check_securechannel.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4. #include <ua_types.h>
  5. #include <ua_plugin_securitypolicy.h>
  6. #include <ua_types_encoding_binary.h>
  7. #include <src_generated/ua_types_generated.h>
  8. #include <src_generated/ua_transport_generated_encoding_binary.h>
  9. #include <src_generated/ua_transport_generated.h>
  10. #include <src_generated/ua_types_generated_encoding_binary.h>
  11. #include <src_generated/ua_transport_generated_handling.h>
  12. #include "testing_networklayers.h"
  13. #include "testing_policy.h"
  14. #include "ua_securechannel.h"
  15. #include "check.h"
  16. #define UA_BYTESTRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)(s)}
  17. // Some default testing sizes. Can be overwritten in testing functions.
  18. #define DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE 2
  19. #define DEFAULT_SYM_SIGNING_KEY_LENGTH 3
  20. #define DEFAULT_SYM_ENCRYPTION_KEY_LENGTH 5
  21. #define DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE 7
  22. #define DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE 11
  23. #define DEFAULT_SYM_SIGNATURE_SIZE 13
  24. #define DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE 256
  25. #define DEFAULT_ASYM_REMOTE_BLOCKSIZE 256
  26. UA_SecureChannel testChannel;
  27. UA_ByteString dummyCertificate =
  28. UA_BYTESTRING_STATIC("DUMMY CERTIFICATE DUMMY CERTIFICATE DUMMY CERTIFICATE");
  29. UA_SecurityPolicy dummyPolicy;
  30. UA_Connection testingConnection;
  31. UA_ByteString sentData;
  32. static funcs_called fCalled;
  33. static key_sizes keySizes;
  34. static void
  35. setup_secureChannel(void) {
  36. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  37. UA_SecureChannel_init(&testChannel);
  38. UA_SecureChannel_setSecurityPolicy(&testChannel, &dummyPolicy, &dummyCertificate);
  39. testingConnection = createDummyConnection(65535, &sentData);
  40. UA_Connection_attachSecureChannel(&testingConnection, &testChannel);
  41. testChannel.connection = &testingConnection;
  42. }
  43. static void
  44. teardown_secureChannel(void) {
  45. UA_SecureChannel_close(&testChannel);
  46. UA_SecureChannel_deleteMembers(&testChannel);
  47. dummyPolicy.deleteMembers(&dummyPolicy);
  48. testingConnection.close(&testingConnection);
  49. }
  50. static void
  51. setup_funcs_called(void) {
  52. memset(&fCalled, 0, sizeof(struct funcs_called));
  53. }
  54. static void
  55. teardown_funcs_called(void) {
  56. memset(&fCalled, 0, sizeof(struct funcs_called));
  57. }
  58. static void
  59. setup_key_sizes(void) {
  60. memset(&keySizes, 0, sizeof(struct key_sizes));
  61. keySizes.sym_sig_keyLen = DEFAULT_SYM_SIGNING_KEY_LENGTH;
  62. keySizes.sym_enc_blockSize = DEFAULT_SYM_ENCRYPTION_BLOCK_SIZE;
  63. keySizes.sym_enc_keyLen = DEFAULT_SYM_ENCRYPTION_KEY_LENGTH;
  64. keySizes.sym_sig_size = DEFAULT_SYM_SIGNATURE_SIZE;
  65. keySizes.asym_lcl_sig_size = DEFAULT_ASYM_LOCAL_SIGNATURE_SIZE;
  66. keySizes.asym_rmt_sig_size = DEFAULT_ASYM_REMOTE_SIGNATURE_SIZE;
  67. keySizes.asym_rmt_ptext_blocksize = DEFAULT_ASYM_REMOTE_PLAINTEXT_BLOCKSIZE;
  68. keySizes.asym_rmt_blocksize = DEFAULT_ASYM_REMOTE_BLOCKSIZE;
  69. keySizes.asym_rmt_enc_key_size = 2048;
  70. keySizes.asym_lcl_enc_key_size = 1024;
  71. }
  72. static void
  73. teardown_key_sizes(void) {
  74. memset(&keySizes, 0, sizeof(struct key_sizes));
  75. }
  76. START_TEST(SecureChannel_initAndDelete) {
  77. TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes);
  78. UA_StatusCode retval;
  79. UA_SecureChannel channel;
  80. UA_SecureChannel_init(&channel);
  81. retval = UA_SecureChannel_setSecurityPolicy(&channel, &dummyPolicy, &dummyCertificate);
  82. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected StatusCode to be good");
  83. ck_assert_msg(channel.state == UA_SECURECHANNELSTATE_FRESH, "Expected state to be fresh");
  84. ck_assert_msg(fCalled.newContext, "Expected newContext to have been called");
  85. ck_assert_msg(fCalled.makeCertificateThumbprint,
  86. "Expected makeCertificateThumbprint to have been called");
  87. ck_assert_msg(channel.securityPolicy == &dummyPolicy, "SecurityPolicy not set correctly");
  88. UA_SecureChannel_close(&channel);
  89. UA_SecureChannel_deleteMembers(&channel);
