summaryrefslogtreecommitdiff
path: root/tests/unit_tests/openvpn
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff.email>2021-11-29 20:46:00 +0100
committerJörg Frings-Fürst <debian@jff.email>2021-11-29 20:46:00 +0100
commitf2b3dda12a731c2e0971cb7889728edaf23f6cb0 (patch)
treefdf8833416567ca3842f347b2126cdbb13c746bd /tests/unit_tests/openvpn
parent4ee98f284a93c3b855092d35ac21371d9dcad65b (diff)
New upstream version 2.5.4upstream/2.5.4
Diffstat (limited to 'tests/unit_tests/openvpn')
-rw-r--r--tests/unit_tests/openvpn/Makefile.in5
-rw-r--r--tests/unit_tests/openvpn/mock_get_random.c2
-rw-r--r--tests/unit_tests/openvpn/mock_msg.c2
-rw-r--r--tests/unit_tests/openvpn/mock_msg.h2
-rw-r--r--tests/unit_tests/openvpn/test_auth_token.c93
-rw-r--r--tests/unit_tests/openvpn/test_buffer.c2
-rw-r--r--tests/unit_tests/openvpn/test_crypto.c2
-rw-r--r--tests/unit_tests/openvpn/test_ncp.c2
-rw-r--r--tests/unit_tests/openvpn/test_networking.c2
-rw-r--r--tests/unit_tests/openvpn/test_packet_id.c2
-rw-r--r--tests/unit_tests/openvpn/test_tls_crypt.c2
11 files changed, 60 insertions, 56 deletions
diff --git a/tests/unit_tests/openvpn/Makefile.in b/tests/unit_tests/openvpn/Makefile.in
index 1775516..d051bda 100644
--- a/tests/unit_tests/openvpn/Makefile.in
+++ b/tests/unit_tests/openvpn/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.2 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -579,6 +579,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sampledir = @sampledir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
diff --git a/tests/unit_tests/openvpn/mock_get_random.c b/tests/unit_tests/openvpn/mock_get_random.c
index da92a9b..d0d2574 100644
--- a/tests/unit_tests/openvpn/mock_get_random.c
+++ b/tests/unit_tests/openvpn/mock_get_random.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2017 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2017-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/mock_msg.c b/tests/unit_tests/openvpn/mock_msg.c
index 140e637..3ede98c 100644
--- a/tests/unit_tests/openvpn/mock_msg.c
+++ b/tests/unit_tests/openvpn/mock_msg.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/mock_msg.h b/tests/unit_tests/openvpn/mock_msg.h
index 53cae26..be5f2e5 100644
--- a/tests/unit_tests/openvpn/mock_msg.h
+++ b/tests/unit_tests/openvpn/mock_msg.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/test_auth_token.c b/tests/unit_tests/openvpn/test_auth_token.c
index dbde863..6bfddf0 100644
--- a/tests/unit_tests/openvpn/test_auth_token.c
+++ b/tests/unit_tests/openvpn/test_auth_token.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -45,7 +45,7 @@ struct test_context {
struct tls_multi multi;
struct key_type kt;
struct user_pass up;
- struct tls_session session;
+ struct tls_session *session;
};
/* Dummy functions that do nothing to mock the functionality */
@@ -100,10 +100,11 @@ setup(void **state)
}
ctx->multi.opt.auth_token_generate = true;
ctx->multi.opt.auth_token_lifetime = 3000;
+ ctx->session = &ctx->multi.session[TM_ACTIVE];
- ctx->session.opt = calloc(1, sizeof(struct tls_options));
- ctx->session.opt->renegotiate_seconds = 120;
- ctx->session.opt->auth_token_lifetime = 3000;
+ ctx->session->opt = calloc(1, sizeof(struct tls_options));
+ ctx->session->opt->renegotiate_seconds = 120;
+ ctx->session->opt->auth_token_lifetime = 3000;
strcpy(ctx->up.username, "test user name");
strcpy(ctx->up.password, "ignored");
@@ -122,7 +123,7 @@ teardown(void **state)
free_key_ctx(&ctx->multi.opt.auth_token_key);
wipe_auth_token(&ctx->multi);
- free(ctx->session.opt);
+ free(ctx->session->opt);
free(ctx);
return 0;
@@ -135,7 +136,7 @@ auth_token_basic_test(void **state)
generate_auth_token(&ctx->up, &ctx->multi);
strcpy(ctx->up.password, ctx->multi.auth_token);
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
}
@@ -146,7 +147,7 @@ auth_token_fail_invalid_key(void **state)
generate_auth_token(&ctx->up, &ctx->multi);
strcpy(ctx->up.password, ctx->multi.auth_token);
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
/* Change auth-token key */
