OpenVPN
test_auth_token.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2026 Sentyron B.V. <openvpn@sentyron.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35
36#include "auth_token.c"
37#include "test_common.h"
38
39struct test_context
40{
41 struct tls_multi multi;
42 struct key_type kt;
43 struct user_pass up;
44 struct tls_session *session;
45};
46
47/* Dummy functions that do nothing to mock the functionality */
48void
52
53void
54auth_set_client_reason(struct tls_multi *multi, const char *reason)
55{
56}
57
58static const char *now0key0 =
59 "SESS_ID_AT_0123456789abcdefAAAAAAAAAAAAAAAAAAAAAE5JsQJOVfo8jnI3RL3tBaR5NkE4yPfcylFUHmHSc5Bu";
60
61static const char *zeroinline = "-----BEGIN OpenVPN auth-token server key-----\n"
62 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
63 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
64 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n"
65 "-----END OpenVPN auth-token server key-----";
66
67static const char *allx01inline =
68 "-----BEGIN OpenVPN auth-token server key-----\n"
69 "AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB\n"
70 "AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB\n"
71 "AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=\n"
72 "-----END OpenVPN auth-token server key-----";
73
74static const char *random_key =
75 "-----BEGIN OpenVPN auth-token server key-----\n"
76 "+mmmf7IQ5cymtMVjKYTWk8IOcYanRlpQmV9Tb3EjkHYxueBVDg3yqRgzeBlVGzNLD//rAPiOVhau\n"
77 "3NDBjNOQB8951bfs7Cc2mYfay92Bh2gRJ5XEM/DMfzCWN+7uU6NWoTTHr4FuojnIQtjtqVAj/JS9\n"
78 "w+dTSp/vYHl+c7uHd19uVRu/qLqV85+rm4tUGIjO7FfYuwyPqwmhuIsi3hs9QkSimh888FmBpoKY\n"
79 "/tbKVTJZmSERKti9KEwtV2eVAR0znN5KW7lCB3mHVAhN7bUpcoDjfCzYIFARxwswTFu9gFkwqUMY\n"
80 "I1KUOgIsVNs4llACioeXplYekWETR+YkJwDc/A==\n"
81 "-----END OpenVPN auth-token server key-----";
82
83static const char *random_token =
84 "SESS_ID_AT_ThhRItzOKNKrh3dfAAAAAFwzHpwAAAAAXDMenDdrq0RoH3dkA1f7O3wO+7kZcx2DusVZrRmFlWQM9HOb";
85
86
87static int
88setup(void **state)
89{
90 struct test_context *ctx = calloc(1, sizeof(*ctx));
91 *state = ctx;
92
93 struct key_parameters key = { 0 };
94 key.hmac_size = MAX_HMAC_KEY_LENGTH; /* 64 byte of 0 */
95
96 ctx->kt = auth_token_kt();
97 if (!ctx->kt.digest)
98 {
99 return 0;
100 }
101 ctx->multi.opt.auth_token_generate = true;
102 ctx->multi.opt.auth_token_lifetime = 3000;
103 ctx->session = &ctx->multi.session[TM_ACTIVE];
104
105 ctx->session->opt = calloc(1, sizeof(struct tls_options));
106 ctx->session->opt->renegotiate_seconds = 240;
107 ctx->session->opt->auth_token_renewal = 120;
108 ctx->session->opt->auth_token_lifetime = 3000;
109
110 strcpy(ctx->up.username, "test user name");
111 strcpy(ctx->up.password, "ignored");
112
113 init_key_ctx(&ctx->multi.opt.auth_token_key, &key, &ctx->kt, false, "TEST");
114
115 now = 0;
116 return 0;
117}
118
119static int
120teardown(void **state)
121{
122 struct test_context *ctx = (struct test_context *)*state;
123
124 free_key_ctx(&ctx->multi.opt.auth_token_key);
125 wipe_auth_token(&ctx->multi);
126
127 free(ctx->session->opt);
128 free(ctx);
129
130 return 0;
131}
132
133static void
134auth_token_basic_test(void **state)
135{
136 struct test_context *ctx = (struct test_context *)*state;
137
138 generate_auth_token(&ctx->up, &ctx->multi);
139 strcpy(ctx->up.password, ctx->multi.auth_token);
140 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
141}
142
143static void
144auth_token_fail_invalid_key(void **state)
145{
146 struct test_context *ctx = (struct test_context *)*state;
147
148 generate_auth_token(&ctx->up, &ctx->multi);
149 strcpy(ctx->up.password, ctx->multi.auth_token);
150 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
151
152 /* Change auth-token key */
153 struct key_parameters key;
154 memset(key.hmac, '1', sizeof(key.hmac));
155 key.hmac_size = MAX_HMAC_KEY_LENGTH;
156
157 free_key_ctx(&ctx->multi.opt.auth_token_key);
158 init_key_ctx(&ctx->multi.opt.auth_token_key, &key, &ctx->kt, false, "TEST");
159
160 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), 0);
161
162 /* Load original test key again */
163 memset(&key.hmac, 0, sizeof(key.hmac));
164 free_key_ctx(&ctx->multi.opt.auth_token_key);
