459. suite_add_tcase(s, tc_sendSymmetricMessage);
  460. return s;
  461. }
  462. int
  463. main(void) {
  464. Suite *s = testSuite_SecureChannel();
  465. SRunner *sr = srunner_create(s);
  466. srunner_set_fork_status(sr, CK_NOFORK);
  467. srunner_run_all(sr, CK_NORMAL);
  468. int number_failed = srunner_ntests_failed(sr);
  469. srunner_free(sr);
  470. return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
  471. }