  90. ck_assert_msg(fCalled.deleteContext, "Expected deleteContext to have been called");
  91. dummyPolicy.deleteMembers(&dummyPolicy);
  92. }END_TEST
  93. START_TEST(SecureChannel_generateNewKeys) {
  94. UA_StatusCode retval = UA_SecureChannel_generateNewKeys(&testChannel);
  95. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected Statuscode to be good");
  96. ck_assert_msg(fCalled.generateKey, "Expected generateKey to have been called");
  97. ck_assert_msg(fCalled.setLocalSymEncryptingKey,
  98. "Expected setLocalSymEncryptingKey to have been called");
  99. ck_assert_msg(fCalled.setLocalSymSigningKey,
  100. "Expected setLocalSymSigningKey to have been called");
  101. ck_assert_msg(fCalled.setLocalSymIv, "Expected setLocalSymIv to have been called");
  102. ck_assert_msg(fCalled.setRemoteSymEncryptingKey,
  103. "Expected setRemoteSymEncryptingKey to have been called");
  104. ck_assert_msg(fCalled.setRemoteSymSigningKey,
  105. "Expected setRemoteSymSigningKey to have been called");
  106. ck_assert_msg(fCalled.setRemoteSymIv, "Expected setRemoteSymIv to have been called");
  107. }END_TEST
  108. START_TEST(SecureChannel_revolveTokens) {
  109. // Fake that no token was issued by setting 0
  110. testChannel.nextSecurityToken.tokenId = 0;
  111. UA_StatusCode retval = UA_SecureChannel_revolveTokens(&testChannel);
  112. ck_assert_msg(retval == UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN,
  113. "Expected failure because tokenId 0 signifies that no token was issued");
  114. // Fake an issued token by setting an id
  115. testChannel.nextSecurityToken.tokenId = 10;
  116. retval = UA_SecureChannel_revolveTokens(&testChannel);
  117. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to return GOOD");
  118. ck_assert_msg(fCalled.generateKey,
  119. "Expected generateKey to be called because new keys need to be generated,"
  120. "when switching to the next token.");
  121. UA_ChannelSecurityToken testToken;
  122. UA_ChannelSecurityToken_init(&testToken);
  123. ck_assert_msg(memcmp(&testChannel.nextSecurityToken, &testToken,
  124. sizeof(UA_ChannelSecurityToken)) == 0,
  125. "Expected the next securityToken to be freshly initialized");
  126. ck_assert_msg(testChannel.securityToken.tokenId == 10, "Expected token to have been copied");
  127. }END_TEST
  128. static void
  129. createDummyResponse(UA_OpenSecureChannelResponse *response) {
  130. UA_OpenSecureChannelResponse_init(response);
  131. memset(response, 0, sizeof(UA_OpenSecureChannelResponse));
  132. }
  133. START_TEST(SecureChannel_sendAsymmetricOPNMessage_withoutConnection) {
  134. UA_OpenSecureChannelResponse dummyResponse;
  135. createDummyResponse(&dummyResponse);
  136. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  137. // Remove connection to provoke error
  138. UA_Connection_detachSecureChannel(testChannel.connection);
  139. testChannel.connection = NULL;
  140. UA_StatusCode retval =
  141. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  142. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  143. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure without a connection");
  144. }END_TEST
  145. START_TEST(SecureChannel_sendAsymmetricOPNMessage_invalidParameters) {
  146. UA_OpenSecureChannelResponse dummyResponse;
  147. createDummyResponse(&dummyResponse);
  148. UA_StatusCode retval =
  149. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, NULL,
  150. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  151. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  152. retval = UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse, NULL);
  153. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  154. }END_TEST
  155. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid) {
  156. // Configure our channel correctly for OPN messages and setup dummy message
  157. UA_OpenSecureChannelResponse dummyResponse;
  158. createDummyResponse(&dummyResponse);
  159. testChannel.securityMode = UA_MESSAGESECURITYMODE_INVALID;
  160. UA_StatusCode retval =
  161. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  162. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  163. ck_assert_msg(retval == UA_STATUSCODE_BADSECURITYMODEREJECTED,
  164. "Expected SecurityMode rejected error");
  165. }
  166. END_TEST