165 init_key_ctx(&ctx->multi.opt.auth_token_key, &key, &ctx->kt, false, "TEST");
166 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
167}
168
169/* Note: only on 32bit Windows builds */
170#if defined(__GNUC__) || defined(__clang__)
171#pragma GCC diagnostic push
172#pragma GCC diagnostic ignored "-Wsign-compare"
173#endif
174
175static void
176auth_token_test_timeout(void **state)
177{
178 struct test_context *ctx = (struct test_context *)*state;
179
180 now = 100000;
181 generate_auth_token(&ctx->up, &ctx->multi);
182
183 strcpy(ctx->up.password, ctx->multi.auth_token);
184 free(ctx->multi.auth_token_initial);
185 ctx->multi.auth_token_initial = NULL;
186
187 /* No time has passed */
188 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
189
190 /* Token before validity, should be rejected */
191 now = 100000 - 100;
192 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
193 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED);
194
195 /* Token no valid for renegotiate_seconds but still for renewal_time */
196 now = 100000 + 2 * ctx->session->opt->renegotiate_seconds - 20;
197 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
198 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED);
199
200
201 now = 100000 + 2 * ctx->session->opt->auth_token_renewal - 20;
202 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
203
204 /* Token past validity, should be rejected */
205 now = 100000 + 2 * ctx->session->opt->renegotiate_seconds + 20;
206 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
207 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED);
208
209 /* But not when we reached our timeout */
210 now = 100000 + ctx->session->opt->auth_token_lifetime + 1;
211 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
212 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED);
213
214 free(ctx->multi.auth_token_initial);
215 ctx->multi.auth_token_initial = NULL;
216
217 /* regenerate the token util it hits the expiry */
218 now = 100000;
219 while (now < 100000 + ctx->session->opt->auth_token_lifetime + 1)
220 {
221 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
222 AUTH_TOKEN_HMAC_OK);
223 generate_auth_token(&ctx->up, &ctx->multi);
224 strcpy(ctx->up.password, ctx->multi.auth_token);
225 now += ctx->session->opt->auth_token_renewal;
226 }
227
228
229 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
230 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED);
231 ctx->multi.opt.auth_token_lifetime = 0;
232
233 /* Non expiring token should be fine */
234 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
235}
236
237#if defined(__GNUC__) || defined(__clang__)
238#pragma GCC diagnostic pop
239#endif
240
241static void
242zerohmac(char *token)
243{
244 char *hmacstart =
245 token + AUTH_TOKEN_SESSION_ID_LEN + strlen(SESSION_ID_PREFIX) + 2 * sizeof(uint64_t);
246 memset(hmacstart, 0x8d, strlen(hmacstart));
247}
248
249static void
250auth_token_test_known_keys(void **state)
251{
252 struct test_context *ctx = (struct test_context *)*state;
253
254 now = 0;
255 /* Preload the session id so the same session id is used here */
256 ctx->multi.auth_token_initial = strdup(now0key0);
257 assert_non_null(ctx->multi.auth_token_initial);
258
259 /* Zero the hmac part to ensure we have a newly generated token */
260 zerohmac(ctx->multi.auth_token_initial);
261
262 generate_auth_token(&ctx->up, &ctx->multi);
263
264 assert_string_equal(now0key0, ctx->multi.auth_token);
265
266 strcpy(ctx->up.password, ctx->multi.auth_token);
267 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
268}
269
270static const char *lastsesion_statevalue;
271void
272setenv_str(struct env_set *es, const char *name, const char *value)
273{
274 if (streq(name, "session_state"))
275 {
276 lastsesion_statevalue = value;
277 }
278}
279
280void
281auth_token_test_session_mismatch(void **state)
282{
283 struct test_context *ctx = (struct test_context *)*state;
284
285 /* Generate first auth token and check it is correct */
286 generate_auth_token(&ctx->up, &ctx->multi);
287 strcpy(ctx->up.password, ctx->multi.auth_token);
288 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
289
290 char *token_sessiona = strdup(ctx->multi.auth_token);
291
