From patchwork Sat Feb 4 00:45:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3047 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1545501dyk; Fri, 3 Feb 2023 16:45:46 -0800 (PST) X-Google-Smtp-Source: AK7set8NTENUMRXQybfv90+aG0P1uLW7xbtGHy1dJZ8pDrBGZm5HgYuXzkF8gSVfykUHxMgppOmB X-Received: by 2002:a17:90a:195e:b0:22b:ecea:8b1b with SMTP id 30-20020a17090a195e00b0022becea8b1bmr12751726pjh.45.1675471546279; Fri, 03 Feb 2023 16:45:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675471546; cv=none; d=google.com; s=arc-20160816; b=N6ygB3u3YVrNbPtB5rgHNF/5wRcrMvdObt32Jj08890CkPDBtpRw1zm/7veNxvGp9w YNPvCkqgqm52esc48uFBBVnqYxaFTpkdXpf0JB7Gn7opZj4WqLtWIspF2rntzkmImLR4 FYJ6tkdby/O4lfeAvpJ7geEdk3tDZ5Haza8UYVyv1K940loofmvtX4UhBG3PQGeMnO2m RLLnCHucYDiDIWUSdvW4NtIbzyMeJPYTOxQuXbgEz02VnRf5CkQpVysw5DFnWfQ8Tsp0 oGeDShkk6xYOHjGeLUURRoP57BkaM/gfc4qg/x7n5cu4eNZM8wWJ1RGlXqEl9RJ0y9q/ VPLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=ZYehaQeU1nqLtnL0C4JLqH1EbkQCVB3QWkVC8fY1BYA=; b=g0gIpyP7TE1lmt4FXJw/bFCYHmEchfVPi00akK2f8kwRdMyXzV4wvI7uktb+Ip8xPa zW8FT3mwDqort0cY2uXfSPU35sno/eA5iMvvFtQVO27XZ/HS+Q38LtApsRcU3NI1qfjE SnCiBnZ2xPA4uG+0rWR7iAlEQzswaBDXFniRQZK6FbNG3XR0lDfg9sAu4am3dQ7hBH4s Z8e1qc62l57s8UB8QU2wghwfYFV8Y6WiwVycXjEyIPeGa6T3TExKmdicIJepg+0X40u4 kRvSNOkd9Jp8YZM/scq2bX3yJCoeHRtGNbqh5HqKAiXJ1TbXMMpVDEx3+0hP9D4yg3Rd KE9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WnpZqcUJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SOkCAkU2; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=VagrrZUB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id o5-20020a17090ad24500b0022bfcb7ba8dsi9434513pjw.21.2023.02.03.16.45.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Feb 2023 16:45:46 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WnpZqcUJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SOkCAkU2; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=VagrrZUB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pO6gM-0003GW-O3; Sat, 04 Feb 2023 00:45:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pO6gL-0003GL-8h for openvpn-devel@lists.sourceforge.net; Sat, 04 Feb 2023 00:45:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8Km2ie7voBTHDs+gutloVLYum34PeZ25zNDxjNDWUnc=; b=WnpZqcUJzEBggXCrT753bYE998 3XwGss+CDq8J0kOio2xBWnQMSw6gtf48C46ighcVyOjXhUpwNJ/4nDDfE41XerUEzgw0FTiGqmgqa lOXIMlD8VXC2YT8emQk5/8bOojM+PGbL3S6WPfl7MxfVxY/QaECOgdrkkCM5rrkHwOB8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8Km2ie7voBTHDs+gutloVLYum34PeZ25zNDxjNDWUnc=; b=SOkCAkU2BdhZp/qq9TX5X+n+AN cyQMJvNcMTN2q/NeY5D8UlUCyv4y/p+cL1MpF/LgsruQk4Ot+nc8cLaNfIqWuaWo4X2LVr2/oRxpV BtevROi0kEcW10lI48oZwnHXBUYRkb5mvBvfnHVxX0jlxIQlwwUVY6tsmE1t1sY0g5fQ=; Received: from mail-il1-f173.google.com ([209.85.166.173]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pO6gI-0008Qe-02 for openvpn-devel@lists.sourceforge.net; Sat, 04 Feb 2023 00:45:28 +0000 Received: by mail-il1-f173.google.com with SMTP id i17so2766388ils.11 for ; Fri, 03 Feb 2023 