[Openvpn-devel,3/3] Add unit test for cipher name translations

Message ID 20200605112519.22714-3-arne@rfc2549.org
State Accepted
Headers show
Series
  • [Openvpn-devel,1/3] Make cipher_kt_name always return normalised cipher name
Related show

Commit Message

Arne Schwabe June 5, 2020, 11:25 a.m.
The unit test duplicates some part of the test for
the ncp-cipher list but that is not a bad thing.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 tests/unit_tests/openvpn/test_crypto.c | 68 ++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

Comments

Gert Doering June 21, 2020, 8:42 a.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

"It works"...

[==========] Running 2 test(s).
[ RUN      ] crypto_pem_encode_decode_loopback
[       OK ] crypto_pem_encode_decode_loopback
[ RUN      ] crypto_translate_cipher_names
[       OK ] crypto_translate_cipher_names
[==========] 2 test(s) run.
[  PASSED  ] 2 test(s).
PASS: crypto_testdriver


Tested on:

  Linux with mbedTLS 2.22.0-r1
  Linux with OpenSSL 1.1.1
  FreeBSD 11.3 with OpenSSL 1.0.2s
  FreeBSD 12.1 with OpenSSL 1.1.1d

Your patch has been applied to the master branch.

commit 3bc12aefd571ab24543cff4cba2f0e25d3268941
Author: Arne Schwabe
Date:   Fri Jun 5 13:25:19 2020 +0200

     Add unit test for cipher name translations

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20200605112519.22714-3-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19968.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c
index fdf814de..ea9b99b2 100644
--- a/tests/unit_tests/openvpn/test_crypto.c
+++ b/tests/unit_tests/openvpn/test_crypto.c
@@ -69,11 +69,79 @@  crypto_pem_encode_decode_loopback(void **state)
     gc_free(&gc);
 }
 
+static void
+test_translate_cipher(const char *ciphername, const char *openvpn_name)
+{
+    const cipher_kt_t *cipher = cipher_kt_get(ciphername);
+
+    /* Empty cipher is fine */
+    if (!cipher)
+    {
+        return;
+    }
+
+    const char *kt_name = cipher_kt_name(cipher);
+
+    assert_string_equal(kt_name, openvpn_name);
+}
+
+static void
+test_cipher_names(const char *ciphername, const char *openvpn_name)
+{
+    struct gc_arena gc = gc_new();
+    /* Go through some variants, if the cipher library accepts these, they
+     * should be normalised to the openvpn name */
+    char *upper = string_alloc(ciphername, &gc);
+    char *lower = string_alloc(ciphername, &gc);
+    char *random_case = string_alloc(ciphername, &gc);
+
+    for (int i = 0; i < strlen(ciphername); i++)
+    {
+        upper[i] = toupper(ciphername[i]);
+        lower[i] = tolower(ciphername[i]);
+        if (rand() & 0x1)
+        {
+            random_case[i] = upper[i];
+        }
+        else
+        {
+            random_case[i] = lower[i];
+        }
+    }
+
+    if (!openvpn_name)
+    {
+        openvpn_name = upper;
+    }
+
+    test_translate_cipher(upper, openvpn_name);
+    test_translate_cipher(lower, openvpn_name);
+    test_translate_cipher(random_case, openvpn_name);
+    test_translate_cipher(ciphername, openvpn_name);
+
+
+    gc_free(&gc);
+}
+
+static void
+crypto_translate_cipher_names(void **state)
+{
+    /* Test that a number of ciphers to see that they turn out correctly */
+    test_cipher_names("BF-CBC", NULL);
+    test_cipher_names("BLOWFISH-CBC", "BF-CBC");
+    test_cipher_names("Chacha20-Poly1305", NULL);
+    test_cipher_names("AES-128-GCM", NULL);
+    test_cipher_names("AES-128-CBC", NULL);
+    test_cipher_names("CAMELLIA-128-CFB128", "CAMELLIA-128-CFB");
+    test_cipher_names("id-aes256-GCM", "AES-256-GCM");
+}
+
 int
 main(void)
 {
     const struct CMUnitTest tests[] = {
         cmocka_unit_test(crypto_pem_encode_decode_loopback),
+        cmocka_unit_test(crypto_translate_cipher_names),
     };
 
 #if defined(ENABLE_CRYPTO_OPENSSL)