292 /* Generate second token */
293 wipe_auth_token(&ctx->multi);
294
295 generate_auth_token(&ctx->up, &ctx->multi);
296 strcpy(ctx->up.password, ctx->multi.auth_token);
297 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
298
299 assert_memory_not_equal(ctx->multi.auth_token_initial + strlen(SESSION_ID_PREFIX),
300 token_sessiona + strlen(SESSION_ID_PREFIX),
301 AUTH_TOKEN_SESSION_ID_BASE64_LEN);
302
303 /* The first token is valid but should trigger the invalid response since
304 * the session id is not the same */
305 strcpy(ctx->up.password, token_sessiona);
306 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), 0);
307 free(token_sessiona);
308}
309
310static void
311auth_token_test_empty_user(void **state)
312{
313 struct test_context *ctx = (struct test_context *)*state;
314
315 CLEAR(ctx->up.username);
316 now = 0;
317
318 generate_auth_token(&ctx->up, &ctx->multi);
319 strcpy(ctx->up.password, ctx->multi.auth_token);
320 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), AUTH_TOKEN_HMAC_OK);
321
322 now = 100000;
323 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
324 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED);
325 strcpy(ctx->up.username, "test user name");
326
327 now = 0;
328 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
329 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_VALID_EMPTYUSER);
330
331 strcpy(ctx->up.username, "test user name");
332 now = 100000;
333 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
334 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED | AUTH_TOKEN_VALID_EMPTYUSER);
335
336 zerohmac(ctx->up.password);
337 assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), 0);
338}
339
340static void
341auth_token_test_env(void **state)
342{
343 struct test_context *ctx = (struct test_context *)*state;
344
345 struct key_state *ks = &ctx->multi.session[TM_ACTIVE].key[KS_PRIMARY];
346
347 ks->auth_token_state_flags = 0;
348 ctx->multi.auth_token = NULL;
349 add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
350 assert_string_equal(lastsesion_statevalue, "Initial");
351
352 ks->auth_token_state_flags = 0;
353 strcpy(ctx->up.password, now0key0);
354 add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
355 assert_string_equal(lastsesion_statevalue, "Invalid");
356
357 ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK;
358 add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
359 assert_string_equal(lastsesion_statevalue, "Authenticated");
360
361 ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED;
362 add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
363 assert_string_equal(lastsesion_statevalue, "Expired");
364
365 ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_VALID_EMPTYUSER;
366 add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
367 assert_string_equal(lastsesion_statevalue, "AuthenticatedEmptyUser");
368
369 ks->auth_token_state_flags =
370 AUTH_TOKEN_HMAC_OK | AUTH_TOKEN_EXPIRED | AUTH_TOKEN_VALID_EMPTYUSER;
371 add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
372 assert_string_equal(lastsesion_statevalue, "ExpiredEmptyUser");
373}
374
375static void
376auth_token_test_random_keys(void **state)
377{
378 struct test_context *ctx = (struct test_context *)*state;
379
380 now = 0x5c331e9c;
381 /* Preload the session id so the same session id is used here */
382 ctx->multi.auth_token_initial = strdup(random_token);
383 assert_non_null(ctx->multi.auth_token_initial);
384
385 free_key_ctx(&ctx->multi.opt.auth_token_key);
386 auth_token_init_secret(&ctx->multi.opt.auth_token_key, random_key, true);
387
388 /* Zero the hmac part to ensure we have a newly generated token */
389 zerohmac(ctx->multi.auth_token_initial);
390
391 generate_auth_token(&ctx->up, &ctx->multi);
392
393 assert_string_equal(random_token, ctx->multi.auth_token);
394
395 strcpy(ctx->up.password, ctx->multi.auth_token);
396 assert_true(verify_auth_token(&ctx->up, &ctx->multi, ctx->session));
397}
398
399
400static void
401auth_token_test_key_load(void **state)
402{
403 struct test_context *ctx = (struct test_context *)*state;
404
405 free_key_ctx(&ctx->multi.opt.auth_token_key);
406 auth_token_init_secret(&ctx->multi.opt.auth_token_key, zeroinline, true);