  167. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone) {
  168. // Configure our channel correctly for OPN messages and setup dummy message
  169. UA_OpenSecureChannelResponse dummyResponse;
  170. createDummyResponse(&dummyResponse);
  171. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  172. UA_StatusCode retval =
  173. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  174. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  175. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  176. ck_assert_msg(!fCalled.asym_enc, "Message encryption was called but should not have been");
  177. ck_assert_msg(!fCalled.asym_sign, "Message signing was called but should not have been");
  178. }
  179. END_TEST
  180. #ifdef UA_ENABLE_ENCRYPTION
  181. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign) {
  182. // Configure our channel correctly for OPN messages and setup dummy message
  183. UA_OpenSecureChannelResponse dummyResponse;
  184. createDummyResponse(&dummyResponse);
  185. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  186. UA_StatusCode retval =
  187. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  188. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  189. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  190. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  191. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  192. }END_TEST
  193. START_TEST(SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt) {
  194. // Configure our channel correctly for OPN messages and setup dummy message
  195. UA_OpenSecureChannelResponse dummyResponse;
  196. createDummyResponse(&dummyResponse);
  197. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  198. UA_StatusCode retval =
  199. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, 42, &dummyResponse,
  200. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  201. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  202. ck_assert_msg(fCalled.asym_enc, "Expected message to have been encrypted but it was not");
  203. ck_assert_msg(fCalled.asym_sign, "Expected message to have been signed but it was not");
  204. }END_TEST
  205. #endif /* UA_ENABLE_ENCRYPTION */
  206. START_TEST(SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid) {
  207. UA_OpenSecureChannelResponse dummyResponse;
  208. createDummyResponse(&dummyResponse);
  209. /* Enable encryption for the SecureChannel */
  210. #ifdef UA_ENABLE_ENCRYPTION
  211. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  212. #else
  213. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  214. #endif
  215. UA_UInt32 requestId = UA_UInt32_random();
  216. UA_StatusCode retval =
  217. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  218. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  219. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  220. size_t offset = 0;
  221. UA_SecureConversationMessageHeader header;
  222. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  223. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  224. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  225. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  226. &asymSecurityHeader.securityPolicyUri),
  227. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  228. #ifdef UA_ENABLE_ENCRYPTION
  229. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  230. "Expected the certificate to be equal to the one used by the secureChannel");
  231. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  232. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  233. &asymSecurityHeader.receiverCertificateThumbprint),
  234. "Expected receiverCertificateThumbprint to be equal to the one set "
  235. "in the secureChannel");
  236. /* Dummy encryption */
  237. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  238. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  239. }
  240. #endif
  241. UA_SequenceHeader sequenceHeader;
  242. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  243. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  244. requestId,
  245. sequenceHeader.requestId);
  246. UA_NodeId original =
  247. UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  248. UA_NodeId requestTypeId;
  249. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  250. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  251. UA_OpenSecureChannelResponse sentResponse;
