Data Structures | Macros | Functions | Variables
test_pkcs11.c File Reference
#include "syshead.h"
#include "manage.h"
#include "base64.h"
#include "run_command.h"
#include "xkey_common.h"
#include "cert_data.h"
#include "pkcs11.h"
#include "ssl.h"
#include <setjmp.h>
#include <cmocka.h>
#include "test_common.h"
Include dependency graph for test_pkcs11.c:

Go to the source code of this file.

Data Structures

struct  test_cert


#define token_name   "Test Token"
#define PIN   "12345"
#define HASHSIZE   20


void crypto_print_openssl_errors (const unsigned int flags)
 Retrieve any occurred OpenSSL errors and print those errors. More...
int parse_line (const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
char * x509_get_subject (openvpn_x509_cert_t *cert, struct gc_arena *gc)
void query_user_clear (void)
 Wipes all data put into all of the query_user structs. More...
bool query_user_exec_builtin (void)
 Executes a configured setup, using the built-in method for querying the user. More...
void query_user_add (char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
 Adds an item to ask the user for. More...
void purge_user_pass (struct user_pass *up, const bool force)
char * management_query_pk_sig (struct management *man, const char *b64_data, const char *algorithm)
int digest_sign_verify (EVP_PKEY *privkey, EVP_PKEY *pubkey)
void init_cert_data ()
bool get_user_pass_cr (struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *unused)
 Retrieves the user credentials from various sources depending on the flags. More...
static void sha1_fingerprint (X509 *x509, uint8_t *hash, int capacity)
static int init (void **state)
static int cleanup (void **state)
static int setup_pkcs11 (void **state)
static int teardown_pkcs11 (void **state)
static struct test_certlookup_cert_byhash (uint8_t *sha1)
static void test_pkcs11_ids (void **state)
static void test_tls_ctx_use_pkcs11 (void **state)
static void test_tls_ctx_use_pkcs11__management (void **state)
int main (void)


struct managementmanagement
static struct test_cert certs [5]
static bool pkcs11_id_management
static char softhsm2_tokens_path [] = "softhsm2_tokens_XXXXXX"
static char softhsm2_conf_path [] = "softhsm2_conf_XXXXXX"
int num_certs
static const char * pkcs11_id_current
struct env_setes

Macro Definition Documentation


#define HASHSIZE   20

Definition at line 44 of file test_pkcs11.c.


#define PIN   "12345"

Definition at line 43 of file test_pkcs11.c.

◆ token_name

#define token_name   "Test Token"

Definition at line 42 of file test_pkcs11.c.

Function Documentation

◆ cleanup()

static int cleanup ( void **  state)

◆ crypto_print_openssl_errors()

void crypto_print_openssl_errors ( const unsigned int  flags)

Retrieve any occurred OpenSSL errors and print those errors.

Note that this function uses the not thread-safe OpenSSL error API.

flagsFlags to indicate error type and priority.

Definition at line 51 of file test_pkcs11.c.

References check_debug_level(), D_CRYPT_ERRORS, D_TLS_DEBUG_MED, ERR_get_error_all(), and msg.

◆ digest_sign_verify()

int digest_sign_verify ( EVP_PKEY *  privkey,
EVP_PKEY *  pubkey 

Referenced by test_tls_ctx_use_pkcs11().

◆ get_user_pass_cr()

bool get_user_pass_cr ( struct user_pass up,
const char *  auth_file,
const char *  prefix,
const unsigned int  flags,
const char *  auth_challenge 

Retrieves the user credentials from various sources depending on the flags.

upThe user_pass structure to store the retrieved credentials.
auth_fileThe path to the authentication file. Might be NULL.
prefixThe prefix to prepend to user prompts.
flagsAdditional flags to control the behavior of the function.
auth_challengeThe authentication challenge string.
true if the user credentials were successfully retrieved, false otherwise.

Definition at line 152 of file test_pkcs11.c.