407 strcpy(ctx->up.password, now0key0);
408 assert_true(verify_auth_token(&ctx->up, &ctx->multi, ctx->session));
409
410 free_key_ctx(&ctx->multi.opt.auth_token_key);
411 auth_token_init_secret(&ctx->multi.opt.auth_token_key, allx01inline, true);
412 assert_false(verify_auth_token(&ctx->up, &ctx->multi, ctx->session));
413}
414
415int
416main(void)
417{
418 openvpn_unit_test_setup();
419 const struct CMUnitTest tests[] = {
420 cmocka_unit_test_setup_teardown(auth_token_basic_test, setup, teardown),
421 cmocka_unit_test_setup_teardown(auth_token_fail_invalid_key, setup, teardown),
422 cmocka_unit_test_setup_teardown(auth_token_test_known_keys, setup, teardown),
423 cmocka_unit_test_setup_teardown(auth_token_test_empty_user, setup, teardown),
424 cmocka_unit_test_setup_teardown(auth_token_test_env, setup, teardown),
425 cmocka_unit_test_setup_teardown(auth_token_test_random_keys, setup, teardown),
426 cmocka_unit_test_setup_teardown(auth_token_test_key_load, setup, teardown),
427 cmocka_unit_test_setup_teardown(auth_token_test_timeout, setup, teardown),
428 cmocka_unit_test_setup_teardown(auth_token_test_session_mismatch, setup, teardown)
429 };
430
431#if defined(ENABLE_CRYPTO_OPENSSL)
432 OpenSSL_add_all_algorithms();
433#endif
434
435 int ret = cmocka_run_group_tests_name("auth-token tests", tests, NULL, NULL);
436
437 return ret;
438}
auth_token.c
auth_token_init_secret
void auth_token_init_secret(struct key_ctx *key_ctx, const char *key_file, bool key_inline)
Loads an HMAC secret from a file or if no file is present generates a epheremal secret for the run ti...
Definition auth_token.c:124
generate_auth_token
void generate_auth_token(const struct user_pass *up, struct tls_multi *multi)
Generate an auth token based on username and timestamp.
Definition auth_token.c:161
AUTH_TOKEN_SESSION_ID_LEN
#define AUTH_TOKEN_SESSION_ID_LEN
Definition auth_token.c:21
verify_auth_token
unsigned int verify_auth_token(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Verifies the auth token to be in the format that generate_auth_token create and checks if the token i...
Definition auth_token.c:296
auth_token_kt
static struct key_type auth_token_kt(void)
Definition auth_token.c:32
AUTH_TOKEN_SESSION_ID_BASE64_LEN
#define AUTH_TOKEN_SESSION_ID_BASE64_LEN
Definition auth_token.c:22
add_session_token_env
void add_session_token_env(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
Put the session id, and auth token status into the environment if auth-token is enabled.
Definition auth_token.c:38
wipe_auth_token
void wipe_auth_token(struct tls_multi *multi)
Wipes the authentication token out of the memory, frees and cleans up related buffers and flags.
Definition auth_token.c:404
SESSION_ID_PREFIX
#define SESSION_ID_PREFIX
The prefix given to auth tokens start with, this prefix is special cased to not show up in log files ...
Definition auth_token.h:109
init_key_ctx
void init_key_ctx(struct key_ctx *ctx, const struct key_parameters *key, const struct key_type *kt, int enc, const char *prefix)
Definition crypto.c:1001
free_key_ctx
void free_key_ctx(struct key_ctx *ctx)
Definition crypto.c:1086
MAX_HMAC_KEY_LENGTH
#define MAX_HMAC_KEY_LENGTH
Definition crypto_backend.h:502
KS_PRIMARY
#define KS_PRIMARY
Primary key state index.
Definition ssl_common.h:464
TM_ACTIVE
#define TM_ACTIVE
Active tls_session.
Definition ssl_common.h:544
CLEAR
#define CLEAR(x)
Definition basic.h:32
streq
#define streq(x, y)
Definition options.h:720
now
time_t now
Definition otime.c:33
AUTH_TOKEN_HMAC_OK
#define AUTH_TOKEN_HMAC_OK
Auth-token sent from client has valid hmac.
Definition ssl_common.h:686
AUTH_TOKEN_EXPIRED
#define AUTH_TOKEN_EXPIRED
Auth-token sent from client has expired.
Definition ssl_common.h:688
AUTH_TOKEN_VALID_EMPTYUSER
#define AUTH_TOKEN_VALID_EMPTYUSER
Auth-token is only valid for an empty username and not the username actually supplied from the client...
Definition ssl_common.h:696
env_set
Definition env_set.h:43
key_parameters
internal structure similar to struct key that holds key information but is not represented on wire an...
Definition crypto.h:163
key_state
Security parameter state of one TLS and data channel key session.
