check_securechannel.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4. #include <stdio.h>
  5. #include <stdlib.h>
  6. #include <src_generated/ua_types_generated.h>
  7. #include <ua_types_encoding_binary.h>
  8. #include <src_generated/ua_transport_generated_encoding_binary.h>
  9. #include <src_generated/ua_transport_generated.h>
  10. #include <ua_types.h>
  11. #include <src_generated/ua_types_generated_encoding_binary.h>
  12. #include <ua_plugin_securitypolicy.h>
  13. #include <src_generated/ua_transport_generated_handling.h>
  14. #include "testing_networklayers.h"
  15. #include "testing_policy.h"
  16. #include "ua_securechannel.h"
  17. #include "check.h"
  18. #define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)(s)}
  19. // Some default testing sizes. Can be overwritten in testing functions.
  20. #define DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE 2
  21. #define DEFAULT_SYM_SIGNING_KEY_LENGTH 3
  22. #define DEFAULT_SYM_ENCRYPTION_KEY_LENGTH 5
  23. #define DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE 7
  24. #define DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE 11
  25. #define DEFAULT_SYM_SIGNATURE_SIZE 13
  26. #define DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE 256
  27. #define DEFAULT_ASYM_REMOTE_BLOCKSIZE 256
  28. UA_SecureChannel testChannel;
  29. UA_ByteString dummyCertificate = UA_BYTESTRING_STATIC("DUMMY CERTIFICATE DUMMY CERTIFICATE DUMMY CERTIFICATE");
  30. UA_SecurityPolicy dummyPolicy;
  31. UA_Connection testingConnection;
  32. UA_ByteString sentData;
  33. static funcs_called fCalled;
  34. static key_sizes keySizes;
  35. static void
  36. setup_secureChannel(void) {
  37. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  38. UA_SecureChannel_init(&testChannel, &dummyPolicy, &dummyCertificate);
  39. testingConnection = createDummyConnection(65535, &sentData);
  40. UA_Connection_attachSecureChannel(&testingConnection, &testChannel);
  41. testChannel.connection = &testingConnection;
  42. }
  43. static void
  44. teardown_secureChannel(void) {
  45. UA_SecureChannel_deleteMembersCleanup(&testChannel);
  46. dummyPolicy.deleteMembers(&dummyPolicy);
  47. testingConnection.close(&testingConnection);
  48. }
  49. static void
  50. setup_funcs_called(void) {
  51. memset(&fCalled, 0, sizeof(struct funcs_called));
  52. }
  53. static void
  54. teardown_funcs_called(void) {
  55. memset(&fCalled, 0, sizeof(struct funcs_called));
  56. }
  57. static void
  58. setup_key_sizes(void) {
  59. memset(&keySizes, 0, sizeof(struct key_sizes));
  60. keySizes.sym_sig_keyLen = DEFAULT_SYM_SIGNING_KEY_LENGTH;
  61. keySizes.sym_enc_blockSize = DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE;
  62. keySizes.sym_enc_keyLen = DEFAULT_SYM_ENCRYPTION_KEY_LENGTH;
  63. keySizes.sym_sig_size = DEFAULT_SYM_SIGNATURE_SIZE;
  64. keySizes.asym_lcl_sig_size = DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE;
  65. keySizes.asym_rmt_sig_size = DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE;
  66. keySizes.asym_rmt_ptext_blocksize = DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE;
  67. keySizes.asym_rmt_blocksize = DEFAULT_ASYM_REMOTE_BLOCKSIZE;
  68. keySizes.asym_rmt_enc_key_size = 2048;
  69. keySizes.asym_lcl_enc_key_size = 1024;
  70. }
  71. static void
  72. teardown_key_sizes(void) {
  73. memset(&keySizes, 0, sizeof(struct key_sizes));
  74. }
  75. START_TEST(SecureChannel_initAndDelete)
  76. {
  77. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  78. UA_StatusCode retval;
  79. UA_SecureChannel channel;
  80. retval = UA_SecureChannel_init(&channel, &dummyPolicy, &dummyCertificate);
  81. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected StatusCode to be good");
  82. ck_assert_msg(channel.state == UA_SECURECHANNELSTATE_FRESH, "Expected state to be fresh");
  83. ck_assert_msg(fCalled.newContext, "Expected newContext to have been called");
  84. ck_assert_msg(fCalled.makeCertificateThumbprint, "Expected makeCertificateThumbprint to have been called");
  85. ck_assert_msg(channel.securityPolicy == &dummyPolicy, "SecurityPolicy not set correctly");
  86. UA_SecureChannel_deleteMembersCleanup(&channel);
  87. ck_assert_msg(fCalled.deleteContext, "Expected deleteContext to have been called");
  88. dummyPolicy.deleteMembers(&dummyPolicy);
  89. }END_TEST
  90. START_TEST(SecureChannel_generateNewKeys)
  91. {
  92. UA_StatusCode retval = UA_SecureChannel_generateNewKeys(&testChannel);
  93. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected Statuscode to be good");
  94. ck_assert_msg(fCalled.generateKey, "Expected generateKey to have been called");
  95. ck_assert_msg(fCalled.setLocalSymEncryptingKey, "Expected setLocalSymEncryptingKey to have been called");
