Line data Source code
1 : /*
2 : SSSD
3 :
4 : Crypto tests
5 :
6 : Author: Jakub Hrozek <jhrozek@redhat.com>
7 :
8 : Copyright (C) Red Hat, Inc 2010
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include <stdlib.h>
25 : #include <popt.h>
26 : #include <check.h>
27 :
28 : #include "util/util.h"
29 : #include "tests/common_check.h"
30 :
31 : /* interfaces under test */
32 : #include "util/crypto/sss_crypto.h"
33 : #include "util/crypto/nss/nss_util.h"
34 :
35 : static TALLOC_CTX *test_ctx = NULL;
36 :
37 : #ifdef HAVE_NSS
38 1 : START_TEST(test_nss_init)
39 : {
40 : int ret;
41 :
42 1 : ret = nspr_nss_init();
43 1 : fail_if(ret != EOK);
44 :
45 1 : ret = nspr_nss_cleanup();
46 1 : fail_if(ret != EOK);
47 : }
48 1 : END_TEST
49 : #endif
50 :
51 1 : START_TEST(test_encrypt_decrypt)
52 : {
53 1 : const char *password[] = { "test123", /* general */
54 : "12345678901234567", /* just above blocksize */
55 : "", /* empty */
56 : NULL}; /* sentinel */
57 : int i;
58 1 : char *obfpwd = NULL;
59 1 : char *ctpwd = NULL;
60 : int ret;
61 : int expected;
62 :
63 : #if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO)
64 1 : expected = EOK;
65 : #else
66 : #error Unknown crypto back end
67 : #endif
68 :
69 1 : test_ctx = talloc_new(NULL);
70 1 : fail_if(test_ctx == NULL);
71 1 : ck_leaks_push(test_ctx);
72 :
73 4 : for (i=0; password[i]; i++) {
74 3 : ret = sss_password_encrypt(test_ctx, password[i], strlen(password[i])+1,
75 : AES_256, &obfpwd);
76 3 : fail_if(ret != expected);
77 :
78 3 : ret = sss_password_decrypt(test_ctx, obfpwd, &ctpwd);
79 3 : fail_if(ret != expected);
80 :
81 3 : fail_if(ctpwd && strcmp(password[i], ctpwd) != 0);
82 :
83 3 : talloc_free(obfpwd);
84 3 : talloc_free(ctpwd);
85 : }
86 :
87 1 : ck_leaks_pop(test_ctx);
88 1 : talloc_free(test_ctx);
89 : }
90 1 : END_TEST
91 :
92 1 : START_TEST(test_hmac_sha1)
93 : {
94 1 : const char *message = "test message";
95 1 : const char *keys[] = {
96 : "short",
97 : "proper6789012345678901234567890123456789012345678901234567890123",
98 : "longlonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglong",
99 : NULL };
100 1 : const char *results[] = {
101 : "\x2b\x27\x53\x07\x17\xd8\xc0\x8f\x97\x27\xdd\xb3\xec\x41\xd8\xa3\x94\x97\xaa\x35",
102 : "\x37\xe7\x0a\x6f\x71\x0b\xa9\x93\x81\x53\x8f\x5c\x06\x83\x44\x2f\xc9\x41\xe3\xed",
103 : "\xbd\x99\xa7\x7f\xfc\x5e\xde\x04\x32\x7f\x7b\x71\x4d\xc0\x3f\x51\x2d\x25\x01\x28",
104 : NULL };
105 : unsigned char out[SSS_SHA1_LENGTH];
106 : int ret, expected;
107 : int i;
108 :
109 : #if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO)
110 1 : expected = EOK;
111 : #else
112 : #error Unknown crypto back end
113 : #endif
114 :
115 4 : for (i = 0; keys[i]; i++) {
116 3 : ret = sss_hmac_sha1((const unsigned char *)keys[i], strlen(keys[i]),
117 : (const unsigned char *)message, strlen(message),
118 : out);
119 3 : fail_if(ret != expected);
120 3 : fail_if(ret == EOK && memcmp(out, results[i], SSS_SHA1_LENGTH) != 0);
