#include "syshead.h"#include "manage.h"#include "base64.h"#include "run_command.h"#include "xkey_common.h"#include "cert_data.h"#include "pkcs11.h"#include "ssl.h"#include <setjmp.h>#include <cmocka.h>#include "test_common.h"
Go to the source code of this file.
Data Structures | |
| struct | test_cert |
Macros | |
| #define | token_name "Test Token" |
| #define | PIN "12345" |
| #define | HASHSIZE 20 |
Functions | |
| void | crypto_print_openssl_errors (const unsigned int flags) |
| Retrieve any occurred OpenSSL errors and print those errors. More... | |
| int | parse_line (const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc) |
| char * | x509_get_subject (openvpn_x509_cert_t *cert, struct gc_arena *gc) |
| void | query_user_clear (void) |
| Wipes all data put into all of the query_user structs. More... | |
| bool | query_user_exec_builtin (void) |
| Executes a configured setup, using the built-in method for querying the user. More... | |
| void | query_user_add (char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo) |
| Adds an item to ask the user for. More... | |
| void | purge_user_pass (struct user_pass *up, const bool force) |
| char * | management_query_pk_sig (struct management *man, const char *b64_data, const char *algorithm) |
| int | digest_sign_verify (EVP_PKEY *privkey, EVP_PKEY *pubkey) |
| void | init_cert_data (void) |
| bool | get_user_pass_cr (struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *unused) |
| Retrieves the user credentials from various sources depending on the flags. More... | |
| static void | sha1_fingerprint (X509 *x509, uint8_t *hash, int capacity) |
| static int | init (void **state) |
| static int | cleanup (void **state) |
| static int | setup_pkcs11 (void **state) |
| static int | teardown_pkcs11 (void **state) |
| static struct test_cert * | lookup_cert_byhash (uint8_t *sha1) |
| static void | test_pkcs11_ids (void **state) |
| static void | test_tls_ctx_use_pkcs11 (void **state) |
| static void | test_tls_ctx_use_pkcs11__management (void **state) |
| int | main (void) |
Variables | |
| struct management * | management |
| static struct test_cert | certs [5] |
| static bool | pkcs11_id_management |
| static char | softhsm2_tokens_path [] = "softhsm2_tokens_XXXXXX" |
| static char | softhsm2_conf_path [] = "softhsm2_conf_XXXXXX" |
| int | num_certs |
| static const char * | pkcs11_id_current |
| struct env_set * | es |
Macro Definition Documentation
◆ HASHSIZE
| #define HASHSIZE 20 |
Definition at line 44 of file test_pkcs11.c.
◆ PIN
| #define PIN "12345" |
Definition at line 43 of file test_pkcs11.c.
◆ token_name
| #define token_name "Test Token" |
Definition at line 42 of file test_pkcs11.c.
Function Documentation
◆ cleanup()
|
static |
Definition at line 280 of file test_pkcs11.c.
References argv_free(), argv_new(), argv_printf(), test_cert::cert, certs, env_set_destroy(), es, openvpn_execve_check(), softhsm2_conf_path, softhsm2_tokens_path, and token_name.
Referenced by buffer_read_from_file(), buffer_write_file(), cipher_kt_block_size(), crypto_pem_decode(), crypto_pem_encode(), incoming_push_message(), main(), multi_client_connect_call_plugin_v1(), multi_client_connect_call_script(), ProcessDeferredAction(), read_control_auth(), read_pem_key_file(), socks_username_password_auth(), tls_crypt_v2_verify_metadata(), tls_crypt_v2_write_client_key_file(), tls_ctx_use_management_external_key(), tls_session_generate_data_channel_keys(), verify_callback(), verify_cert(), verify_check_crl_dir(), and write_pem_key_file().
◆ crypto_print_openssl_errors()
| void crypto_print_openssl_errors | ( | const unsigned int | flags | ) |
Retrieve any occurred OpenSSL errors and print those errors.
Note that this function uses the not thread-safe OpenSSL error API.
