From patchwork Wed Jan 16 04:24:50 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steffan Karger <steffan.karger@fox-it.com>
X-Patchwork-Id: 663
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP id OEnfCDZNP1xxCQAAIUCqbw
	for <patchwork@openvpn.net>; Wed, 16 Jan 2019 10:26:46 -0500
Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6])
	by director9.mail.ord1d.rsapps.net with LMTP id CFx1CDZNP1zVGwAAalYnBA
	; Wed, 16 Jan 2019 10:26:46 -0500
Received: from smtp5.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy4.mail.ord1d.rsapps.net with LMTP id EI08CDZNP1xDIQAAiYrejw
	; Wed, 16 Jan 2019 10:26:46 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp5.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=fox-it.com;
 dmarc=fail (p=none; dis=none) header.from=fox-it.com
X-Suspicious-Flag: YES
X-Classification-ID: 21f4002e-19a3-11e9-8f22-525400d73c44-1-1
Received: from [216.105.38.7] ([216.105.38.7:18431]
 helo=lists.sourceforge.net)
	by smtp5.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id FB/BB-16240-53D4F3C5; Wed, 16 Jan 2019 10:26:45 -0500
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1gjn4T-0003e9-KD; Wed, 16 Jan 2019 15:25:37 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <steffan.karger@fox-it.com>) id 1gjn4S-0003e2-CU
 for openvpn-devel@lists.sourceforge.net; Wed, 16 Jan 2019 15:25:36 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Type:MIME-Version:Date:Subject:CC:To:From:
 Sender:Reply-To:Message-ID:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=TLtWyZxwVKFCgFhhISOkA2IvdIiU7tlwUU/I79i0KzE=; b=jU8MZgIxtiEJlTgLIWmwm+NFVv
 wY80FqeMRnZm9F9XvfjAD5P5sjaF6VhK6eI7ZvKZVl+xj7OcxyQ4nwkcKj+J20H/KJusTcs20FOzG
 hUORoNrWac5z5Ug6lB7rXxVEf05/gKs0xCrK5/ptGuLO36aV+Zzdw0KyNR9AAoPENLNw=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Type:MIME-Version:Date:Subject:CC:To:From:Sender:Reply-To:
 Message-ID:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=TLtWyZxwVKFCgFhhISOkA2IvdIiU7tlwUU/I79i0KzE=; b=ML9RWUYxN3zjWjVufQyNjViBit
 /TRj73Z3a/4z+9M92I7OKah8LUvhPZJ2Gjlp1h2qUyiZuwPaGdHTKuW5eXadKNoAS3DHWBmQl6MxX
 3//aCnCbl/KmiV3H1dbaL1TFgwWMf0/aBSg8fh5HTrVLySV1wFRDxMQgCAf/6EJYiLE4=;
Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135])
 by sfi-mx-4.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 id 1gjn4L-006wlp-1k
 for openvpn-devel@lists.sourceforge.net; Wed, 16 Jan 2019 15:25:36 +0000
From: Steffan Karger <steffan.karger@fox-it.com>
To: <openvpn-devel@lists.sourceforge.net>
Date: Wed, 16 Jan 2019 16:24:50 +0100
X-Mailer: git-send-email 2.17.1
MIME-Version: 1.0
X-ClientProxiedBy: FOXDFT52.FOX.local (10.0.0.129) To FOXDFT52.FOX.local
 (10.0.0.129)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=fox-it.com; s=NL-DFT-MX-01;
 c=relaxed/relaxed;
 h=from:to:cc:subject:date:mime-version:content-type;
 bh=TLtWyZxwVKFCgFhhISOkA2IvdIiU7tlwUU/I79i0KzE=;
 b=aq1xg8qA0i7rwMazJtZ99y+fz3bbzb2AVOWfa6QLUdXHowfPRDosArzgCWXvmyBucmQKJqRIjr5Z
 +qM9HZu/+fKRsIYdGR46KlTVN1mIrg2OW0Puni9MQfhvya0kzDVVMMBnFyXLgvnG/U9z9l1cJl6Q
 kbkfkXwRjqdKjhFWSWBJqIwcZYPu16P8CNOtIoMpydGNsz9txcDLk0Fuj4lUWZQRia+jWA/sYkYr
 Is6eQWxzd20YNAbIhAc+k2VmNJN4lquNO+mHQoUmYzkj+SLbfKffrLlpNq7RT8NUNGQH/VycfRNF
 JXIVKlE+bPEiT2K4WrYPBUKU/XQ5pvch4QLqGA==
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 1.0 MISSING_MID            Missing Message-Id: header
 0.8 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1gjn4L-006wlp-1k
Subject: [Openvpn-devel] [PATCH] Extend tls-crypt-v2 unit tests
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
Message-Id: <E1gjn4T-0003e9-KD@sfs-ml-1.v29.lw.sourceforge.com>
X-getmail-retrieved-from-mailbox: Inbox

This commit adds two tests for tls-crypt-v2 to verify the client and
server key generation. These are introduced primarily as a regression
test for the off-by-one bug fixed by Arne in tls_crypt_v2_read_keyfile()
recently (no commit hash availble, patch has not been applied yet).

