From patchwork Tue Oct 19 07:31:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2037 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 2FqWIjgPb2H6QgAAIUCqbw (envelope-from ) for ; Tue, 19 Oct 2021 14:32:24 -0400 Received: from proxy20.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id qJ6MIjgPb2EmGAAApN4f7A (envelope-from ) for ; Tue, 19 Oct 2021 14:32:24 -0400 Received: from smtp14.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.ord1d.rsapps.net with LMTPS id QNE6IjgPb2HScwAAsk8m8w (envelope-from ) for ; Tue, 19 Oct 2021 14:32:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp14.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e6ac10b0-310a-11ec-8347-bc305bf032e0-1-1 Received: from [216.105.38.7] ([216.105.38.7:55944] helo=lists.sourceforge.net) by smtp14.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 02/75-30613-73F0F616; Tue, 19 Oct 2021 14:32:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mcttj-0006a1-8D; Tue, 19 Oct 2021 18:31:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mcttg-0006YI-GM for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:31:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=AOB2u9rjuSAJgWj5jDt58qkHDUt6hvM7EOL/y6DbjdE=; b=nRQbNCt3S5n0VIx/dkfJI/aBwq mV/x2fTC8V8SXVyCK6ii2eCHZuBTYksBnwM3pV4b14TqCo1XjCYuErkENaysYBCtUeFKQsMVq0i7H g6+zy+afFdxdxh5fJsjionrghK1otabAaBCLRda2l5zF2MxhFvHxZAX7ZxBYoWZkjviA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=AOB2u9rjuSAJgWj5jDt58qkHDUt6hvM7EOL/y6DbjdE=; b=Yjf2XxoffLPVo+3Addug0dFx5O +TFyNNp0S7z0usc66rT7dGrEzdpSnfhTGomIdSN1YUNYJVAii2hkckHawbMABCK4PQz0fvugH6mhA 9dLdG6ZfyBB2u6Kccef6Y2fGst/ajwh7nWHYRCuPijuz57Unyk7Tvv1CtgqM1nGZ3BCA=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mcttf-006U0F-Dt for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:31:36 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mcttY-0008iR-DL for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 20:31:28 +0200 Received: (nullmailer pid 614274 invoked by uid 10006); Tue, 19 Oct 2021 18:31:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:23 +0200 Message-Id: <20211019183127.614175-18-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org> References: <20211019183127.614175-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This just adds a very simple unit test to check that the HMAC implementation produces a well known hash. Signed-off-by: Arne Schwabe --- tests/unit_tests/openvpn/test_crypto.c | 61 +++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 7 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mcttf-006U0F-Dt Subject: [Openvpn-devel] [PATCH v3 17/21] Add small unit test for testing HMAC X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This just adds a very simple unit test to check that the HMAC implementation produces a well known hash. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- tests/unit_tests/openvpn/test_crypto.c | 61 +++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 7 deletions(-) diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 32063fc46..66f53a020 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -141,6 +141,11 @@ static uint8_t good_prf[32] = {0xd9, 0x8c, 0x85, 0x18, 0xc8, 0x5e, 0x94, 0x69, 0x27, 0x91, 0x6a, 0xcf, 0xc2, 0xd5, 0x92, 0xfb, 0xb1, 0x56, 0x7e, 0x4b, 0x4b, 0x14, 0x59, 0xe6, 0xa9, 0x04, 0xac, 0x2d, 0xda, 0xb7, 0x2d, 0x67}; + +static const char* ipsumlorem = "Lorem ipsum dolor sit amet, consectetur " + "adipisici elit, sed eiusmod tempor incidunt " + "ut labore et dolore magna aliqua."; + static void crypto_test_tls_prf(void **state) { @@ -150,12 +155,6 @@ crypto_test_tls_prf(void **state) const size_t seed_len = strlen(seedstr); - - - const char* ipsumlorem = "Lorem ipsum dolor sit amet, consectetur " - "adipisici elit, sed eiusmod tempor incidunt ut " - "labore et dolore magna aliqua."; - const unsigned char *secret = (const unsigned char *) ipsumlorem; size_t secret_len = strlen((const char *)secret); @@ -166,13 +165,61 @@ crypto_test_tls_prf(void **state) assert_memory_equal(good_prf, out, sizeof(out)); } +static uint8_t testkey[20] = {0x0b, 0x00}; +static uint8_t goodhash[20] = {0x58, 0xea, 0x5a, 0xf0, 0x42, 0x94, 0xe9, 0x17, + 0xed, 0x84, 0xb9, 0xf0, 0x83, 0x30, 0x23, 0xae, + 0x8b, 0xa7, 0x7e, 0xb8}; + +static void +crypto_test_hmac(void **state) +{ + hmac_ctx_t *hmac = hmac_ctx_new(); + const md_kt_t *sha1 = md_kt_get("SHA1"); + + assert_int_equal(md_kt_size(sha1), 20); + + uint8_t key[20]; + memcpy(key, testkey, sizeof(key)); + + hmac_ctx_init(hmac, key, 20, sha1); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + + uint8_t hash[20]; + hmac_ctx_final(hmac, hash); + + assert_memory_equal(hash, goodhash, sizeof(hash)); + memset(hash, 0x00, sizeof(hash)); + + /* try again */ + hmac_ctx_reset(hmac); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_final(hmac, hash); + + assert_memory_equal(hash, goodhash, sizeof(hash)); + + /* Fill our key with random data to ensure it is not used by hmac anymore */ + memset(key, 0x55, sizeof(key)); + + hmac_ctx_reset(hmac); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem)); + hmac_ctx_final(hmac, hash); + + assert_memory_equal(hash, goodhash, sizeof(hash)); + hmac_ctx_cleanup(hmac); + hmac_ctx_free(hmac); +} + int main(void) { const struct CMUnitTest tests[] = { cmocka_unit_test(crypto_pem_encode_decode_loopback), cmocka_unit_test(crypto_translate_cipher_names), - cmocka_unit_test(crypto_test_tls_prf) + cmocka_unit_test(crypto_test_tls_prf), + cmocka_unit_test(crypto_test_hmac) }; #if defined(ENABLE_CRYPTO_OPENSSL)