References alloc_buf_gc(), auth_challenge, auth_user_pass_mgmt(), BLEN, BOOL_CAST, BSTR, buf_parse(), buf_printf(), buf_set_read(), buf_set_write(), CC_CRLF, CC_PRINT, auth_challenge_info::challenge_text, chomp(), CR_ECHO, D_LOW, user_pass::defined, auth_challenge_info::flags, gc_free(), gc_malloc(), gc_new(), GET_USER_PASS_DYNAMIC_CHALLENGE, GET_USER_PASS_INLINE_CREDS, GET_USER_PASS_MANAGEMENT, GET_USER_PASS_NEED_OK, GET_USER_PASS_NEED_STR, GET_USER_PASS_PASSWORD_ONLY, GET_USER_PASS_PREVIOUS_CREDS_FAILED, GET_USER_PASS_STATIC_CHALLENGE, GET_USER_PASS_STATIC_CHALLENGE_ECHO, M_ERR, M_FATAL, M_INFO, M_NONFATAL, M_WARN, management_query_user_pass_enabled(), msg, openvpn_base64_encode(), openvpn_snprintf(), parse_auth_challenge(), user_pass::password, PIN, pkcs11_id_current, pkcs11_id_management, platform_fopen(), query_user_add(), query_user_clear(), query_user_exec(), query_user_SINGLE(), auth_challenge_info::state_id, streq, string_clear(), string_mod(), strncpynt(), auth_challenge_info::user, USER_PASS_LEN, and user_pass::username.

Referenced by get_user_pass().

◆ init()

static int init ( void **  state)

◆ init_cert_data()

void init_cert_data ( )

Definition at line 137 of file test_pkcs11.c.

References cert1, cert2, cert3, cert4, certs, cname1, cname2, cname3, cname4, key1, key2, key3, and key4.

Referenced by init().

◆ lookup_cert_byhash()

static struct test_cert* lookup_cert_byhash ( uint8_t *  sha1)

Definition at line 338 of file test_pkcs11.c.

References test_cert::cert, certs, test_cert::hash, and HASHSIZE.

Referenced by test_pkcs11_ids().

◆ main()

int main ( void  )

◆ management_query_pk_sig()

char* management_query_pk_sig ( struct management man,
const char *  b64_data,
const char *  algorithm 

◆ parse_line()

int parse_line ( const char *  line,
char **  p,
const int  n,
const char *  file,
const int  line_num,
int  msglevel,
struct gc_arena gc 

Definition at line 62 of file test_pkcs11.c.

◆ purge_user_pass()

void purge_user_pass ( struct user_pass up,
const bool  force 

Definition at line 95 of file test_pkcs11.c.

References M_WARN, msg, user_pass::nocache, and secure_memzero().

◆ query_user_add()

void query_user_add ( char *  prompt,
size_t  prompt_len,
char *  resp,
size_t  resp_len,
bool  echo 

Adds an item to ask the user for.

promptPrompt to display to the user
prompt_lenLength of the prompt string
respString containing the user response
resp_lenLength of the response string
echoShould the user input be echoed to the user? If False, input will be masked

Definition at line 85 of file test_pkcs11.c.

References ASSERT, _query_user::echo, _query_user::prompt, _query_user::prompt_len, query_user, QUERY_USER_NUMSLOTS, _query_user::response, and _query_user::response_len.

Referenced by query_user_SINGLE().

◆ query_user_clear()

void query_user_clear ( void  )

Wipes all data put into all of the query_user structs.

Definition at line 74 of file test_pkcs11.c.

References CLEAR, query_user, and QUERY_USER_NUMSLOTS.

Referenced by query_user_SINGLE().

◆ query_user_exec_builtin()

bool query_user_exec_builtin ( void  )

Executes a configured setup, using the built-in method for querying the user.

This method uses the console/TTY directly.

setupPointer to the setup defining what to ask the user
True if executing all the defined steps completed successfully

Executes a configured setup, using the built-in method for querying the user.

Default method for querying user using default stdin/stdout on a console. This needs to be available as a backup interface for the alternative implementations in case they cannot query through their implementation specific methods.

If no alternative implementation is declared, a wrapper in console.h will ensure query_user_exec() will call this function instead.

Definition at line 79 of file test_pkcs11.c.

◆ setup_pkcs11()

static int setup_pkcs11 ( void **  state)

Definition at line 301 of file test_pkcs11.c.

References tls_libctx.

Referenced by main().

◆ sha1_fingerprint()

static void sha1_fingerprint ( X509 *  x509,
uint8_t *  hash,
int  capacity 

Definition at line 177 of file test_pkcs11.c.

Referenced by init(), test_pkcs11_ids(), and test_tls_ctx_use_pkcs11().

◆ teardown_pkcs11()

static int teardown_pkcs11 ( void **  state)

Definition at line 320 of file test_pkcs11.c.

References SIZE, and tls_libctx.

Referenced by main().