16:45:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8Km2ie7voBTHDs+gutloVLYum34PeZ25zNDxjNDWUnc=; b=VagrrZUBKmazephfRvmoUdEfwtk0kZBZ199O0QdlLfrERxHrv3fko+CUg/EOEKdZ8D N6gu8+GSIFsJZhmpFDtUK+dmZcw+ntauSfznHRHsemHpcHxdvCCWJJw8cUeE7kNfh+6C ruSbshcqMRnCFugdAlXKBm1jvvxKZGMhIVT1fRHfMkvDLjP/dhWIosJ/nwQPr4s97QUO QDUpgeQb1twvF5On2StZ+3rnohgw+xmyFTyqjWrePjmA659XUS1PIMIhqIwn9nUQO27c YvftPAdqX0naAcpYq9QudxOnV/Ke1oEaVSUqAtLExm4RkofhYsjRk++OvCD4vR2zYEDh gwfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8Km2ie7voBTHDs+gutloVLYum34PeZ25zNDxjNDWUnc=; b=qCK59d5ZHdcBgyswX9iTiZqDrGiYOpglNb8ZXb1TK2mLuybcqWRv1v+8a4dMW0KeHU 7Flee3RjHD/Gxp7BHyr6UOMxN+Y1epQiSYC3uMhv3ZE1FywktjC98EfRvzNmF1kmtG/Z xKG6AUPhMXVIy3NPqTdQvCTDP5mu9/pf/QftJJzlrbw9zb0+bCYlbFAGz8tzUoil0BRk 1P44Oak2XVK3xuTtp+nDv4GvORICw78shM0IxFdvVy9QQOranuq5lUYXpv+Vf6mS4AZ+ YnrwnurqcwLAzkkO08cIMsx1IeEI7MnnxrKL1sUar/xJV52ci2q64UJ4cId9H/XEnBQG XPEg== X-Gm-Message-State: AO0yUKWPauRDYbtNV37kV5rdVFcQi/hwvQM3WR4Uj161ZFaTbGrB5Cs1 uOtbf7q7AgDdtjsFc6qFCzUDw4Fhx58= X-Received: by 2002:a92:ce06:0:b0:310:8c56:d7de with SMTP id b6-20020a92ce06000000b003108c56d7demr6552884ilo.0.1675471520893; Fri, 03 Feb 2023 16:45:20 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id l3-20020a056e021c0300b0031109a23893sm1222745ilh.23.2023.02.03.16.45.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Feb 2023 16:45:20 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Fri, 3 Feb 2023 19:45:12 -0500 Message-Id: <20230204004512.250271-3-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230204004512.250271-1-selva.nair@gmail.com> References: <20230204004512.250271-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More cryptoapi tests coming.. Signed-off-by: Selva Nair --- Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.173 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.173 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1pO6gI-0008Qe-02 Subject: [Openvpn-devel] [PATCH 3/3] Add a unit test for functions in cryptoapi.c X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756859251961166630?= X-GMAIL-MSGID: =?utf-8?q?1756859251961166630?= From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More cryptoapi tests coming.. Signed-off-by: Selva Nair --- As requested during review of the 4/4 patch of cryptoapi series. Note that this doesn't currently build with MSVC -- either cross compile on Linux and run the binary on Windows or use mingw to compile on Windows. tests/unit_tests/openvpn/Makefile.am | 15 +++ tests/unit_tests/openvpn/test_cryptoapi.c | 126 ++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 tests/unit_tests/openvpn/test_cryptoapi.c diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 909ac4e2..0a1ad439 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -153,6 +153,21 @@ provider_testdriver_SOURCES = test_provider.c mock_msg.c \ $(openvpn_srcdir)/win32-util.c \ $(openvpn_srcdir)/platform.c +if WIN32 +cryptoapi_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +cryptoapi_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ + $(OPTIONAL_CRYPTO_LIBS) -lcrypt32 -lncrypt +cryptoapi_testdriver_SOURCES = test_cryptoapi.c mock_msg.c \ + $(openvpn_srcdir)/xkey_helper.