From patchwork Tue Feb 14 18:39:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3082 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp4320033dyk; Tue, 14 Feb 2023 10:40:09 -0800 (PST) X-Google-Smtp-Source: AK7set9nj2aTfDe90OSlnIrPsk74waa1wiE+iNdE+chxiYm76kh9Z58NnkPvqHsrdKECB2VPuKSH X-Received: by 2002:a17:90b:1d06:b0:234:1cb4:b1f5 with SMTP id on6-20020a17090b1d0600b002341cb4b1f5mr3465358pjb.7.1676400009395; Tue, 14 Feb 2023 10:40:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676400009; cv=none; d=google.com; s=arc-20160816; b=JMSt47E3T+qLLzabrmCSbzsXiW5hwVrwKW4HIfaQe01gBK+HDKo/oy4TJqrf+4OF9x LTPnMsAGw/CO7phTkXhHMO9nPInzwnWpqERazb6MwFbjRQ0iKvh/EApQMz4FbmrFjjd6 KK/EEsQCdeselnQKUaLOGjzZABEySe5EY26bt5Te0+fMoMd7Zfavnc7Z+CXtX+rTGbDU 5nra9IDag2KNO9E5Z7q38B9gNkeR/hFf1TLil1fbUVhOecJ84PkKSJHTNyiP+twZiBAp x+AS8F3pkzN3RMy0/P13tyAgPYOYliIIs+i5kFp28+CwSKaP1Il6bFY9mJ9CHcBO3FED kHBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=cfQa74WaoVHhdoJeYIeUPmxTdPlYpDjRDVHN3jCXvaQ=; b=QD6/RabY1l/Fb+rCtXiQ46ffLzHuc9XTJfXWxYOKZPiUr0Ebt3E3g2Nc3WDpSNDxEQ 78Fc/bL6l4fPjbJmNEWL6923ADyFyYwTMI+TmJo6QE1V5y33h4uyLtOg7aQwULMbc5iK 0DT831bCeK42UpwY3ePjRH3ToYXpCbPKG/R+ufzk1B2UGc78tA/6KZ5hfwkKqARNb4rU Tuq6Aapc1Ejy0OL/st+jTHxH74j9oipGeFuF+Uy3+DZy71xO072A/umIV9J3YTs9K3d/ KcVfXuMYUmSI6CwLhuGaUfAiRM4pXX4fhgAVt4X2eRMebA48m3mOJf2LdUxL4v/S3kBo wr4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=aM8axEEs; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PGNCQn2p; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=CzgErWQu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id p3-20020a637403000000b004fb3bef70a2si15269186pgc.589.2023.02.14.10.40.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Feb 2023 10:40:09 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=aM8axEEs; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PGNCQn2p; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=CzgErWQu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pS0DT-0001xG-DT; Tue, 14 Feb 2023 18:39:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pS0DR-0001x9-6B for openvpn-devel@lists.sourceforge.net; Tue, 14 Feb 2023 18:39:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3NFmG5gLgOLSgHVco9cRmAQmC29Fs//OzGAsMfRr37s=; b=aM8axEEsz6x4i6G+5R9pH12IQ+ k/6HetOAR7S6wyiuwk5ZWy3QwHo+fmqxOsVaGSp/Tm95k1qe75OOwBJNeehomyzhDo7FtBslMYv/q tcS8lGK0y6z+vr7Uqdahx2+PB0W+C1pOe6Oe3vJw9Vqgv5kkSlTZvvjKBn3XSQ+U6SZo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3NFmG5gLgOLSgHVco9cRmAQmC29Fs//OzGAsMfRr37s=; b=PGNCQn2pFyiyOBOnpLnCTiTO0c NYZYyXW0kx+NnCmvqZAXJWhuwOBP9ZgyRn8kTYfAQs7cosdS+n7NeSZZt8nZTYpmxDlxOnhM+Y/S8 Ud4cWXpR2E5yDJhyUVhEx3PlGm1zA8JopdDYb+GHQKreFYPzRZeULft9sALc5tz9a3KU=; Received: from mail-il1-f178.google.com ([209.85.166.178]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pS0DM-004Pdm-OT for openvpn-devel@lists.sourceforge.net; Tue, 14 Feb 2023 18:39:44 +0000 Received: by mail-il1-f178.google.com with SMTP id v13so5067579iln.4 for ; Tue, 14 Feb 2023 10:39:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1676399975; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3NFmG5gLgOLSgHVco9cRmAQmC29Fs//OzGAsMfRr37s=; b=CzgErWQug8rEL616FkeJBC2C8oySbdUDosP056wKuUcLAekTX5V4ZcpQWcqVo6qqAT 4jAanOjlYkCFXcWzt46qwkP3fx309yQjJJZBWL8YAVvZUbMkGQXDpNbq3MGSzwV6upOB