From patchwork Sat Feb 4 06:40:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3049 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1685831dyk; Fri, 3 Feb 2023 22:41:18 -0800 (PST) X-Google-Smtp-Source: AK7set8uYG5ofkBRWx1TWb5CmqwkmWXIM7GatUP+s2tSHAWcAkHbl9rpcpDWnRzdvHFcaE7CN2VX X-Received: by 2002:a05:6a20:7d88:b0:b5:a231:107f with SMTP id v8-20020a056a207d8800b000b5a231107fmr16611580pzj.12.1675492878067; Fri, 03 Feb 2023 22:41:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675492878; cv=none; d=google.com; s=arc-20160816; b=LqtdG4KKogbTvVU50g2Av+4kPFx5+Ku5/yb6nIvTzDS8fN/9R0jgedLysKUFiVvVHD b1E0qbXzobbvcQCszWnHoq/NA8F2VSJz5QRGMNx4J5JYbor8LCIv1SiVN9xqgaoWNJIK 11YSMadUvtWa3fzDXek66/JQEaNYY0uUBPGBD6d3zz+GP/jKGOf/9n3AvjouSxEVCVL+ dTqBu4ETz2Yt/tj+37ju1S3U8t1rN9z+ZYPh5mZpjv3s55pDUAKp+6XqfIesmiV8F8Ip mkDAGz7rAnmERH+oufLCcpJlZVlpVHG3yNJ/q67AMSUv1R+3fHlNNTQCBuu/myGegVrd We0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=MDziRzoIR+vgrNNliwl9xx8uccSlgGSWOe8cBXLqP/I=; b=ckjztGjpP0egk6CSM2ogjXTwoRt0RJO+xwdy67v9gsV7QLujMqylQY8EiVSFelUAxp Vvxh9SMk8lVx7qAUn9eA0gvGj/W6zAuZSuvOgeVWUztN9t+TbHBJTPMuIJeXc2w7U7Gt ki+ZkZKo5QHIyHAEeFJQFUD/x7iKqNS71DIKepvTZgx2VRa9m1QPHTIugIksMLu3vIJT KIxC3bQMUL70PxESeELK2nE+zpnciYZ9R8rAzuo7Q445rdJN+LJUejuNilcfFP2hYngz cn8TJvmuFdzdCLoNKgdR9bKihMHcHJKZ9clk3UI3hdG+lhnYTtWLJ8LDR/PpCaL8QoHC AKpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=htWYw67e; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KgOKP72K; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=qtHBMR4A; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id p17-20020a637411000000b004cd1e13283fsi5184128pgc.318.2023.02.03.22.41.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Feb 2023 22:41:18 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=htWYw67e; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KgOKP72K; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=qtHBMR4A; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pOCDp-0000qD-64; Sat, 04 Feb 2023 06:40:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pOCDn-0000q7-Lh for openvpn-devel@lists.sourceforge.net; Sat, 04 Feb 2023 06:40:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0y+994P5JiKutMN6z75w8esE/bC5PZVg9kwFWCl8R+Y=; b=htWYw67e2lsdxDzr1yXFpiB5o2 DAjSz8Jl/Z+0AOjPbU+eNI4WPV5ICVhmWO0F61Y3wDvGInnU4Y7XF58yPCLUOr/cmN1euZpRBNBno VBrf0WSNtRyS3L+H5DX77/+Su2VxtjZHERT7CSe1Ub0o09czJdpB6eZmE5Q3qDrnfxNY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=0y+994P5JiKutMN6z75w8esE/bC5PZVg9kwFWCl8R+Y=; b=KgOKP72K//R4C8+WbqCShSYLro LVcQfrDVv7XBY7hFrjDuuKVcYqGWNvKWpE8voYeLQ2oRg8qGDMV9tnE2ed9TmuOvi3J92BXRoQApk 3CsncJ33Pe7w6RnP33HXtGv5lZPzYS0lVJ2lBv+EgoUupeKUZFiFRD9olWtkaOzPNYzs=; Received: from mail-il1-f181.google.com ([209.85.166.181]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pOCDk-0006rM-Bl for openvpn-devel@lists.sourceforge.net; Sat, 04 Feb 2023 06:40:22 +0000 Received: by mail-il1-f181.google.com with SMTP id u7so2952602ilg.4 for ; Fri, 03 Feb 2023 22:40:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0y+994P5JiKutMN6z75w8esE/bC5PZVg9kwFWCl8R+Y=; b=qtHBMR4AIlBdpEoauqgoewcjUYoigmx+6hHEB0iq7YerJ+j+f7tkiTipjIdyorUqf4 