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/base64.c \ + $(openvpn_srcdir)/platform.c \ + mock_get_random.c \ + $(openvpn_srcdir)/win32-util.c +endif + auth_token_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ $(OPTIONAL_CRYPTO_CFLAGS) diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c new file mode 100644 index 00000000..2bea3f42 --- /dev/null +++ b/tests/unit_tests/openvpn/test_cryptoapi.c @@ -0,0 +1,126 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023 Selva Nair + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" +#include "manage.h" +#include "integer.h" +#include "xkey_common.h" + +#if defined(HAVE_XKEY_PROVIDER) && defined (ENABLE_CRYPTOAPI) +#include +#include +#include +#include +#include +#include + +#include +#include /* pull-in the whole file to test static functions */ + +struct management *management; /* global */ + +/* mock a management function that xkey_provider needs */ +char * +management_query_pk_sig(struct management *man, const char *b64_data, + const char *algorithm) +{ + (void) man; + (void) b64_data; + (void) algorithm; + return NULL; +} + +/* tls_libctx is defined in ssl_openssl.c which we do not want to compile in */ +OSSL_LIB_CTX *tls_libctx; + +#ifndef _countof +#define _countof(x) sizeof((x))/sizeof(*(x)) +#endif + +/* test data */ +static const uint8_t test_hash[] = { + 0x77, 0x38, 0x65, 0x00, 0x1e, 0x96, 0x48, 0xc6, 0x57, 0x0b, 0xae, + 0xc0, 0xb7, 0x96, 0xf9, 0x66, 0x4d, 0x5f, 0xd0, 0xb7 +}; + +/* valid test strings to test with and without embedded and trailing spaces */ +static const char *valid_str[] = { + "773865001e9648c6570baec0b796f9664d5fd0b7", + " 77 386500 1e 96 48 c6570b aec0b7 96f9664d5f d0 b7", + " 773865001e9648c6570baec0b796f9664d5fd0b7 ", +}; + +/* some invalid strings to test with and without embedded and trailing spaces */ +static const char *invalid_str[] = { + "773 865001e9648c6570baec0b796f9664d5fd012", /* space within byte */ + "77:38:65001e9648c6570baec0b796f9664d5fd0b7", /* invalid separator */ + "7738x5001e9648c6570baec0b796f9664d5fd0b7", /* non hex character */ +}; + +static void +test_parse_hexstring(void **state) +{ + unsigned char hash[255]; + (void) state; + + for (int i = 0; i < _countof(valid_str); i++) + { + int len = parse_hexstring(valid_str[i], hash, _countof(hash)); + assert_int_equal(len, sizeof(test_hash)); + assert_memory_equal(hash, test_hash, sizeof(test_hash)); + memset(hash, 0, _countof(hash)); + } + + for (int i = 0; i < _countof(invalid_str); i++) + { + int len = parse_hexstring(invalid_str[i], hash, _countof(hash)); + assert_int_equal(len, 0); + } +} + +int +main(void) +{ + const struct CMUnitTest tests[] = { cmocka_unit_test(test_parse_hexstring) }; + + int ret = cmocka_run_group_tests_name("cryptoapi tests", tests, NULL, NULL); + + return ret; +} + +#else /* ifdef HAVE_XKEY_PROVIDER */ + +int +main(void) +{ + return 0; +} + +#endif /* ifdef HAVE_XKEY_PROVIDER */