JtMyKnbFU3o/WTt122h9+EcWi5AEZdRE8qLqBE9C07TKFKLRFVXIi8AlOI4IPEmRSL+i ksC7WeAAte6F14NFs6LgJRP09DdkzRpKh1JD12j4Y5eC6wSZwobEH9uhtSav3s8n44zz eRz8BEsyxKCD+gr5GJDzcX8vcsFjcQiwASt8Tj3/X3fbGywLaluwaAwwt3lJCRX/68+l nK4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1676399975; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3NFmG5gLgOLSgHVco9cRmAQmC29Fs//OzGAsMfRr37s=; b=jm9gAt9oP4AmwPgh8JIB6SWpbY5iZLCON3yg6lDTjNDxXxYvwWYraQsvM0gndjBwlD e4kFQWiqR5kWFin2AgaazdT5x1ln7MQ+Mp35QEAd1TylM6IlAOw7k8QO66mAaALC4vxW jTAGcCrRRayPbthsxyfLsd33UA7+t+ONfMfzBxA/cAtXy507Rjo/4xV6ba7h4uDyy+U1 rpYPaJdZ+AduU0Xtg0P7dCxcUJ+SPM4GqyNUZl3qmJiRFjSvhiwrALn61JpRstTrkzeD pMzUOh14OHim6SWQcH7gbfbeiV1PyJVJUpaAzfB6auUawH1K05axFpJLuUWMOxEmuYe1 mhnA== X-Gm-Message-State: AO0yUKVTv0stQyRIrVWytgoh4jlrtwDldo/MrqJELAWrPmaLiquZAff+ lLCs+c8d3Ki3XZC+VTDKbJu+7fNR9Tbh4g== X-Received: by 2002:a05:6e02:1888:b0:314:6968:ed8d with SMTP id o8-20020a056e02188800b003146968ed8dmr3165766ilu.3.1676399974923; Tue, 14 Feb 2023 10:39:34 -0800 (PST) Received: from uranus.sansel.ca ([70.51.222.66]) by smtp.gmail.com with ESMTPSA id b13-20020a92db0d000000b003109f26455csm4878782iln.55.2023.02.14.10.39.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Feb 2023 10:39:34 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 14 Feb 2023 13:39:28 -0500 Message-Id: <20230214183928.572371-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230204064010.257925-2-selva.nair@gmail.com> References: <20230204064010.257925-2-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More tests coming.. v2: a line that belongs here was mistakenly included in the previous commit. Corrected. v3: add to list of tests run in github actions Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.178 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.178 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pS0DM-004Pdm-OT Subject: [Openvpn-devel] [PATCH v3 3/3] Add a unit test for functions in cryptoapi.c X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756881620371918184?= X-GMAIL-MSGID: =?utf-8?q?1757832816140279862?= From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More tests coming.. v2: a line that belongs here was mistakenly included in the previous commit. Corrected. v3: add to list of tests run in github actions Signed-off-by: Selva Nair fixup --- .github/workflows/build.yaml | 3 + tests/unit_tests/openvpn/Makefile.am | 16 +++ tests/unit_tests/openvpn/test_cryptoapi.c | 126 ++++++++++++++++++++++ 3 files changed, 145 insertions(+) create mode 100644 tests/unit_tests/openvpn/test_cryptoapi.c diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 699964fd..5bd6da89 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -243,6 +243,9 @@ jobs: - name: Run bufferunit test run: ./unittests/buffer_testdriver.exe + - name: Run cryptoapi unit test + run: ./unittests/cryptoapi_testdriver.exe + - name: Run cryptounit test run: ./unittests/crypto_testdriver.exe diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 8d2386e0..ee0a3d8a 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -17,6 +17,7 @@ endif test_binaries += provider_testdriver if WIN32 +test_binaries += cryptoapi_testdriver LDADD = -lws2_32 endif @@ -152,6 +153,21 @@ provider_testdriver_SOURCES = test_provider.c mock_msg.c \ $(openvpn_srcdir)/win32-util.c \ $(openvpn_srcdir)/platform.c +if WIN32 +cryptoapi_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +cryptoapi_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ + $(OPTIONAL_CRYPTO_LIBS) -lcrypt32 -lncrypt +cryptoapi_testdriver_SOURCES = test_cryptoapi.c mock_msg.c \ + $(openvpn_srcdir)/xkey_helper.