From patchwork Tue Oct 19 07:23:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2010 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id kIkcJGkNb2GyLwAAIUCqbw (envelope-from ) for ; Tue, 19 Oct 2021 14:24:41 -0400 Received: from proxy6.mail.ord1c.rsapps.net ([172.28.255.1]) by director13.mail.ord1d.rsapps.net with LMTP id 2J3tI2kNb2HVFAAA91zNiA (envelope-from ) for ; Tue, 19 Oct 2021 14:24:41 -0400 Received: from smtp7.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.ord1c.rsapps.net with LMTPS id uKh2I2kNb2EHGwAA9sKXow (envelope-from ) for ; Tue, 19 Oct 2021 14:24:41 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp7.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: d277360c-3109-11ec-84db-bc305bf04148-1-1 Received: from [216.105.38.7] ([216.105.38.7:33562] helo=lists.sourceforge.net) by smtp7.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 67/97-24080-86D0F616; Tue, 19 Oct 2021 14:24:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mctmG-0000rE-96; Tue, 19 Oct 2021 18:23:56 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mctmC-0000pq-Hq for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:23:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=AOB2u9rjuSAJgWj5jDt58qkHDUt6hvM7EOL/y6DbjdE=; b=KnJJx4nm2EFio4I7GJuJ91CME4 qxBkNm/i4rFUZAt3mILmujVrRUwSeLLE7VdqMI9Gweqqr0jQmaxNcvZuNiDuOp3A9Wwtgqrl6vMhp yAlyyObsO3G2gqvtZDk8Opa6luWnToEn+fpXepBpum+FFw+qHriHAoh715+0toJnDF5g=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=AOB2u9rjuSAJgWj5jDt58qkHDUt6hvM7EOL/y6DbjdE=; b=SSXtAkJsS2sVCrVMpLHvhFhI8k 9QoUVlFC2A6kQDdqEqVO/vKhq3M2Z6chr/4Awk9aNrPtMU4z6q57OauHerC18pTVOdE+bMjWN9pWE vtDCcYwbV7uM5ZDAV2hhApVsS8GJB/CQrrnAZDluXPEowKR024/5Ad1OsiXw7+VPuXOU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mctm1-0005Zc-DT for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:23:52 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mctlu-0008bF-0R for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 20:23:34 +0200 Received: (nullmailer pid 613259 invoked by uid 10006); Tue, 19 Oct 2021 18:23:34 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:23:23 +0200 Message-Id: <20211019182332.613155-19-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211019182332.613155-1-arne@rfc2549.org> References: <20211019182332.613155-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This just adds a very simple unit test to check that the HMAC implementation produces a well known hash. Signed-off-by: Arne Schwabe --- tests/unit_tests/openvpn/test_crypto.c | 61 +++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 7 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mctm1-0005Zc-DT Subject: [Openvpn-devel] [PATCH v2 14/16] Add small unit test for testing HMAC X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This just adds a very simple unit test to check that the HMAC implementation produces a well known hash. Signed-off-by: Arne Schwabe --- tests/unit_tests/openvpn/test_crypto.c | 61 +++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 7 deletions(-) diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 32063fc46..66f53a020 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -141,6 +141,11 @@ static uint8_t good_prf[32] = {0xd9, 0x8c, 0x85, 0x18, 0xc8, 0x5e, 0x94, 0x69, 0x27, 0x91, 0x6a, 0xcf, 0xc2, 0xd5, 0x92, 0xfb, 0xb1, 0x56, 0x7e, 0x4b, 0x4b, 0x14, 0x59, 0xe6, 0xa9, 0x04, 0xac, 0x2d, 0xda, 0xb7, 0x2d, 0x67}; + +static const char* ipsumlorem = "Lorem ipsum dolor sit amet, consectetur " + "adipisici elit, sed eiusmod tempor incidunt " + "ut labore et dolore magna aliqua."; + static void crypto_test_tls_prf(void **state) { @@ -150,12 +155,6 @@ crypto_test_tls_prf(void **state) const size_t seed_len = strlen(seedstr); - - - const char* ipsumlorem = "Lorem ipsum dolor sit amet, consectetur " - "adipisici elit, sed eiusmod tempor incidunt ut " - "labore et dolore magna aliqua."; - const unsigned char *secret = (const unsigned char *) ipsumlorem; size_t secret_len = strlen((const char *)secret); @@ -166,13 +165,61 @@ crypto_test_tls_prf(void **state) assert_memory_equal(good_prf, out, sizeof(out)); } +static uint8_t testkey[20] = {0x0b, 0x00}; +static uint8_t goodhash[20] = {0x58, 0xea, 0x5a, 0xf0, 0x42, 0x94, 0xe9, 0x17, + 0xed, 0x84, 0xb9, 0xf0, 0x83, 0x30, 0x23, 0xae, + 0x8b, 0xa7, 0x7e, 0xb8}; + +static void +crypto_test_hmac(void **state) +{ + hmac_ctx_t *hmac = hmac_ctx_new(); + const md_kt_t *sha1 = md_kt_get("SHA1"); + + assert_int_equal(md_kt_size(sha1), 20); + + uint8_t key[20]; + memcpy(key, testkey, sizeof(key)); + + hmac_ctx_init(hmac, key, 20, sha1); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + + uint8_t hash[20]; + hmac_ctx_final(hmac, hash); + + assert_memory_equal(hash, goodhash, sizeof(hash)); + memset(hash, 0x00, sizeof(hash)); + + /* try again */ + hmac_ctx_reset(hmac); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_final(hmac, hash); + + assert_memory_equal(hash, goodhash, sizeof(hash)); + + /* Fill our key with random data to ensure it is not used by hmac anymore */ + memset(key, 0x55, sizeof(key)); + + hmac_ctx_reset(hmac); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_final(hmac, hash); + + assert_memory_equal(hash, goodhash, sizeof(hash)); + hmac_ctx_cleanup(hmac); + hmac_ctx_free(hmac); +} + int main(void) { const struct CMUnitTest tests[] = { cmocka_unit_test(crypto_pem_encode_decode_loopback), cmocka_unit_test(crypto_translate_cipher_names), - cmocka_unit_test(crypto_test_tls_prf) + cmocka_unit_test(crypto_test_tls_prf), + cmocka_unit_test(crypto_test_hmac) }; #if defined(ENABLE_CRYPTO_OPENSSL)