- Parameters
-
flags Flags to indicate error type and priority.
Definition at line 51 of file test_pkcs11.c.
References check_debug_level(), D_CRYPT_ERRORS, D_TLS_DEBUG_MED, ERR_get_error_all(), and msg.
◆ digest_sign_verify()
| int digest_sign_verify | ( | EVP_PKEY * | privkey, |
| EVP_PKEY * | pubkey | ||
| ) |
Referenced by test_tls_ctx_use_pkcs11().
◆ get_user_pass_cr()
| bool get_user_pass_cr | ( | struct user_pass * | up, |
| const char * | auth_file, | ||
| const char * | prefix, | ||
| const unsigned int | flags, | ||
| const char * | auth_challenge | ||
| ) |
Retrieves the user credentials from various sources depending on the flags.
- Parameters
-
up The user_pass structure to store the retrieved credentials. auth_file The path to the authentication file. Might be NULL. prefix The prefix to prepend to user prompts. flags Additional flags to control the behavior of the function. auth_challenge The authentication challenge string.
- Returns
- true if the user credentials were successfully retrieved, false otherwise.
Definition at line 152 of file test_pkcs11.c.
References alloc_buf_gc(), auth_challenge, auth_user_pass_mgmt(), BLEN, BOOL_CAST, BSTR, buf_parse(), buf_printf(), buf_set_read(), buf_set_write(), CC_CRLF, CC_PRINT, auth_challenge_info::challenge_text, chomp(), CR_ECHO, D_LOW, user_pass::defined, auth_challenge_info::flags, gc_free(), gc_malloc(), gc_new(), GET_USER_PASS_DYNAMIC_CHALLENGE, GET_USER_PASS_INLINE_CREDS, GET_USER_PASS_MANAGEMENT, GET_USER_PASS_NEED_OK, GET_USER_PASS_NEED_STR, GET_USER_PASS_PASSWORD_ONLY, GET_USER_PASS_PREVIOUS_CREDS_FAILED, GET_USER_PASS_STATIC_CHALLENGE, GET_USER_PASS_STATIC_CHALLENGE_ECHO, M_ERR, M_FATAL, M_INFO, M_NONFATAL, M_WARN, management_query_user_pass_enabled(), msg, openvpn_base64_encode(), parse_auth_challenge(), user_pass::password, PIN, pkcs11_id_current, pkcs11_id_management, platform_fopen(), query_user_add(), query_user_clear(), query_user_exec(), query_user_SINGLE(), auth_challenge_info::state_id, streq, string_clear(), string_mod(), strncpynt(), auth_challenge_info::user, USER_PASS_LEN, and user_pass::username.
Referenced by get_user_pass().
◆ init()
|
static |
Definition at line 189 of file test_pkcs11.c.
References argv_free(), argv_new(), argv_printf(), test_cert::cert, certs, env_set_create(), es, HASHSIZE, init_cert_data(), num_certs, openvpn_execve_check(), PIN, setenv_str(), sha1_fingerprint(), softhsm2_conf_path, softhsm2_tokens_path, token_name, and write.
Referenced by main().
◆ init_cert_data()
| void init_cert_data | ( | void | ) |
◆ lookup_cert_byhash()
|
static |
Definition at line 338 of file test_pkcs11.c.
References test_cert::cert, certs, test_cert::hash, and HASHSIZE.
Referenced by test_pkcs11_ids().
◆ main()
| int main | ( | void | ) |
Definition at line 462 of file test_pkcs11.c.
References cleanup(), init(), openvpn_unit_test_setup(), setup_pkcs11(), teardown_pkcs11(), test_pkcs11_ids(), test_tls_ctx_use_pkcs11(), and test_tls_ctx_use_pkcs11__management().
◆ management_query_pk_sig()
| char* management_query_pk_sig | ( | struct management * | man, |
| const char * | b64_data, | ||
| const char * | algorithm | ||
| ) |
Definition at line 102 of file test_pkcs11.c.