  252. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  253. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  254. "Expected the sent response to be equal to the one supplied to the send function");
  255. #ifdef UA_ENABLE_ENCRYPTION
  256. UA_Byte paddingByte = sentData.data[offset];
  257. size_t paddingSize = (size_t)paddingByte;
  258. for(size_t i = 0; i <= paddingSize; ++i) {
  259. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  260. "Expected padding byte %i to be %i but got value %i",
  261. i, paddingByte, sentData.data[offset + i]);
  262. }
  263. ck_assert_msg(sentData.data[offset + paddingSize + 1] == '*', "Expected first byte of signature");
  264. #endif
  265. UA_SecureConversationMessageHeader_deleteMembers(&header);
  266. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  267. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  268. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  269. } END_TEST
  270. #ifdef UA_ENABLE_ENCRYPTION
  271. START_TEST(Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits) {
  272. keySizes.asym_rmt_enc_key_size = 4096;
  273. keySizes.asym_rmt_blocksize = 4096;
  274. keySizes.asym_rmt_ptext_blocksize = 4096;
  275. UA_OpenSecureChannelResponse dummyResponse;
  276. createDummyResponse(&dummyResponse);
  277. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  278. UA_UInt32 requestId = UA_UInt32_random();
  279. UA_StatusCode retval =
  280. UA_SecureChannel_sendAsymmetricOPNMessage(&testChannel, requestId, &dummyResponse,
  281. &UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE]);
  282. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected function to succeed");
  283. size_t offset = 0;
  284. UA_SecureConversationMessageHeader header;
  285. UA_SecureConversationMessageHeader_decodeBinary(&sentData, &offset, &header);
  286. UA_AsymmetricAlgorithmSecurityHeader asymSecurityHeader;
  287. UA_AsymmetricAlgorithmSecurityHeader_decodeBinary(&sentData, &offset, &asymSecurityHeader);
  288. ck_assert_msg(UA_ByteString_equal(&dummyCertificate, &asymSecurityHeader.senderCertificate),
  289. "Expected the certificate to be equal to the one used by the secureChannel");
  290. ck_assert_msg(UA_ByteString_equal(&testChannel.securityPolicy->policyUri,
  291. &asymSecurityHeader.securityPolicyUri),
  292. "Expected securityPolicyUri to be equal to the one used by the secureChannel");
  293. UA_ByteString thumbPrint = {20, testChannel.remoteCertificateThumbprint};
  294. ck_assert_msg(UA_ByteString_equal(&thumbPrint,
  295. &asymSecurityHeader.receiverCertificateThumbprint),
  296. "Expected receiverCertificateThumbprint to be equal to the one set "
  297. "in the secureChannel");
  298. for(size_t i = offset; i < header.messageHeader.messageSize; ++i) {
  299. sentData.data[i] = (UA_Byte)((sentData.data[i] - 1) % (UA_BYTE_MAX + 1));
  300. }
  301. UA_SequenceHeader sequenceHeader;
  302. UA_SequenceHeader_decodeBinary(&sentData, &offset, &sequenceHeader);
  303. ck_assert_msg(sequenceHeader.requestId == requestId, "Expected requestId to be %i but was %i",
  304. requestId, sequenceHeader.requestId);
  305. UA_NodeId original =
  306. UA_NODEID_NUMERIC(0, UA_TYPES[UA_TYPES_OPENSECURECHANNELRESPONSE].binaryEncodingId);
  307. UA_NodeId requestTypeId;
  308. UA_NodeId_decodeBinary(&sentData, &offset, &requestTypeId);
  309. ck_assert_msg(UA_NodeId_equal(&original, &requestTypeId), "Expected nodeIds to be equal");
  310. UA_OpenSecureChannelResponse sentResponse;
  311. UA_OpenSecureChannelResponse_decodeBinary(&sentData, &offset, &sentResponse);
  312. ck_assert_msg(memcmp(&sentResponse, &dummyResponse, sizeof(UA_OpenSecureChannelResponse)) == 0,
  313. "Expected the sent response to be equal to the one supplied to the send function");
  314. UA_Byte paddingByte = sentData.data[offset];
  315. UA_Byte extraPaddingByte = sentData.data[sentData.length - keySizes.asym_lcl_sig_size - 1];
  316. size_t paddingSize = (size_t)paddingByte;
  317. paddingSize |= extraPaddingByte << 8;
  318. for(size_t i = 0; i <= paddingSize; ++i) {
  319. ck_assert_msg(sentData.data[offset + i] == paddingByte,
  320. "Expected padding byte %i to be %i but got value %i",
  321. i,
  322. paddingByte,