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/base64.c \ + $(openvpn_srcdir)/platform.c \ + mock_get_random.c \ + $(openvpn_srcdir)/win32-util.c +endif + auth_token_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ $(OPTIONAL_CRYPTO_CFLAGS) diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c new file mode 100644 index 00000000..2bea3f42 --- /dev/null +++ b/tests/unit_tests/openvpn/test_cryptoapi.c @@ -0,0 +1,126 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023 Selva Nair + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" +#include "manage.h" +#include "integer.h" +#include "xkey_common.h" + +#if defined(HAVE_XKEY_PROVIDER) && defined (ENABLE_CRYPTOAPI) +#include +#include +#include +#include +#include +#include + +#include +#include /* pull-in the whole file to test static functions */ + +struct management *management; /* global */ + +/* mock a management function that xkey_provider needs */ +char * +management_query_pk_sig(struct management *man, const char *b64_data, + const char *algorithm) +{ + (void) man; + (void) b64_data; + (void) algorithm; + return NULL; +} + +/* tls_libctx is defined in ssl_openssl.c which we do not want to compile in */ +OSSL_LIB_CTX *tls_libctx; + +#ifndef _countof +#define _countof(x) sizeof((x))/sizeof(*(x)) +#endif + +/* test data */ +static const uint8_t test_hash[] = { + 0x77, 0x38, 0x65, 0x00, 0x1e, 0x96, 0x48, 0xc6, 0x57, 0x0b, 0xae, + 0xc0, 0xb7, 0x96, 0xf9, 0x66, 0x4d, 0x5f, 0xd0, 0xb7 +}; + +/* valid test strings to test with and without embedded and trailing spaces */ +static const char *valid_str[] = { + "773865001e9648c6570baec0b796f9664d5fd0b7", + " 77 386500 1e 96 48 c6570b aec0b7 96f9664d5f d0 b7", + " 773865001e9648c6570baec0b796f9664d5fd0b7 ", +}; + +/* some invalid strings to test with and without embedded and trailing spaces */ +static const char *invalid_str[] = { + "773 865001e9648c6570baec0b796f9664d5fd012", /* space within byte */ + "77:38:65001e9648c6570baec0b796f9664d5fd0b7", /* invalid separator */ + "7738x5001e9648c6570baec0b796f9664d5fd0b7", /* non hex character */ +}; + +static void +test_parse_hexstring(void **state) +{ + unsigned char hash[255]; + (void) state; + + for (int i = 0; i < _countof(valid_str); i++) + { + int len = parse_hexstring(valid_str[i], hash, _countof(hash)); + assert_int_equal(len, sizeof(test_hash)); + assert_memory_equal(hash, test_hash, sizeof(test_hash)); + memset(hash, 0, _countof(hash)); + } + + for (int i = 0; i < _countof(invalid_str); i++) + { + int len = parse_hexstring(invalid_str[i], hash, _countof(hash)); + assert_int_equal(len, 0); + } +} + +int +main(void) +{ + const struct CMUnitTest tests[] = { cmocka_unit_test(test_parse_hexstring) }; + + int ret = cmocka_run_group_tests_name("cryptoapi tests", tests, NULL, NULL); + + return ret; +} + +#else /* ifdef HAVE_XKEY_PROVIDER */ + +int +main(void) +{ + return 0; +} + +#endif /* ifdef HAVE_XKEY_PROVIDER */