From patchwork Tue Feb 14 20:08:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3083 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp4377367dyk; Tue, 14 Feb 2023 12:08:58 -0800 (PST) X-Google-Smtp-Source: AK7set+Fx36FcBR+8YC4CO6a6sxRkNFOj4fMR/TY3ZTxw2rTFR/975AfwtWyCsBrXdBybHS06Wab X-Received: by 2002:a05:6808:8fa:b0:363:acf6:7843 with SMTP id d26-20020a05680808fa00b00363acf67843mr1887373oic.27.1676405338356; Tue, 14 Feb 2023 12:08:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676405338; cv=none; d=google.com; s=arc-20160816; b=QLCmZwDYSUioiyoAo5pi8BVTi3isKPm4de1Umj57bhR3qDuFtvnF58tMxHje+jQ1wT f2OZTGlHYQAsB2zvsZa55sSGfkqmHGA3E9LKhwvKDQT3UASZ07NVkst8+gRQLIB3e1EQ rB/SUvZbLGZ2O4lq34mIM/mh58Y6IKdBM8TxGBqoBC7DKXTvxVXfP5BTGZPby1/dDv15 x8o44FKRU0QbnaxK9bzMD8tsGDyW2PFRPQ3Wj5nDD66DnKefAJ5+ceHWgU7g4/oFlAF0 37v3pHIPpwClEo4mLQcDVBTMbnHBsKGe3McvXIcB5u9DqVaQuNh0l3BhCtyhwkJOc2en i9zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=Fhi6bnWikJUgUlcudH1IYUV2H9AgMbgFtMaJ6oecFUM=; b=p0QD46ngxRi0P3zxPZf54vy23ocN7Wzh6cN6IYUjFn4FxX1cBLijQSzptPpzYA9Lz3 C6/aqhnvhcwYRavgFsVQ5oh6J4DrCRt3DajTsdp3nMUV5oXiawNZ7azcL47T+0CzODEl 1J2tzMX+3uGl55Pl5DyEigPkVncJvQgZV+QKSK8HxKj019tdYqr72IiZQ426cC9wOPtD zf6VvatNiOnWPhp2KZmUKCOsBJe26YKC/t46sHxIIJDSHS9kpDJapDO+193uRWwQAcL6 CvZvSpJMTadxIj994+DManOI3GjOeSQSXDFyU/NV0x2ZUlzg+N9mr1+fa9xxh4w97gYA kjsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LAHHJ7fb; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JIxQjZDZ; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=AhoryG4l; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id t17-20020a9d7491000000b00661a1c94a56si16554502otk.202.2023.02.14.12.08.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Feb 2023 12:08:58 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LAHHJ7fb; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=JIxQjZDZ; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=AhoryG4l; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pS1bJ-0001qK-OX; Tue, 14 Feb 2023 20:08:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pS1bI-0001qD-Kn for openvpn-devel@lists.sourceforge.net; Tue, 14 Feb 2023 20:08:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2n75Gz5GgfBELAUQ6vbDPr/DWCWODQ8MI12UAY2E8iw=; b=LAHHJ7fbuqhibdKoh7eTcz5Tn3 ClXyvucPsC0QnmB2+veB8ox+/V/1ipdOK5wctnhvcA+w5Nw6lSMudDJ6fi/k6m1AhY73de7C+ckzP QKwDRRS0RMdgRJyYIkEAF+DKjmAonfflF69dgcG/qIPkTXw1HEqP1tpxZKFipX094qNQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=2n75Gz5GgfBELAUQ6vbDPr/DWCWODQ8MI12UAY2E8iw=; b=JIxQjZDZNz4xYJ1HLS5Gx5Aya0 1LQhXqvG+MrLQB77CYxV8CFjUlAk7JWz3YuvRhZBKVJk/aPGbBlpGMh0xlPsPLTvSg6Lte/0d2v6A pMTx2y0p6hWiRxKnff2FKjORpinpRjNRaKe+xLqOl1Ul2PWzOMjp6pjPuzmUpSZzIzLI=; Received: from mail-io1-f45.google.com ([209.85.166.45]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pS1bD-0005SZ-VL for openvpn-devel@lists.sourceforge.net; Tue, 14 Feb 2023 20:08:28 +0000 Received: by mail-io1-f45.google.com with SMTP id y69so2988477iof.11 for ; Tue, 14 Feb 2023 12:08:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1676405299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2n75Gz5GgfBELAUQ6vbDPr/DWCWODQ8MI12UAY2E8iw=; b=AhoryG4l0/5Ctgj0j5raCpKcH2+/Vseqpwa/KVa8AbnjHtzglT219OoQbAdLtue8jB FMlxqoP1Xtu5LlWzYRAfylYNcYypxeDS9CSOLX0aBtOyRxw1+RAIhTohYjYwslN15i1r wttPSy7ID0JYl6kQZVzkX2B/PL7gDdk5j+7rXiyzsGafFJTVna6sYn6WvMRvK0vKcXfX MZKFKXeQrTRb9emY/Cg1JPE5lmryMlisCU5IsmDVfDvtFk0r3TEhVjaOT+akbzgGJCJL