  323. sentData.data[offset + i]);
  324. }
  325. ck_assert_msg(sentData.data[offset + paddingSize + 1] == extraPaddingByte,
  326. "Expected extra padding byte to be %i but got %i",
  327. extraPaddingByte, sentData.data[offset + paddingSize + 1]);
  328. ck_assert_msg(sentData.data[offset + paddingSize + 2] == '*',
  329. "Expected first byte 42 of signature but got %i",
  330. sentData.data[offset + paddingSize + 2]);
  331. UA_SecureConversationMessageHeader_deleteMembers(&header);
  332. UA_AsymmetricAlgorithmSecurityHeader_deleteMembers(&asymSecurityHeader);
  333. UA_SequenceHeader_deleteMembers(&sequenceHeader);
  334. UA_OpenSecureChannelResponse_deleteMembers(&sentResponse);
  335. }END_TEST
  336. #endif /* UA_ENABLE_ENCRYPTION */
  337. START_TEST(SecureChannel_sendSymmetricMessage) {
  338. // initialize dummy message
  339. UA_ReadRequest dummyMessage;
  340. UA_ReadRequest_init(&dummyMessage);
  341. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  342. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  343. &dummyMessage, &dummyType);
  344. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  345. // TODO: expand test
  346. }
  347. END_TEST
  348. START_TEST(SecureChannel_sendSymmetricMessage_modeNone) {
  349. // initialize dummy message
  350. UA_ReadRequest dummyMessage;
  351. UA_ReadRequest_init(&dummyMessage);
  352. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  353. testChannel.securityMode = UA_MESSAGESECURITYMODE_NONE;
  354. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  355. &dummyMessage, &dummyType);
  356. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  357. ck_assert_msg(!fCalled.sym_sign, "Expected message to not have been signed");
  358. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  359. } END_TEST
  360. #ifdef UA_ENABLE_ENCRYPTION
  361. START_TEST(SecureChannel_sendSymmetricMessage_modeSign) {
  362. // initialize dummy message
  363. UA_ReadRequest dummyMessage;
  364. UA_ReadRequest_init(&dummyMessage);
  365. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  366. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGN;
  367. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  368. &dummyMessage, &dummyType);
  369. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  370. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  371. ck_assert_msg(!fCalled.sym_enc, "Expected message to not have been encrypted");
  372. } END_TEST
  373. START_TEST(SecureChannel_sendSymmetricMessage_modeSignAndEncrypt)
  374. {
  375. // initialize dummy message
  376. UA_ReadRequest dummyMessage;
  377. UA_ReadRequest_init(&dummyMessage);
  378. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  379. testChannel.securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
  380. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42, UA_MESSAGETYPE_MSG,
  381. &dummyMessage, &dummyType);
  382. ck_assert_msg(retval == UA_STATUSCODE_GOOD, "Expected success");
  383. ck_assert_msg(fCalled.sym_sign, "Expected message to have been signed");
  384. ck_assert_msg(fCalled.sym_enc, "Expected message to have been encrypted");
  385. } END_TEST
  386. #endif /* UA_ENABLE_ENCRYPTION */
  387. START_TEST(SecureChannel_sendSymmetricMessage_invalidParameters) {
  388. // initialize dummy message
  389. UA_ReadRequest dummyMessage;
  390. UA_ReadRequest_init(&dummyMessage);
  391. UA_DataType dummyType = UA_TYPES[UA_TYPES_READREQUEST];
  392. UA_StatusCode retval = UA_SecureChannel_sendSymmetricMessage(NULL, 42, UA_MESSAGETYPE_MSG,
  393. &dummyMessage, &dummyType);
  394. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  395. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  396. UA_MESSAGETYPE_HEL, &dummyMessage, &dummyType);
  397. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  398. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  399. UA_MESSAGETYPE_ACK, &dummyMessage, &dummyType);
  400. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  401. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  402. UA_MESSAGETYPE_ERR, &dummyMessage, &dummyType);
  403. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  404. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  405. UA_MESSAGETYPE_OPN, &dummyMessage, &dummyType);