@@ -155,13 +156,13 @@ auth_token_fail_invalid_key(void **state)
free_key_ctx(&ctx->multi.opt.auth_token_key);
init_key_ctx(&ctx->multi.opt.auth_token_key, &key, &ctx->kt, false, "TEST");
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session), 0);
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session), 0);
/* Load original test key again */
memset(&key, 0, sizeof(key));
free_key_ctx(&ctx->multi.opt.auth_token_key);
init_key_ctx(&ctx->multi.opt.auth_token_key, &key, &ctx->kt, false, "TEST");
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
}
@@ -176,32 +177,32 @@ auth_token_test_timeout(void **state)
strcpy(ctx->up.password, ctx->multi.auth_token);
/* No time has passed */
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
/* Token before validity, should be rejected */
now = 100000 - 100;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED);
/* Token still in validity, should be accepted */
- now = 100000 + 2*ctx->session.opt->renegotiate_seconds - 20;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ now = 100000 + 2*ctx->session->opt->renegotiate_seconds - 20;
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
/* Token past validity, should be rejected */
- now = 100000 + 2*ctx->session.opt->renegotiate_seconds + 20;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ now = 100000 + 2*ctx->session->opt->renegotiate_seconds + 20;
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED);
/* Check if the mode for a client that never updates its token works */
ctx->multi.auth_token_initial = strdup(ctx->up.password);
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
/* But not when we reached our timeout */
- now = 100000 + ctx->session.opt->auth_token_lifetime + 1;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ now = 100000 + ctx->session->opt->auth_token_lifetime + 1;
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED);
free(ctx->multi.auth_token_initial);
@@ -209,22 +210,22 @@ auth_token_test_timeout(void **state)
/* regenerate the token util it hits the expiry */
now = 100000;
- while (now < 100000 + ctx->session.opt->auth_token_lifetime + 1)
+ while (now < 100000 + ctx->session->opt->auth_token_lifetime + 1)
{
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
generate_auth_token(&ctx->up, &ctx->multi);
strcpy(ctx->up.password, ctx->multi.auth_token);
- now += ctx->session.opt->renegotiate_seconds;
+ now += ctx->session->opt->renegotiate_seconds;
}
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED);
ctx->multi.opt.auth_token_lifetime = 0;
/* Non expiring token should be fine */
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
}
@@ -253,7 +254,7 @@ auth_token_test_known_keys(void **state)
assert_string_equal(now0key0, ctx->multi.auth_token);
strcpy(ctx->up.password, ctx->multi.auth_token);
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
}
@@ -277,25 +278,25 @@ auth_token_test_empty_user(void **state)
generate_auth_token(&ctx->up, &ctx->multi);
strcpy(ctx->up.password, ctx->multi.auth_token);
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK);
now = 100000;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED);
strcpy(ctx->up.username, "test user name");
now = 0;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_VALID_EMPTYUSER);
strcpy(ctx->up.username, "test user name");
now = 100000;
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED|AUTH_TOKEN_VALID_EMPTYUSER);
zerohmac(ctx->up.password);
- assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session),
+ assert_int_equal(verify_auth_token(&ctx->up, &ctx->multi, ctx->session),
0);
}
@@ -304,30 +305,32 @@ auth_token_test_env(void **state)
{
struct test_context *ctx = (struct test_context *) *state;
- ctx->multi.auth_token_state_flags = 0;
+ struct key_state *ks = &ctx->multi.session[TM_ACTIVE].key[KS_PRIMARY];
+
+ ks->auth_token_state_flags = 0;
ctx->multi.auth_token = NULL;
- add_session_token_env(&ctx->session, &ctx->multi, &ctx->up);
+ add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
assert_string_equal(lastsesion_statevalue, "Initial");