  96. ck_assert_msg(fCalled.setLocalSymSigningKey, "Expected setLocalSymSigningKey to have been called");
  97. ck_assert_msg(fCalled.setLocalSymIv, "Expected setLocalSymIv to have been called");
  98. ck_assert_msg(fCalled.setRemoteSymEncryptingKey, "Expected setRemoteSymEncryptingKey to have been called");
  99. ck_assert_msg(fCalled.setRemoteSymSigningKey, "Expected setRemoteSymSigningKey to have been called");
  100. ck_assert_msg(fCalled.setRemoteSymIv, "Expected setRemoteSymIv to have been called");
  101. }END_TEST
  102. START_TEST(SecureChannel_revolveTokens)
  103. {
  104. // Fake that no token was issued by setting 0
  105. testChannel.nextSecurityToken.tokenId = 0;
  106. UA_StatusCode retval = UA_SecureChannel_revolveTokens(&testChannel);
  107. ck_assert_msg(retval == UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN,
  108. "Expected failure because tokenId 0 signifies that no token was issued");
  109. // Fake an issued token by setting an id
  110. testChannel.nextSecurityToken.tokenId = 10;
  111. retval = UA_SecureChannel_revolveTokens(&testChannel);
  112. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to return GOOD");
  113. ck_assert_msg(fCalled.generateKey,
  114. "Expected generateKey to be called because new keys need to be generated,"
  115. "when switching to the next token.");
  116. UA_ChannelSecurityToken testToken;
  117. UA_ChannelSecurityToken_init(&testToken);
  118. ck_assert_msg(memcmp(&testChannel.nextSecurityToken, &testToken, sizeof(UA_ChannelSecurityToken)) == 0,
  119. "Expected the next securityToken to be freshly initialized");
  120. ck_assert_msg(testChannel.securityToken.tokenId == 10, "Expected token to have been copied");
  121. }END_TEST
  122. static void
  123. createDummyResponse(UA_OpenSecureChannelResponse *response) {
  124. UA_OpenSecureChannelResponse_init(response);
  125. memset(response, 0, sizeof(UA_OpenSecureChannelResponse));
  126. }
  127. START_TEST(SecureChannel_sendAsymmetricOPNMessage_withoutConnection)
  128. {
  129. UA_OpenSecureChannelResponse dummyResponse;
  130. createDummyResponse(&dummyResponse);
  131. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  132. // Remove connection to provoke error
  133. UA_Connection_detachSecureChannel(testChannel.connection);
  134. testChannel.connection = NULL;
  135. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  136. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  137. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure without a connection");
  138. }END_TEST
  139. START_TEST(SecureChannel_sendAsymmetricOPNMessage_invalidParameters)
  140. {
  141. UA_OpenSecureChannelResponse dummyResponse;
  142. createDummyResponse(&dummyResponse);
  143. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, NULL,
  144. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  145. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  146. retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse, NULL);
  147. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  148. }END_TEST
  149. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid)
  150. {
  151. // Configure our channel correctly for OPN messages and setup dummy message
  152. UA_OpenSecureChannelResponse dummyResponse;
  153. createDummyResponse(&dummyResponse);
  154. testChannel.securityMode = UA_MESSAGESECURITYMODE_INVALID;
  155. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  156. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  157. ck_assert_msg(retval == UA_STATUSCODE_BADSECURITYMODEREJECTED, "Expected SecurityMode rejected error");
  158. }
  159. END_TEST
  160. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone)
  161. {
  162. // Configure our channel correctly for OPN messages and setup dummy message
  163. UA_OpenSecureChannelResponse dummyResponse;
  164. createDummyResponse(&dummyResponse);
  165. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  166. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  167. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  168. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  169. ck_assert_msg(!fCalled.asym_enc, "Message encryption was called but should not have been");
  170. ck_assert_msg(!fCalled.asym_sign, "Message signing was called but should not have been");
  171. }
  172. END_TEST
  173. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign)
  174. {
  175. // Configure our channel correctly for OPN messages and setup dummy message
  176. UA_OpenSecureChannelResponse dummyResponse;
  177. createDummyResponse(&dummyResponse);
  178. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  179. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  180. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  181. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  182. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  183. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  184. }END_TEST