121 : }
122 : }
123 1 : END_TEST
124 :
125 1 : START_TEST(test_base64_encode)
126 : {
127 1 : const unsigned char obfbuf[] = "test";
128 1 : const char expected[] = "dGVzdA==";
129 1 : char *obfpwd = NULL;
130 :
131 1 : test_ctx = talloc_new(NULL);
132 1 : fail_if(test_ctx == NULL);
133 : /* Base64 encode the buffer */
134 1 : obfpwd = sss_base64_encode(test_ctx, obfbuf, strlen((const char*)obfbuf));
135 1 : fail_if(obfpwd == NULL);
136 1 : fail_if(strcmp(obfpwd,expected) != 0);
137 :
138 1 : talloc_free(test_ctx);
139 : }
140 1 : END_TEST
141 :
142 1 : START_TEST(test_base64_decode)
143 : {
144 1 : unsigned char *obfbuf = NULL;
145 : size_t obflen;
146 1 : const char b64encoded[] = "dGVzdA==";
147 1 : const unsigned char expected[] = "test";
148 :
149 1 : test_ctx = talloc_new(NULL);
150 1 : fail_if(test_ctx == NULL);
151 : /* Base64 decode the buffer */
152 1 : obfbuf = sss_base64_decode(test_ctx, b64encoded, &obflen);
153 1 : fail_if(!obfbuf);
154 1 : fail_if(obflen != strlen((const char*)expected));
155 1 : fail_if(memcmp(obfbuf, expected, obflen) != 0);
156 :
157 1 : talloc_free(test_ctx);
158 : }
159 1 : END_TEST
160 :
161 1 : Suite *crypto_suite(void)
162 : {
163 1 : Suite *s = suite_create("sss_crypto");
164 :
165 1 : TCase *tc = tcase_create("sss crypto tests");
166 1 : tcase_add_checked_fixture(tc, ck_leak_check_setup, ck_leak_check_teardown);
167 : /* Do some testing */
168 : #ifdef HAVE_NSS
169 1 : tcase_add_test(tc, test_nss_init);
170 : #endif
171 1 : tcase_add_test(tc, test_encrypt_decrypt);
172 1 : tcase_add_test(tc, test_hmac_sha1);
173 1 : tcase_add_test(tc, test_base64_encode);
174 1 : tcase_add_test(tc, test_base64_decode);
175 : /* Add all test cases to the test suite */
176 1 : suite_add_tcase(s, tc);
177 :
178 1 : return s;
179 : }
180 :
181 :
182 1 : int main(int argc, const char *argv[])
183 : {
184 : int opt;
185 : poptContext pc;
186 : int number_failed;
187 :
188 1 : struct poptOption long_options[] = {
189 : POPT_AUTOHELP
190 : { "debug-level", 'd', POPT_ARG_INT, &debug_level, 0, "Set debug level", NULL },
191 : POPT_TABLEEND
192 : };
193 :
194 : /* Set debug level to invalid value so we can deside if -d 0 was used. */
195 1 : debug_level = SSSDBG_INVALID;
196 :
197 1 : pc = poptGetContext(argv[0], argc, argv, long_options, 0);
198 1 : while((opt = poptGetNextOpt(pc)) != -1) {
199 : switch(opt) {
200 : default:
201 0 : fprintf(stderr, "\nInvalid option %s: %s\n\n",
202 : poptBadOption(pc, 0), poptStrerror(opt));
203 0 : poptPrintUsage(pc, stderr, 0);
204 0 : return 1;
205 : }
206 : }
207 1 : poptFreeContext(pc);
208 :
209 1 : DEBUG_CLI_INIT(debug_level);
210 :
211 1 : tests_set_cwd();
212 :
213 1 : Suite *s = crypto_suite();
214 1 : SRunner *sr = srunner_create(s);
215 1 : srunner_run_all(sr, CK_ENV);
216 1 : number_failed = srunner_ntests_failed(sr);
217 1 : srunner_free(sr);
218 :
219 1 : return (number_failed == 0 ? EXIT_SUCCESS : EXIT_FAILURE);
220 : }
|
