Updated test cases, removed unused provider header file, removed unus…

…ed test

Signed-off-by: AssemblyJohn <[email protected]>

lib/evse_security/crypto/openssl/openssl_supplier.cpp

@@ -674,7 +674,6 @@ CertificateSignRequestResult OpenSSLSupplier::x509_generate_csr(const Certificat
 
     if (csr_info.key_info.generate_on_tpm) {
         provider.set_global_mode(OpenSSLProvider::mode_t::tpm2_provider);
-
     } else {
         provider.set_global_mode(OpenSSLProvider::mode_t::default_provider);
     }
@@ -693,12 +692,16 @@ CertificateSignRequestResult OpenSSLSupplier::x509_generate_csr(const Certificat
 
     if (false == X509_REQ_set_version(x509_req_ptr.get(), n_version)) {
         EVLOG_error << "Failed to set csr version!";
+        ERR_print_errors_fp(stderr);
+
         return CertificateSignRequestResult::VersioningError;
     }
 
     // set public key of x509 req
     if (false == X509_REQ_set_pubkey(x509_req_ptr.get(), key)) {
         EVLOG_error << "Failed to set csr pubkey!";
+        ERR_print_errors_fp(stderr);
+
         return CertificateSignRequestResult::PubkeyError;
     }
 
@@ -743,16 +746,18 @@ CertificateSignRequestResult OpenSSLSupplier::x509_generate_csr(const Certificat
 
     if (!result) {
         EVLOG_error << "Failed to add csr extensions!";
+        ERR_print_errors_fp(stderr);
+
         return CertificateSignRequestResult::ExtensionsError;
     }
 
     // sign the certificate with the private key
-    bool x509_signed = false;
-
-    x509_signed = X509_REQ_sign(x509_req_ptr.get(), key, EVP_sha256());
+    bool x509_signed = X509_REQ_sign(x509_req_ptr.get(), key, EVP_sha256());
 
     if (x509_signed == false) {
-        EVLOG_error << "Failed to sign csr!";
+        EVLOG_error << "Failed to sign csr with error!";
+        ERR_print_errors_fp(stderr);
+
         return CertificateSignRequestResult::SigningError;
     }
 

lib/evse_security/crypto/openssl/openssl_tpm.cpp

@@ -5,9 +5,7 @@
 
 #include <openssl/opensslv.h>
 
-#define USING_OPENSSL_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-
-#if USING_OPENSSL_3 && defined(USING_TPM2)
+#if USING_TPM2
 // OpenSSL3 without TPM will use the default provider anyway
 #include <openssl/err.h>
 #include <openssl/evp.h>

tests/openssl_supplier_test_tpm.cpp

@@ -33,6 +33,10 @@ TEST_F(OpenSSLSupplierTpmTest, generate_key_RSA_TPM20) {
 }
 
 TEST_F(OpenSSLSupplierTpmTest, generate_key_RSA_3072) {
+    // Enable this test manually only if your platform supports 3072 TPM keys
+    GTEST_SKIP() << "Skipping TPM2.0 GEN_RSA_3072 test since it is a non-spec value"
+                    "which probably will not be supported on many platforms!";
+
     KeyGenerationInfo info = {
         CryptoKeyType::RSA_3072, true, std::nullopt, std::nullopt, std::nullopt,
     };
@@ -71,7 +75,7 @@ TEST_F(OpenSSLSupplierTpmTest, x509_check_private_key) {
     auto cert = res_leaf[0].get();
     auto key = getFile("tpm_pki/server_priv.pem");
     auto res = OpenSSLSupplier::x509_check_private_key(cert, key, std::nullopt);
-    ASSERT_TRUE(res);
+    ASSERT_EQ(res, KeyValidationResult::Valid);
 }
 
 TEST_F(OpenSSLSupplierTpmTest, x509_verify_certificate_chain) {
@@ -87,9 +91,9 @@ TEST_F(OpenSSLSupplierTpmTest, x509_verify_certificate_chain) {
         parents.push_back(i.get());
     }
 
-    auto res = OpenSSLSupplier::x509_verify_certificate_chain(res_leaf[0].get(), parents, true, std::nullopt,
+    auto res = OpenSSLSupplier::x509_verify_certificate_chain(res_leaf[0].get(), parents, {}, true, std::nullopt,
                                                               "tpm_pki/root_cert.pem");
-    ASSERT_EQ(res, CertificateValidationError::NoError);
+    ASSERT_EQ(res, CertificateValidationResult::Valid);
 }
 
 TEST_F(OpenSSLSupplierTpmTest, x509_generate_csr) {
@@ -109,7 +113,7 @@ TEST_F(OpenSSLSupplierTpmTest, x509_generate_csr) {
     // std::cout << "tpm2 post: " << OSSL_PROVIDER_available(nullptr, "tpm2") << std::endl;
     // std::cout << "base post: " << OSSL_PROVIDER_available(nullptr, "base") << std::endl;
 
-    ASSERT_TRUE(res);
+    ASSERT_EQ(res, CertificateSignRequestResult::Valid);
     ASSERT_GT(csr.size(), 0);
 }