  185. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt)
  186. {
  187. // Configure our channel correctly for OPN messages and setup dummy message
  188. UA_OpenSecureChannelResponse dummyResponse;
  189. createDummyResponse(&dummyResponse);
  190. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  191. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  192. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  193. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  194. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  195. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  196. }END_TEST
  197. START_TEST(SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid)
  198. {
  199. UA_OpenSecureChannelResponse dummyResponse;
  200. createDummyResponse(&dummyResponse);
  201. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  202. UA_UInt32 requestId = UA_UInt32_random();
  203. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  204. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  205. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  206. size_t offset = 0;
  207. UA_SecureConversationMessageHeader header;
  208. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  209. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  210. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  211. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  212. "Expected the certificate to be equal to the one used by the secureChannel");
  213. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  214. &asymSecurityHeader.securityPolicyUri),
  215. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  216. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  217. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  218. &asymSecurityHeader.receiverCertificateThumbprint),
  219. "Expected receiverCertificateThumbprint to be equal to the one set in the secureChannel");
  220. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  221. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  222. }
  223. UA_SequenceHeader sequenceHeader;
  224. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  225. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  226. requestId,
  227. sequenceHeader.requestId);
  228. UA_NodeId original = UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  229. UA_NodeId requestTypeId;
  230. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  231. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  232. UA_OpenSecureChannelResponse sentResponse;
  233. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  234. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  235. "Expected the sent response to be equal to the one supplied to the send function");
  236. UA_Byte paddingByte = sentData.data[offset];
  237. size_t paddingSize = (size_t)paddingByte;
  238. for(size_t i = 0; i <= paddingSize; ++i) {
  239. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  240. "Expected padding byte %i to be %i but got value %i",
  241. i, paddingByte, sentData.data[offset + i]);
  242. }
  243. ck_assert_msg(sentData.data[offset + paddingSize + 1] == '*', "Expected first byte of signature");
  244. UA_SecureConversationMessageHeader_deleteMembers(&header);
  245. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  246. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  247. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  248. }
  249. END_TEST
  250. START_TEST(Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits)
  251. {
  252. keySizes.asym_rmt_enc_key_size = 4096;
  253. keySizes.asym_rmt_blocksize = 4096;
  254. keySizes.asym_rmt_ptext_blocksize = 4096;
  255. UA_OpenSecureChannelResponse dummyResponse;
  256. createDummyResponse(&dummyResponse);
  257. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  258. UA_UInt32 requestId = UA_UInt32_random();
  259. UA_StatusCode retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  260. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  261. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  262. size_t offset = 0;
  263. UA_SecureConversationMessageHeader header;
  264. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  265. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  266. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  267. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  268. "Expected the certificate to be equal to the one used by the secureChannel");
  269. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  270. &asymSecurityHeader.securityPolicyUri),