References alloc_buf(), buf_bptr(), buf_write(), man_connection::client_version, management::connection, man_connection::ext_key_input, man_connection::ext_key_state, free_buf(), and management_query_multiline_flatten().
◆ parse_line()
| int parse_line | ( | const char * | line, |
| char ** | p, | ||
| const int | n, | ||
| const char * | file, | ||
| const int | line_num, | ||
| int | msglevel, | ||
| struct gc_arena * | gc | ||
| ) |
Definition at line 62 of file test_pkcs11.c.
◆ purge_user_pass()
| void purge_user_pass | ( | struct user_pass * | up, |
| const bool | force | ||
| ) |
Definition at line 95 of file test_pkcs11.c.
References M_WARN, msg, user_pass::nocache, and secure_memzero().
◆ query_user_add()
| void query_user_add | ( | char * | prompt, |
| size_t | prompt_len, | ||
| char * | resp, | ||
| size_t | resp_len, | ||
| bool | echo | ||
| ) |
Adds an item to ask the user for.
- Parameters
-
prompt Prompt to display to the user prompt_len Length of the prompt string resp String containing the user response resp_len Length of the response string echo Should the user input be echoed to the user? If False, input will be masked
Definition at line 85 of file test_pkcs11.c.
References ASSERT, _query_user::echo, _query_user::prompt, _query_user::prompt_len, query_user, QUERY_USER_NUMSLOTS, _query_user::response, and _query_user::response_len.
Referenced by query_user_SINGLE().
◆ query_user_clear()
| void query_user_clear | ( | void | ) |
Wipes all data put into all of the query_user structs.
Definition at line 74 of file test_pkcs11.c.
References CLEAR, query_user, and QUERY_USER_NUMSLOTS.
Referenced by query_user_SINGLE().
◆ query_user_exec_builtin()
| bool query_user_exec_builtin | ( | void | ) |
Executes a configured setup, using the built-in method for querying the user.
This method uses the console/TTY directly.
- Parameters
-
setup Pointer to the setup defining what to ask the user
- Returns
- True if executing all the defined steps completed successfully
Executes a configured setup, using the built-in method for querying the user.
Default method for querying user using default stdin/stdout on a console. This needs to be available as a backup interface for the alternative implementations in case they cannot query through their implementation specific methods.
If no alternative implementation is declared, a wrapper in console.h will ensure query_user_exec() will call this function instead.
Definition at line 79 of file test_pkcs11.c.
◆ setup_pkcs11()
|
static |
◆ sha1_fingerprint()
|
static |
Definition at line 177 of file test_pkcs11.c.
Referenced by init(), test_pkcs11_ids(), and test_tls_ctx_use_pkcs11().
◆ teardown_pkcs11()
|
static |
Definition at line 320 of file test_pkcs11.c.
References SIZE, and tls_libctx.
Referenced by main().
◆ test_pkcs11_ids()
|
static |
Definition at line 350 of file test_pkcs11.c.
References test_cert::cert, certs, test_cert::hash, HASHSIZE, lookup_cert_byhash(), num_certs, openvpn_base64_decode(), test_cert::p11_id, and sha1_fingerprint().
Referenced by main().
◆ test_tls_ctx_use_pkcs11()
|
static |
Definition at line 402 of file test_pkcs11.c.
References test_cert::cert, certs, tls_root_ctx::ctx, digest_sign_verify(), HASHSIZE, pkcs11_id_current, pkcs11_id_management, sha1_fingerprint(), SSL_CTX_new_ex, and tls_libctx.
Referenced by main(), and test_tls_ctx_use_pkcs11__management().
◆ test_tls_ctx_use_pkcs11__management()
|
static |
Definition at line 455 of file test_pkcs11.c.
References pkcs11_id_management, and test_tls_ctx_use_pkcs11().
Referenced by main().
◆ x509_get_subject()
| char* x509_get_subject | ( | openvpn_x509_cert_t * | cert, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 69 of file test_pkcs11.c.
Referenced by verify_cert().