mTj9RHF6G3K9ccpqTfhKoTFqyWlNNoOWOekM0mLjAFh5p2wuMepFQAfj16rEs2JltbOZ hUBbcVt4OltmLgck3wh6K+H04oEFmwE/hMQjpok+gd4XFZoqNyBAN4tz75i1ra0WZUMh MvYHQ8bbY1/b0PROQ4Quxyz0luDBk3CYA5Pk1nZ0d+/DxQrl5Zeo6LjHE+ao7y6tdWBG XqsreoTm9XzYFJw56WV/nddqAHxRnbfcQOYVho1OAe1xtjS0Ixd8UDbsQxDEhK7/AXmP 6msQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0y+994P5JiKutMN6z75w8esE/bC5PZVg9kwFWCl8R+Y=; b=MkQLSJ1+hDLEsZ3L30N4UPmEsq7Mm9q5+4RjUSla1JL3McYKEmqW3sPoCr2Y5qO3Sk D6n41DQT+/kgNc7KO1t0oNNNp4UrUubLx2muTdY/760ZbX9BAhJEC2Y8mS2jgc2sdrom NqBnUOjpiaYe1GdtV3C4LNTiBZAOzw2qHI358unKh+ydFffCfjSw0aA2/lGeN/JlXvpt VjSWExe9U0olMyN/cAmNOwx1HKa7Bfdc9DJlKpkRwMOp6sFFGqA2uhBE56wB4aGzCJPq N/CCpEC6wmxWAKWs1XHBEJHihe2bpvkuKI8UkuHYD4rqym8gnHjAn+9kAKwnxDBGEfPi wY1Q== X-Gm-Message-State: AO0yUKXAxOczdZ3sci/aQnG30+VRE9HTyoe/j4OQumIO9lc16gwAKPCx 1G/DMTbvuhJYYiHTqnQKLwTXmqpAbTo= X-Received: by 2002:a05:6e02:221e:b0:304:c683:3c8a with SMTP id j30-20020a056e02221e00b00304c6833c8amr8588711ilf.3.1675492815286; Fri, 03 Feb 2023 22:40:15 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id 18-20020a056e0211b200b0030bfd384821sm1365072ilj.81.2023.02.03.22.40.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Feb 2023 22:40:15 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sat, 4 Feb 2023 01:40:10 -0500 Message-Id: <20230204064010.257925-2-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230204064010.257925-1-selva.nair@gmail.com> References: <20230204004512.250271-2-selva.nair@gmail.com> <20230204064010.257925-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More tests coming.. v2: a line that belongs here was mistakenly included in the previous commit. Corrected. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.181 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.181 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pOCDk-0006rM-Bl Subject: [Openvpn-devel] [PATCH v2 3/3] Add a unit test for functions in cryptoapi.c X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756881620371918184?= X-GMAIL-MSGID: =?utf-8?q?1756881620371918184?= From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More tests coming.. v2: a line that belongs here was mistakenly included in the previous commit. Corrected. Signed-off-by: Selva Nair --- tests/unit_tests/openvpn/Makefile.am | 16 +++ tests/unit_tests/openvpn/test_cryptoapi.c | 126 ++++++++++++++++++++++ 2 files changed, 142 insertions(+) create mode 100644 tests/unit_tests/openvpn/test_cryptoapi.c diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 8d2386e0..ee0a3d8a 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -17,6 +17,7 @@ endif test_binaries += provider_testdriver if WIN32 +test_binaries += cryptoapi_testdriver LDADD = -lws2_32 endif @@ -152,6 +153,21 @@ provider_testdriver_SOURCES = test_provider.c mock_msg.c \ $(openvpn_srcdir)/win32-util.c \ $(openvpn_srcdir)/platform.c +if WIN32 +cryptoapi_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +cryptoapi_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ + $(OPTIONAL_CRYPTO_LIBS) -lcrypt32 -lncrypt +cryptoapi_testdriver_SOURCES = test_cryptoapi.c mock_msg.c \ + $(openvpn_srcdir)/xkey_helper.