  271. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  272. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  273. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  274. &asymSecurityHeader.receiverCertificateThumbprint),
  275. "Expected receiverCertificateThumbprint to be equal to the one set in the secureChannel");
  276. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  277. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  278. }
  279. UA_SequenceHeader sequenceHeader;
  280. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  281. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  282. requestId,
  283. sequenceHeader.requestId);
  284. UA_NodeId original = UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  285. UA_NodeId requestTypeId;
  286. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  287. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  288. UA_OpenSecureChannelResponse sentResponse;
  289. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  290. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  291. "Expected the sent response to be equal to the one supplied to the send function");
  292. UA_Byte paddingByte = sentData.data[offset];
  293. UA_Byte extraPaddingByte = sentData.data[sentData.length - keySizes.asym_lcl_sig_size - 1];
  294. size_t paddingSize = (size_t)paddingByte;
  295. paddingSize |= extraPaddingByte << 8;
  296. for(size_t i = 0; i <= paddingSize; ++i) {
  297. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  298. "Expected padding byte %i to be %i but got value %i",
  299. i,
  300. paddingByte,
  301. sentData.data[offset + i]);
  302. }
  303. ck_assert_msg(sentData.data[offset + paddingSize + 1] == extraPaddingByte,
  304. "Expected extra padding byte to be %i but got %i",
  305. extraPaddingByte, sentData.data[offset + paddingSize + 1]);
  306. ck_assert_msg(sentData.data[offset + paddingSize + 2] == '*',
  307. "Expected first byte 42 of signature but got %i",
  308. sentData.data[offset + paddingSize + 2]);
  309. UA_SecureConversationMessageHeader_deleteMembers(&header);
  310. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  311. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  312. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  313. }END_TEST
  314. START_TEST(SecureChannel_sendSymmetricMessage)
  315. {
  316. // initialize dummy message
  317. UA_ReadRequest dummyMessage;
  318. UA_ReadRequest_init(&dummyMessage);
  319. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  320. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  321. &dummyMessage, &dummyType);
  322. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  323. // TODO: expand test
  324. }
  325. END_TEST
  326. START_TEST(SecureChannel_sendSymmetricMessage_modeNone)
  327. {
  328. // initialize dummy message
  329. UA_ReadRequest dummyMessage;
  330. UA_ReadRequest_init(&dummyMessage);
  331. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  332. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  333. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  334. &dummyMessage, &dummyType);
  335. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  336. ck_assert_msg(!fCalled.sym_sign, "Expected message to not have been signed");
  337. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  338. }
  339. END_TEST
  340. START_TEST(SecureChannel_sendSymmetricMessage_modeSign)
  341. {
  342. // initialize dummy message
  343. UA_ReadRequest dummyMessage;
  344. UA_ReadRequest_init(&dummyMessage);
  345. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  346. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  347. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  348. &dummyMessage, &dummyType);
  349. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  350. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  351. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  352. }
  353. END_TEST
  354. START_TEST(SecureChannel_sendSymmetricMessage_modeSignAndEncrypt)
  355. {
  356. // initialize dummy message
  357. UA_ReadRequest dummyMessage;
  358. UA_ReadRequest_init(&dummyMessage);
  359. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  360. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  361. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  362. &dummyMessage, &dummyType);
  363. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  364. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  365. ck_assert_msg(fCalled.sym_enc, "Expected message to have been encrypted");
  366. }
  367. END_TEST
  368. START_TEST(SecureChannel_sendSymmetricMessage_invalidParameters)
  369. {
  370. // initialize dummy message
  371. UA_ReadRequest dummyMessage;
  372. UA_ReadRequest_init(&dummyMessage);