Variable Documentation
◆ certs
|
static |
Referenced by cleanup(), init(), init_cert_data(), lookup_cert_byhash(), test_pkcs11_ids(), and test_tls_ctx_use_pkcs11().
◆ es
| struct env_set* es |
Definition at line 133 of file test_pkcs11.c.
Referenced by add_bypass_routes(), add_option(), add_route(), add_route3(), add_route_connected_v6_net(), add_route_ipv6(), add_routes(), apply_push_options(), cleanup(), del_bypass_routes(), del_route3(), delete_route(), delete_route_ipv6(), delete_routes(), do_ifconfig(), do_ifconfig_ipv4(), do_ifconfig_ipv6(), do_ifconfig_setenv(), do_init_route_ipv6_list(), do_init_route_list(), do_route(), do_setenv_x509(), env_block(), env_set_add(), env_set_add_nolock(), env_set_create(), env_set_del(), env_set_del_nolock(), env_set_destroy(), env_set_get(), env_set_inherit(), env_set_print(), event_ctl(), event_del(), event_free(), event_reset(), event_wait(), init(), init_route_ipv6_list(), init_route_list(), init_tun(), ipconfig_register_dns(), learn_address_script(), link_socket_connection_initiated(), link_socket_set_outgoing_addr(), make_env_array(), man_output_env(), man_output_extra_env(), management_connection_established(), management_notify_client_close(), management_notify_client_cr_response(), management_notify_client_needing_auth(), management_socket_set(), management_up_down(), openvpn_execve(), openvpn_execve_check(), openvpn_popen(), openvpn_run_script(), options_postprocess(), options_postprocess_mutate(), options_postprocess_pull(), options_server_import(), options_string_import(), output_peer_info_env(), parse_argv(), plugin_call(), plugin_call_ssl(), plugin_common_open(), plugin_list_open(), push_peer_info(), read_config_file(), read_config_string(), receive_cr_response(), redirect_default_route_to_vpn(), route_list_add_vpn_gateway(), run_up_down(), set_lladdr(), set_win_sys_path(), set_win_sys_path_via_env(), setenv_connection_entry(), setenv_counter(), setenv_del(), setenv_dns_option(), setenv_dns_options(), setenv_in6_addr(), setenv_in_addr_t(), setenv_int(), setenv_int_i(), setenv_link_socket_actual(), setenv_long_long(), setenv_route(), setenv_route_addr(), setenv_route_ipv6(), setenv_routes(), setenv_routes_ipv6(), setenv_settings(), setenv_sockaddr(), setenv_str(), setenv_str_ex(), setenv_str_i(), setenv_str_incr(), setenv_str_safe(), setenv_trusted(), socket_set(), socket_set_listen_persistent(), tls_crypt_v2_verify_metadata(), tls_x509_clear_env(), tun_set(), undo_redirect_default_route_to_vpn(), verify_cert_call_command(), verify_cert_call_plugin(), verify_cert_cert_delete_env(), verify_cert_cert_export_env(), verify_cert_set_env(), wait_signal(), we_ctl(), we_del(), we_free(), we_reset(), we_wait(), x509_setenv(), and x509_setenv_track().
◆ management
| struct management* management |
Definition at line 47 of file test_pkcs11.c.
◆ num_certs
| int num_certs |
Definition at line 131 of file test_pkcs11.c.
Referenced by init(), and test_pkcs11_ids().
◆ pkcs11_id_current
|
static |
Definition at line 132 of file test_pkcs11.c.
Referenced by get_user_pass_cr(), and test_tls_ctx_use_pkcs11().
◆ pkcs11_id_management
|
static |
Definition at line 128 of file test_pkcs11.c.
Referenced by get_user_pass_cr(), options_postprocess_verify_ce(), show_settings(), test_tls_ctx_use_pkcs11(), and test_tls_ctx_use_pkcs11__management().
◆ softhsm2_conf_path
|
static |
Definition at line 130 of file test_pkcs11.c.
◆ softhsm2_tokens_path
|
static |
Definition at line 129 of file test_pkcs11.c.