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/base64.c \ + $(openvpn_srcdir)/platform.c \ + mock_get_random.c \ + $(openvpn_srcdir)/win32-util.c +endif + auth_token_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ $(OPTIONAL_CRYPTO_CFLAGS) diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c new file mode 100644 index 00000000..2bea3f42 --- /dev/null +++ b/tests/unit_tests/openvpn/test_cryptoapi.c @@ -0,0 +1,126 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023 Selva Nair + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" +#include "manage.h" +#include "integer.h" +#include "xkey_common.h" + +#if defined(HAVE_XKEY_PROVIDER) && defined (ENABLE_CRYPTOAPI) +#include +#include +#include +#include +#include +#include + +#include +#include /* pull-in the whole file to test static functions */ + +struct management *management; /* global */ + +/* mock a management function that xkey_provider needs */ +char * +management_query_pk_sig(struct management *man, const char *b64_data, + const char *algorithm) +{ + (void) man; + (void) b64_data; + (void) algorithm; + return NULL; +} + +/* tls_libctx is defined in ssl_openssl.c which we do not want to compile in */ +OSSL_LIB_CTX *tls_libctx; + +#ifndef _countof +#define _countof(x) sizeof((x))/sizeof(*(x)) +#endif + +/* test data */ +static const uint8_t test_hash[] = { + 0x77, 0x38, 0x65, 0x00, 0x1e, 0x96, 0x48, 0xc6, 0x57, 0x0b, 0xae, + 0xc0, 0xb7, 0x96, 0xf9, 0x66, 0x4d, 0x5f, 0xd0, 0xb7 +}; + +/* valid test strings to test with and without embedded and trailing spaces */ +static const char *valid_str[] = { + "773865001e9648c6570baec0b796f9664d5fd0b7", + " 77 386500 1e 96 48 c6570b aec0b7 96f9664d5f d0 b7", + " 773865001e9648c6570baec0b796f9664d5fd0b7 ", +}; + +/* some invalid strings to test with and without embedded and trailing spaces */ +static const char *invalid_str[] = { + "773 865001e9648c6570baec0b796f9664d5fd012", /* space within byte */ + "77:38:65001e9648c6570baec0b796f9664d5fd0b7", /* invalid separator */ + "7738x5001e9648c6570baec0b796f9664d5fd0b7", /* non hex character */ +}; + +static void +test_parse_hexstring(void **state) +{ + unsigned char hash[255]; + (void) state; + + for (int i = 0; i < _countof(valid_str); i++) + { + int len = parse_hexstring(valid_str[i], hash, _countof(hash)); + assert_int_equal(len, sizeof(test_hash)); + assert_memory_equal(hash, test_hash, sizeof(test_hash)); + memset(hash, 0, _countof(hash)); + } + + for (int i = 0; i < _countof(invalid_str); i++) + { + int len = parse_hexstring(invalid_str[i], hash, _countof(hash)); + assert_int_equal(len, 0); + } +} + +int +main(void) +{ + const struct CMUnitTest tests[] = { cmocka_unit_test(test_parse_hexstring) }; + + int ret = cmocka_run_group_tests_name("cryptoapi tests", tests, NULL, NULL); + + return ret; +} + +#else /* ifdef HAVE_XKEY_PROVIDER */ + +int +main(void) +{ + return 0; +} + +#endif /* ifdef HAVE_XKEY_PROVIDER */