  373. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  374. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(NULL, 42, UA_MESSAGETYPE_MSG,
  375. &dummyMessage, &dummyType);
  376. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  377. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_HEL, &dummyMessage, &dummyType);
  378. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  379. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_ACK, &dummyMessage, &dummyType);
  380. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  381. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_ERR, &dummyMessage, &dummyType);
  382. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  383. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_OPN, &dummyMessage, &dummyType);
  384. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  385. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG, NULL, &dummyType);
  386. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  387. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG, &dummyMessage, NULL);
  388. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  389. }
  390. END_TEST
  391. static Suite *
  392. testSuite_SecureChannel(void) {
  393. Suite *s = suite_create("SecureChannel");
  394. TCase *tc_initAndDelete = tcase_create("Initialize and delete Securechannel");
  395. tcase_add_checked_fixture(tc_initAndDelete, setup_funcs_called, teardown_funcs_called);
  396. tcase_add_checked_fixture(tc_initAndDelete, setup_key_sizes, teardown_key_sizes);
  397. tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete);
  398. suite_add_tcase(s, tc_initAndDelete);
  399. TCase *tc_generateNewKeys = tcase_create("Test generateNewKeys function");
  400. tcase_add_checked_fixture(tc_generateNewKeys, setup_funcs_called, teardown_funcs_called);
  401. tcase_add_checked_fixture(tc_generateNewKeys, setup_key_sizes, teardown_key_sizes);
  402. tcase_add_checked_fixture(tc_generateNewKeys, setup_secureChannel, teardown_secureChannel);
  403. tcase_add_test(tc_generateNewKeys, SecureChannel_generateNewKeys);
  404. suite_add_tcase(s, tc_generateNewKeys);
  405. TCase *tc_revolveTokens = tcase_create("Test revolveTokens function");
  406. tcase_add_checked_fixture(tc_revolveTokens, setup_funcs_called, teardown_funcs_called);
  407. tcase_add_checked_fixture(tc_revolveTokens, setup_key_sizes, teardown_key_sizes);
  408. tcase_add_checked_fixture(tc_revolveTokens, setup_secureChannel, teardown_secureChannel);
  409. tcase_add_test(tc_revolveTokens, SecureChannel_revolveTokens);
  410. suite_add_tcase(s, tc_revolveTokens);
  411. TCase *tc_sendAsymmetricOPNMessage = tcase_create("Test sendAsymmetricOPNMessage function");
  412. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_funcs_called, teardown_funcs_called);
  413. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_key_sizes, teardown_key_sizes);
  414. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_secureChannel, teardown_secureChannel);
  415. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_withoutConnection);
  416. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_invalidParameters);
  417. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid);
  418. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone);
  419. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign);
  420. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt);
  421. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid);
  422. tcase_add_test(tc_sendAsymmetricOPNMessage,
  423. Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits);
  424. suite_add_tcase(s, tc_sendAsymmetricOPNMessage);
  425. TCase *tc_sendSymmetricMessage = tcase_create("Test sendSymmetricMessage function");
  426. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_funcs_called, teardown_funcs_called);
  427. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_key_sizes, teardown_key_sizes);
  428. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_secureChannel, teardown_secureChannel);
  429. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage);
  430. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_invalidParameters);
  431. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeNone);
  432. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSign);
  433. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSignAndEncrypt);
  434. suite_add_tcase(s, tc_sendSymmetricMessage);
  435. return s;
  436. }
  437. int
  438. main(void) {
  439. Suite *s = testSuite_SecureChannel();
  440. SRunner *sr = srunner_create(s);
  441. srunner_set_fork_status(sr, CK_NOFORK);
  442. srunner_run_all(sr, CK_NORMAL);
  443. int number_failed = srunner_ntests_failed(sr);
  444. srunner_free(sr);
  445. return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
  446. }