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
---
 tests/unit_tests/openvpn/Makefile.am      |  6 +-
 tests/unit_tests/openvpn/test_tls_crypt.c | 89 ++++++++++++++++++++++-
 2 files changed, 93 insertions(+), 2 deletions(-)

diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am
index b4304e35..4f137b2b 100644
--- a/tests/unit_tests/openvpn/Makefile.am
+++ b/tests/unit_tests/openvpn/Makefile.am
@@ -55,7 +55,11 @@ packet_id_testdriver_SOURCES = test_packet_id.c mock_msg.c \
 
 tls_crypt_testdriver_CFLAGS  = @TEST_CFLAGS@ \
 	-I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir)
-tls_crypt_testdriver_LDFLAGS = @TEST_LDFLAGS@ -Wl,--wrap=parse_line
+tls_crypt_testdriver_LDFLAGS = @TEST_LDFLAGS@ \
+	-Wl,--wrap=buffer_read_from_file \
+	-Wl,--wrap=buffer_write_file \
+	-Wl,--wrap=parse_line \
+	-Wl,--wrap=rand_bytes
 tls_crypt_testdriver_SOURCES = test_tls_crypt.c mock_msg.c \
 	$(openvpn_srcdir)/argv.c \
 	$(openvpn_srcdir)/base64.c \
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c
index 62721e82..b793a7a2 100644
--- a/tests/unit_tests/openvpn/test_tls_crypt.c
+++ b/tests/unit_tests/openvpn/test_tls_crypt.c
@@ -49,7 +49,30 @@
 #define PARAM1      "param1"
 #define PARAM2      "param two"
 
-const char plaintext_short[1];
+static const char *plaintext_short = "";
+
+static const char *test_server_key = \
+        "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
+        "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
+        "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
+        "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
+        "-----END OpenVPN tls-crypt-v2 server key-----\n";
+
+static const char *test_client_key = \
+        "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
+        "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
+        "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
+        "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
+        "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
+        "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
+        "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
+        "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
+        "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
+        "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
+        "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
+        "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
+        "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
+        "-----END OpenVPN tls-crypt-v2 client key-----\n";
 
 int
 __wrap_parse_line(const char *line, char **p, const int n, const char *file,
@@ -61,6 +84,40 @@ __wrap_parse_line(const char *line, char **p, const int n, const char *file,
     return 3;
 }
 
+bool
+__wrap_buffer_write_file(const char *filename, const struct buffer *buf)
+{
+    const char *pem = BSTR(buf);
+    check_expected(filename);
+    check_expected(pem);
+
+    return mock();
+}
+
+struct buffer
+__wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
+{
+    check_expected(filename);
+
+    const char *pem_str = (const char *) mock();
+    struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
+    buf_write(&ret, pem_str, strlen(pem_str) + 1);
+
+    return ret;
+}
+
+
+/** Predictable random for tests */
+int
+__wrap_rand_bytes(uint8_t *output, int len)
+{
+    for (int i = 0; i < len; i++)
+    {
+        output[i] = i;
+    }
+    return true;
+}
+
 struct test_tls_crypt_context {
     struct crypto_options co;
     struct key_type kt;
@@ -450,6 +507,34 @@ tls_crypt_v2_wrap_unwrap_dst_too_small(void **state) {
     assert_true(0 == BLEN(&ctx->unwrapped_metadata));
 }
 
+static void
+test_tls_crypt_v2_write_server_key_file(void **state) {
+    const char *filename = "testfilename.key";
+
+    expect_string(__wrap_buffer_write_file, filename, filename);
+    expect_string(__wrap_buffer_write_file, pem, test_server_key);
+    will_return(__wrap_buffer_write_file, true);
+
+    tls_crypt_v2_write_server_key_file(filename);
+}
+
+static void
+test_tls_crypt_v2_write_client_key_file(void **state) {
+    const char *filename = "testfilename.key";
+
+    /* Test writing the client key */
+    expect_string(__wrap_buffer_write_file, filename, filename);
+    expect_string(__wrap_buffer_write_file, pem, test_client_key);
+    will_return(__wrap_buffer_write_file, true);
+
+    /* Key generation re-reads the created file as a sanity check */
+    expect_string(__wrap_buffer_read_from_file, filename, filename);
+    will_return(__wrap_buffer_read_from_file, test_client_key);
+
+    tls_crypt_v2_write_client_key_file(filename, NULL, INLINE_FILE_TAG,
+                                       test_server_key);
+}
+
 int
 main(void) {
     const struct CMUnitTest tests[] = {
@@ -489,6 +574,8 @@ main(void) {
         cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small,
                                         test_tls_crypt_v2_setup,
                                         test_tls_crypt_v2_teardown),
+        cmocka_unit_test(test_tls_crypt_v2_write_server_key_file),
+        cmocka_unit_test(test_tls_crypt_v2_write_client_key_file),
     };
 
 #if defined(ENABLE_CRYPTO_OPENSSL)