◆ test_pkcs11_ids()

static void test_pkcs11_ids ( void **  state)

◆ test_tls_ctx_use_pkcs11()

static void test_tls_ctx_use_pkcs11 ( void **  state)

◆ test_tls_ctx_use_pkcs11__management()

static void test_tls_ctx_use_pkcs11__management ( void **  state)

Definition at line 455 of file test_pkcs11.c.

References pkcs11_id_management, and test_tls_ctx_use_pkcs11().

Referenced by main().

◆ x509_get_subject()

char* x509_get_subject ( openvpn_x509_cert_t cert,
struct gc_arena gc 

Definition at line 69 of file test_pkcs11.c.

Referenced by verify_cert().

Variable Documentation

◆ certs

struct test_cert certs[5]

◆ es

struct env_set* es

Definition at line 133 of file test_pkcs11.c.

Referenced by add_bypass_routes(), add_option(), add_route(), add_route3(), add_route_connected_v6_net(), add_route_ipv6(), add_routes(), apply_push_options(), cleanup(), del_bypass_routes(), del_route3(), delete_route(), delete_route_ipv6(), delete_routes(), do_ifconfig(), do_ifconfig_ipv4(), do_ifconfig_ipv6(), do_ifconfig_setenv(), do_init_route_ipv6_list(), do_init_route_list(), do_route(), do_setenv_x509(), env_block(), env_set_add(), env_set_add_nolock(), env_set_create(), env_set_del(), env_set_del_nolock(), env_set_destroy(), env_set_get(), env_set_inherit(), env_set_print(), event_ctl(), event_del(), event_free(), event_reset(), event_wait(), init(), init_route_ipv6_list(), init_route_list(), init_tun(), ipconfig_register_dns(), learn_address_script(), link_socket_connection_initiated(), link_socket_set_outgoing_addr(), make_env_array(), man_output_env(), man_output_extra_env(), management_connection_established(), management_notify_client_close(), management_notify_client_cr_response(), management_notify_client_needing_auth(), management_socket_set(), management_up_down(), openvpn_execve(), openvpn_execve_check(), openvpn_popen(), openvpn_run_script(), options_postprocess(), options_postprocess_mutate(), options_postprocess_pull(), options_server_import(), options_string_import(), output_peer_info_env(), parse_argv(), plugin_call(), plugin_call_ssl(), plugin_common_open(), plugin_list_open(), push_peer_info(), read_config_file(), read_config_string(), receive_cr_response(), redirect_default_route_to_vpn(), route_list_add_vpn_gateway(), run_up_down(), set_lladdr(), set_win_sys_path(), set_win_sys_path_via_env(), setenv_connection_entry(), setenv_counter(), setenv_del(), setenv_dns_option(), setenv_dns_options(), setenv_in6_addr(), setenv_in_addr_t(), setenv_int(), setenv_int_i(), setenv_link_socket_actual(), setenv_long_long(), setenv_route(), setenv_route_addr(), setenv_route_ipv6(), setenv_routes(), setenv_routes_ipv6(), setenv_settings(), setenv_sockaddr(), setenv_str(), setenv_str_ex(), setenv_str_i(), setenv_str_incr(), setenv_str_safe(), setenv_trusted(), socket_set(), socket_set_listen_persistent(), tls_crypt_v2_verify_metadata(), tls_x509_clear_env(), tun_set(), undo_redirect_default_route_to_vpn(), verify_cert_call_command(), verify_cert_call_plugin(), verify_cert_cert_delete_env(), verify_cert_cert_export_env(), verify_cert_set_env(), wait_signal(), we_ctl(), we_del(), we_free(), we_reset(), we_wait(), x509_setenv(), and x509_setenv_track().

◆ management

Definition at line 47 of file test_pkcs11.c.

◆ num_certs

int num_certs

Definition at line 131 of file test_pkcs11.c.

Referenced by init(), and test_pkcs11_ids().

◆ pkcs11_id_current

const char* pkcs11_id_current

Definition at line 132 of file test_pkcs11.c.

Referenced by get_user_pass_cr(), and test_tls_ctx_use_pkcs11().

◆ pkcs11_id_management

bool pkcs11_id_management

◆ softhsm2_conf_path

char softhsm2_conf_path[] = "softhsm2_conf_XXXXXX"

Definition at line 130 of file test_pkcs11.c.

Referenced by cleanup(), and init().

◆ softhsm2_tokens_path

char softhsm2_tokens_path[] = "softhsm2_tokens_XXXXXX"

Definition at line 129 of file test_pkcs11.c.

Referenced by cleanup(), and init().