Definition ssl_common.h:208
key_state::auth_token_state_flags
unsigned int auth_token_state_flags
The state of the auth-token sent from the client.
Definition ssl_common.h:211
key_state::state
int state
Definition ssl_common.h:209
key_type
Definition crypto.h:141
key_type::digest
const char * digest
Message digest static parameters.
Definition crypto.h:143
key
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
key::hmac
uint8_t hmac[MAX_HMAC_KEY_LENGTH]
Key material for HMAC operations.
Definition crypto.h:155
test_context
Definition test_auth_token.c:40
test_context::up
struct user_pass up
Definition test_auth_token.c:43
test_context::multi
struct tls_multi multi
Definition test_auth_token.c:41
test_context::session
struct tls_session * session
Definition test_auth_token.c:44
test_context::kt
struct key_type kt
Definition test_auth_token.c:42
tls_multi
Security parameter state for a single VPN tunnel.
Definition ssl_common.h:611
tls_multi::auth_token_initial
char * auth_token_initial
The first auth-token we sent to a client.
Definition ssl_common.h:683
tls_multi::opt
struct tls_options opt
Definition ssl_common.h:616
tls_multi::session
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer.
Definition ssl_common.h:711
tls_multi::auth_token
char * auth_token
If server sends a generated auth-token, this is the token to use for future user/pass authentications...
Definition ssl_common.h:678
tls_options
Definition ssl_common.h:307
tls_options::auth_token_key
struct key_ctx auth_token_key
Definition ssl_common.h:407
tls_options::auth_token_renewal
unsigned int auth_token_renewal
Definition ssl_common.h:405
tls_options::auth_token_lifetime
unsigned int auth_token_lifetime
Definition ssl_common.h:404
tls_options::renegotiate_seconds
interval_t renegotiate_seconds
Definition ssl_common.h:350
tls_options::auth_token_generate
bool auth_token_generate
Generate auth-tokens on successful user/pass auth,seet via options->auth_token_generate.
Definition ssl_common.h:400
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:489
tls_session::key
struct key_state key[KS_SIZE]
Definition ssl_common.h:524
tls_session::opt
struct tls_options * opt
Definition ssl_common.h:491
user_pass
Definition misc.h:52
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:67
auth_token_test_env
static void auth_token_test_env(void **state)
Definition test_auth_token.c:341
teardown
static int teardown(void **state)
Definition test_auth_token.c:120
auth_set_client_reason
void auth_set_client_reason(struct tls_multi *multi, const char *reason)
Sets the reason why authentication of a client failed.
Definition test_auth_token.c:54
auth_token_test_known_keys
static void auth_token_test_known_keys(void **state)
Definition test_auth_token.c:250
zeroinline
static const char * zeroinline
Definition test_auth_token.c:61
auth_token_test_key_load
static void auth_token_test_key_load(void **state)
Definition test_auth_token.c:401
random_token
static const char * random_token
Definition test_auth_token.c:83
now0key0
static const char * now0key0
Definition test_auth_token.c:58
auth_token_test_timeout
static void auth_token_test_timeout(void **state)
Definition test_auth_token.c:176
auth_token_test_random_keys
static void auth_token_test_random_keys(void **state)
Definition test_auth_token.c:376
auth_token_test_session_mismatch
void auth_token_test_session_mismatch(void **state)
Definition test_auth_token.c:281
auth_token_test_empty_user
static void auth_token_test_empty_user(void **state)
Definition test_auth_token.c:311
main
int main(void)
Definition test_auth_token.c:416
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition test_auth_token.c:272
auth_token_fail_invalid_key
static void auth_token_fail_invalid_key(void **state)
Definition test_auth_token.c:144
random_key
static const char * random_key
Definition test_auth_token.c:74
setup
static int setup(void **state)
Definition test_auth_token.c:88
lastsesion_statevalue
static const char * lastsesion_statevalue
Definition test_auth_token.c:270
auth_token_basic_test
static void auth_token_basic_test(void **state)
Definition test_auth_token.c:134
allx01inline
static const char * allx01inline
Definition test_auth_token.c:67
zerohmac
static void zerohmac(char *token)
Definition test_auth_token.c:242
send_push_reply_auth_token
void send_push_reply_auth_token(struct tls_multi *multi)
Sends a push reply message only containin the auth-token to update the auth-token on the client.
Definition test_auth_token.c:49
test_common.h
openvpn_unit_test_setup
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:61
es
struct env_set * es
Definition test_pkcs11.c:138
Generated by doxygen 1.9.8