  406. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  407. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  408. UA_MESSAGETYPE_MSG, NULL, &dummyType);
  409. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  410. retval = UA_SecureChannel_sendSymmetricMessage(&testChannel, 42,
  411. UA_MESSAGETYPE_MSG, &dummyMessage, NULL);
  412. ck_assert_msg(retval != UA_STATUSCODE_GOOD, "Expected failure");
  413. } END_TEST
  414. static Suite *
  415. testSuite_SecureChannel(void) {
  416. Suite *s = suite_create("SecureChannel");
  417. TCase *tc_initAndDelete = tcase_create("Initialize and delete Securechannel");
  418. tcase_add_checked_fixture(tc_initAndDelete, setup_funcs_called, teardown_funcs_called);
  419. tcase_add_checked_fixture(tc_initAndDelete, setup_key_sizes, teardown_key_sizes);
  420. tcase_add_test(tc_initAndDelete, SecureChannel_initAndDelete);
  421. suite_add_tcase(s, tc_initAndDelete);
  422. TCase *tc_generateNewKeys = tcase_create("Test generateNewKeys function");
  423. tcase_add_checked_fixture(tc_generateNewKeys, setup_funcs_called, teardown_funcs_called);
  424. tcase_add_checked_fixture(tc_generateNewKeys, setup_key_sizes, teardown_key_sizes);
  425. tcase_add_checked_fixture(tc_generateNewKeys, setup_secureChannel, teardown_secureChannel);
  426. tcase_add_test(tc_generateNewKeys, SecureChannel_generateNewKeys);
  427. suite_add_tcase(s, tc_generateNewKeys);
  428. TCase *tc_revolveTokens = tcase_create("Test revolveTokens function");
  429. tcase_add_checked_fixture(tc_revolveTokens, setup_funcs_called, teardown_funcs_called);
  430. tcase_add_checked_fixture(tc_revolveTokens, setup_key_sizes, teardown_key_sizes);
  431. tcase_add_checked_fixture(tc_revolveTokens, setup_secureChannel, teardown_secureChannel);
  432. tcase_add_test(tc_revolveTokens, SecureChannel_revolveTokens);
  433. suite_add_tcase(s, tc_revolveTokens);
  434. TCase *tc_sendAsymmetricOPNMessage = tcase_create("Test sendAsymmetricOPNMessage function");
  435. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_funcs_called, teardown_funcs_called);
  436. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_key_sizes, teardown_key_sizes);
  437. tcase_add_checked_fixture(tc_sendAsymmetricOPNMessage, setup_secureChannel, teardown_secureChannel);
  438. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_withoutConnection);
  439. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_invalidParameters);
  440. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeInvalid);
  441. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeNone);
  442. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_sentDataIsValid);
  443. #ifdef UA_ENABLE_ENCRYPTION
  444. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSign);
  445. tcase_add_test(tc_sendAsymmetricOPNMessage, SecureChannel_sendAsymmetricOPNMessage_SecurityModeSignAndEncrypt);
  446. tcase_add_test(tc_sendAsymmetricOPNMessage,
  447. Securechannel_sendAsymmetricOPNMessage_extraPaddingPresentWhenKeyLargerThan2048Bits);
  448. #endif
  449. suite_add_tcase(s, tc_sendAsymmetricOPNMessage);
  450. TCase *tc_sendSymmetricMessage = tcase_create("Test sendSymmetricMessage function");
  451. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_funcs_called, teardown_funcs_called);
  452. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_key_sizes, teardown_key_sizes);
  453. tcase_add_checked_fixture(tc_sendSymmetricMessage, setup_secureChannel, teardown_secureChannel);
  454. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage);
  455. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_invalidParameters);
  456. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeNone);
  457. #ifdef UA_ENABLE_ENCRYPTION
  458. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSign);
  459. tcase_add_test(tc_sendSymmetricMessage, SecureChannel_sendSymmetricMessage_modeSignAndEncrypt);
  460. #endif
  461. suite_add_tcase(s, tc_sendSymmetricMessage);
  462. return s;
  463. }
  464. int
  465. main(void) {
  466. Suite *s = testSuite_SecureChannel();
  467. SRunner *sr = srunner_create(s);
  468. srunner_set_fork_status(sr, CK_NOFORK);
  469. srunner_run_all(sr, CK_NORMAL);
  470. int number_failed = srunner_ntests_failed(sr);
  471. srunner_free(sr);
  472. return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
  473. }