OMZPcVEJuq98KE3iXvxFpeD7sZgBII9XpbQmIu0hOnVTA2w+qYM/7yEZgRFriPRtRufx z6vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1676405299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2n75Gz5GgfBELAUQ6vbDPr/DWCWODQ8MI12UAY2E8iw=; b=OUXP3OUYCqBdMZJCaaA0AX5V0HEvKqymoOvI5rY+5Iam4vMOEQI3L4lB7AMAvtOj/H m5CH5xylXyNHvkEtON1MaDL6kK3c6HiduZ1iu4BSduEybn1H77McxeBPllDI4ZJIw/Ph 2r36j89zLVAo6DoK6SLsFc/XzrfAcbAHhEAMEkNJQvg3YurAnoO8mbp5IPxdB+h2f6lP OLam11V2TyZW60TDrY4ZCjeiJnjlo/RO/a4xR/lcCvJ/V3iVJOJ4t9U5DqRX4kJ+PVQE Jyig+GfKyv69ruqXtnlzkIqBV4cAmZAhUmw7W4WlIhekko/7d+pT4DaeAEIxFUoiNz24 hdkg== X-Gm-Message-State: AO0yUKWyS3gqoS54zrAtdm9M6KOsiKfcW27ikYTJL7WInajD9cMQ/7OF HspvmX4s+rQiONNY3o2gmwmT4eLoozLSVQ== X-Received: by 2002:a05:6602:17ce:b0:73a:397b:e311 with SMTP id z14-20020a05660217ce00b0073a397be311mr131158iox.0.1676405298928; Tue, 14 Feb 2023 12:08:18 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id e5-20020a02a785000000b003a2cb2937cdsm347408jaj.31.2023.02.14.12.08.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Feb 2023 12:08:18 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 14 Feb 2023 15:08:04 -0500 Message-Id: <20230214200804.600405-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230204064010.257925-2-selva.nair@gmail.com> References: <20230204064010.257925-2-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More tests coming.. v2: a line that belongs here was mistakenly included in the previous commit. Corrected. v3: add to list of tests run in github actions v4: - correct comment above invalid strings (copy paste error) - [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.45 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.45 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pS1bD-0005SZ-VL Subject: [Openvpn-devel] [PATCH v4 3/3] Add a unit test for functions in cryptoapi.c X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756881620371918184?= X-GMAIL-MSGID: =?utf-8?q?1757838404316674275?= From: Selva Nair - Though named cryptoapi_testdriver, right now this only tests parsing of thumbprint specified as a selector for --cryptioapicert option. More tests coming.. v2: a line that belongs here was mistakenly included in the previous commit. Corrected. v3: add to list of tests run in github actions v4: - correct comment above invalid strings (copy paste error) - make invalid strings differ from correct value only in the explicitly introduced invalid characters/separators (one had two distinct errors which is not a robust test). Signed-off-by: Selva Nair Acked-by: Gert Doering --- Sorry for not noticing these earlier... .github/workflows/build.yaml | 3 + tests/unit_tests/openvpn/Makefile.am | 16 +++ tests/unit_tests/openvpn/test_cryptoapi.c | 126 ++++++++++++++++++++++ 3 files changed, 145 insertions(+) create mode 100644 tests/unit_tests/openvpn/test_cryptoapi.c diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 699964fd..5bd6da89 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -243,6 +243,9 @@ jobs: - name: Run bufferunit test run: ./unittests/buffer_testdriver.exe + - name: Run cryptoapi unit test + run: ./unittests/cryptoapi_testdriver.exe + - name: Run cryptounit test run: ./unittests/crypto_testdriver.exe diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 8d2386e0..ee0a3d8a 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -17,6 +17,7 @@ endif test_binaries += provider_testdriver if WIN32 +test_binaries += cryptoapi_testdriver LDADD = -lws2_32 endif @@ -152,6 +153,21 @@ provider_testdriver_SOURCES = test_provider.c mock_msg.c \ $(openvpn_srcdir)/win32-util.c \ $(openvpn_srcdir)/platform.c +if WIN32 +cryptoapi_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +cryptoapi_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ + $(OPTIONAL_CRYPTO_LIBS) -lcrypt32 -lncrypt +cryptoapi_testdriver_SOURCES = test_cryptoapi.c mock_msg.c \ + $(openvpn_srcdir)/xkey_helper.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/base64.c \ + $(openvpn_srcdir)/platform.c \ + mock_get_random.c \ + $(openvpn_srcdir)/win32-util.c +endif + auth_token_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ $(OPTIONAL_CRYPTO_CFLAGS) diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c new file mode 100644 index 00000000..73ef34e9 --- /dev/null +++ b/tests/unit_tests/openvpn/test_cryptoapi.c @@ -0,0 +1,126 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023 Selva Nair + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" +#include "manage.h" +#include "integer.h" +#include "xkey_common.h" + +#if defined(HAVE_XKEY_PROVIDER) && defined (ENABLE_CRYPTOAPI) +#include +#include +#include +#include +#include +#include + +#include +#include /* pull-in the whole file to test static functions */ + +struct management *management; /* global */ + +/* mock a management function that xkey_provider needs */ +char * +management_query_pk_sig(struct management *man, const char *b64_data, + const char *algorithm) +{ + (void) man; + (void) b64_data; + (void) algorithm; + return NULL; +} + +/* tls_libctx is defined in ssl_openssl.c which we do not want to compile in */ +OSSL_LIB_CTX *tls_libctx; + +#ifndef _countof +#define _countof(x) sizeof((x))/sizeof(*(x)) +#endif + +/* test data */ +static const uint8_t test_hash[] = { + 0x77, 0x38, 0x65, 0x00, 0x1e, 0x96, 0x48, 0xc6, 0x57, 0x0b, 0xae, + 0xc0, 0xb7, 0x96, 0xf9, 0x66, 0x4d, 0x5f, 0xd0, 0xb7 +}; + +/* valid test strings to test with and without embedded and trailing spaces */ +static const char *valid_str[] = { + "773865001e9648c6570baec0b796f9664d5fd0b7", + " 77 386500 1e 96 48 c6570b aec0b7 96f9664d5f d0 b7", + " 773865001e9648c6570baec0b796f9664d5fd0b7 ", +}; + +/* some invalid strings to test */ +static const char *invalid_str[] = { + "773 865001e9648c6570baec0b796f9664d5fd0b7", /* space within byte */ + "77:38:65001e9648c6570baec0b796f9664d5fd0b7", /* invalid separator */ + "7738x5001e9648c6570baec0b796f9664d5fd0b7", /* non hex character */ +}; + +static void +test_parse_hexstring(void **state) +{ + unsigned char hash[255]; + (void) state; + + for (int i = 0; i < _countof(valid_str); i++) + { + int len = parse_hexstring(valid_str[i], hash, _countof(hash)); + assert_int_equal(len, sizeof(test_hash)); + assert_memory_equal(hash, test_hash, sizeof(test_hash)); + memset(hash, 0, _countof(hash)); + } + + for (int i = 0; i < _countof(invalid_str); i++) + { + int len = parse_hexstring(invalid_str[i], hash, _countof(hash)); + assert_int_equal(len, 0); + } +} + +int +main(void) +{ + const struct CMUnitTest tests[] = { cmocka_unit_test(test_parse_hexstring) }; + + int ret = cmocka_run_group_tests_name("cryptoapi tests", tests, NULL, NULL); + + return ret; +} + +#else /* ifdef HAVE_XKEY_PROVIDER */ + +int +main(void) +{ + return 0; +} + +#endif /* ifdef HAVE_XKEY_PROVIDER */