OpenVPN
test_crypto.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include <stdio.h>
33 #include <unistd.h>
34 #include <stdlib.h>
35 #include <stdarg.h>
36 #include <string.h>
37 #include <setjmp.h>
38 #include <cmocka.h>
39 
40 #include "crypto.h"
41 
42 #include "mock_msg.h"
43 
44 static const char testtext[] = "Dummy text to test PEM encoding";
45 
46 static void
48 {
49  struct gc_arena gc = gc_new();
50  struct buffer src_buf;
51  buf_set_read(&src_buf, (void *)testtext, sizeof(testtext));
52 
53  uint8_t dec[sizeof(testtext)];
54  struct buffer dec_buf;
55  buf_set_write(&dec_buf, dec, sizeof(dec));
56 
57  struct buffer pem_buf;
58 
59  assert_true(crypto_pem_encode("TESTKEYNAME", &pem_buf, &src_buf, &gc));
60  assert_true(BLEN(&src_buf) < BLEN(&pem_buf));
61 
62  /* Wrong key name */
63  assert_false(crypto_pem_decode("WRONGNAME", &dec_buf, &pem_buf));
64 
65  assert_true(crypto_pem_decode("TESTKEYNAME", &dec_buf, &pem_buf));
66  assert_int_equal(BLEN(&src_buf), BLEN(&dec_buf));
67  assert_memory_equal(BPTR(&src_buf), BPTR(&dec_buf), BLEN(&src_buf));
68 
69  gc_free(&gc);
70 }
71 
72 static void
73 test_translate_cipher(const char *ciphername, const char *openvpn_name)
74 {
75  const cipher_kt_t *cipher = cipher_kt_get(ciphername);
76 
77  /* Empty cipher is fine */
78  if (!cipher)
79  {
80  return;
81  }
82 
83  const char *kt_name = cipher_kt_name(cipher);
84 
85  assert_string_equal(kt_name, openvpn_name);
86 }
87 
88 static void
89 test_cipher_names(const char *ciphername, const char *openvpn_name)
90 {
91  struct gc_arena gc = gc_new();
92  /* Go through some variants, if the cipher library accepts these, they
93  * should be normalised to the openvpn name */
94  char *upper = string_alloc(ciphername, &gc);
95  char *lower = string_alloc(ciphername, &gc);
96  char *random_case = string_alloc(ciphername, &gc);
97 
98  for (int i = 0; i < strlen(ciphername); i++)
99  {
100  upper[i] = toupper(ciphername[i]);
101  lower[i] = tolower(ciphername[i]);
102  if (rand() & 0x1)
103  {
104  random_case[i] = upper[i];
105  }
106  else
107  {
108  random_case[i] = lower[i];
109  }
110  }
111 
112  if (!openvpn_name)
113  {
114  openvpn_name = upper;
115  }
116 
117  test_translate_cipher(upper, openvpn_name);
118  test_translate_cipher(lower, openvpn_name);
119  test_translate_cipher(random_case, openvpn_name);
120  test_translate_cipher(ciphername, openvpn_name);
121 
122 
123  gc_free(&gc);
124 }
125 
126 static void
128 {
129  /* Test that a number of ciphers to see that they turn out correctly */
130  test_cipher_names("BF-CBC", NULL);
131  test_cipher_names("BLOWFISH-CBC", "BF-CBC");
132  test_cipher_names("Chacha20-Poly1305", NULL);
133  test_cipher_names("AES-128-GCM", NULL);
134  test_cipher_names("AES-128-CBC", NULL);
135  test_cipher_names("CAMELLIA-128-CFB128", "CAMELLIA-128-CFB");
136  test_cipher_names("id-aes256-GCM", "AES-256-GCM");
137 }
138 
139 int
140 main(void)
141 {
142  const struct CMUnitTest tests[] = {
145  };
146 
147 #if defined(ENABLE_CRYPTO_OPENSSL)
148  OpenSSL_add_all_algorithms();
149 #endif
150 
151  int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL);
152 
153 #if defined(ENABLE_CRYPTO_OPENSSL)
154  EVP_cleanup();
155 #endif
156 
157  return ret;
158 }
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
#define assert_true(c)
Definition: cmocka.h:1045
#define cmocka_unit_test(f)
Initializes a CMUnitTest structure.
Definition: cmocka.h:1653
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
static void test_translate_cipher(const char *ciphername, const char *openvpn_name)
Definition: test_crypto.c:73
static void crypto_pem_encode_decode_loopback(void **state)
Definition: test_crypto.c:47
#define BPTR(buf)
Definition: buffer.h:124
static void crypto_translate_cipher_names(void **state)
Definition: test_crypto.c:127
#define cmocka_run_group_tests_name(group_name, group_tests, group_setup, group_teardown)
Definition: cmocka.h:1818
#define assert_string_equal(a, b)
Definition: cmocka.h:1214
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
#define assert_memory_equal(a, b, size)
Definition: cmocka.h:1254
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
#define BLEN(buf)
Definition: buffer.h:127
unsigned __int8 uint8_t
Definition: config-msvc.h:159
int main(void)
Definition: test_crypto.c:140
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
static void test_cipher_names(const char *ciphername, const char *openvpn_name)
Definition: test_crypto.c:89
static const char testtext[]
Definition: test_crypto.c:44
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static void buf_set_write(struct buffer *buf, uint8_t *data, int size)
Definition: buffer.h:318
#define assert_false(c)
Definition: cmocka.h:1063
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
const cipher_kt_t * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
#define assert_int_equal(a, b)
Definition: cmocka.h:1174
const char * cipher_kt_name(const cipher_kt_t *cipher_kt)
Retrieve a string describing the cipher (e.g.