- ctx->multi.auth_token_state_flags = 0;
+ ks->auth_token_state_flags = 0;
strcpy(ctx->up.password, now0key0);
- add_session_token_env(&ctx->session, &ctx->multi, &ctx->up);
+ add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
assert_string_equal(lastsesion_statevalue, "Invalid");
- ctx->multi.auth_token_state_flags = AUTH_TOKEN_HMAC_OK;
- add_session_token_env(&ctx->session, &ctx->multi, &ctx->up);
+ ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK;
+ add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
assert_string_equal(lastsesion_statevalue, "Authenticated");
- ctx->multi.auth_token_state_flags = AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED;
- add_session_token_env(&ctx->session, &ctx->multi, &ctx->up);
+ ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED;
+ add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
assert_string_equal(lastsesion_statevalue, "Expired");
- ctx->multi.auth_token_state_flags = AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_VALID_EMPTYUSER;
- add_session_token_env(&ctx->session, &ctx->multi, &ctx->up);
+ ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_VALID_EMPTYUSER;
+ add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
assert_string_equal(lastsesion_statevalue, "AuthenticatedEmptyUser");
- ctx->multi.auth_token_state_flags = AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED|AUTH_TOKEN_VALID_EMPTYUSER;
- add_session_token_env(&ctx->session, &ctx->multi, &ctx->up);
+ ks->auth_token_state_flags = AUTH_TOKEN_HMAC_OK|AUTH_TOKEN_EXPIRED|AUTH_TOKEN_VALID_EMPTYUSER;
+ add_session_token_env(ctx->session, &ctx->multi, &ctx->up);
assert_string_equal(lastsesion_statevalue, "ExpiredEmptyUser");
}
@@ -351,7 +354,7 @@ auth_token_test_random_keys(void **state)
assert_string_equal(random_token, ctx->multi.auth_token);
strcpy(ctx->up.password, ctx->multi.auth_token);
- assert_true(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session));
+ assert_true(verify_auth_token(&ctx->up, &ctx->multi, ctx->session));
}
@@ -363,11 +366,11 @@ auth_token_test_key_load(void **state)
free_key_ctx(&ctx->multi.opt.auth_token_key);
auth_token_init_secret(&ctx->multi.opt.auth_token_key, zeroinline, true);
strcpy(ctx->up.password, now0key0);
- assert_true(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session));
+ assert_true(verify_auth_token(&ctx->up, &ctx->multi, ctx->session));
free_key_ctx(&ctx->multi.opt.auth_token_key);
auth_token_init_secret(&ctx->multi.opt.auth_token_key, allx01inline, true);
- assert_false(verify_auth_token(&ctx->up, &ctx->multi, &ctx->session));
+ assert_false(verify_auth_token(&ctx->up, &ctx->multi, ctx->session));
}
int
diff --git a/tests/unit_tests/openvpn/test_buffer.c b/tests/unit_tests/openvpn/test_buffer.c
index d2188b0..5e854c2 100644
--- a/tests/unit_tests/openvpn/test_buffer.c
+++ b/tests/unit_tests/openvpn/test_buffer.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c
index ea9b99b..baaaa92 100644
--- a/tests/unit_tests/openvpn/test_crypto.c
+++ b/tests/unit_tests/openvpn/test_crypto.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/test_ncp.c b/tests/unit_tests/openvpn/test_ncp.c
index 4077be5..494a028 100644
--- a/tests/unit_tests/openvpn/test_ncp.c
+++ b/tests/unit_tests/openvpn/test_ncp.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2019 Arne Schwabe <arne@rfc2549.org>
+ * Copyright (C) 2019-2021 Arne Schwabe <arne@rfc2549.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/test_networking.c b/tests/unit_tests/openvpn/test_networking.c
index e7c148f..9e9744f 100644
--- a/tests/unit_tests/openvpn/test_networking.c
+++ b/tests/unit_tests/openvpn/test_networking.c
@@ -3,7 +3,7 @@
#include "networking.h"
-static char *iface = "dummy0";
+static char *iface = "ovpn-dummy0";
static int
net__iface_up(bool up)
diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c
index 52bceb0..a3d4db2 100644
--- a/tests/unit_tests/openvpn/test_packet_id.c
+++ b/tests/unit_tests/openvpn/test_packet_id.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c
index 218772e..3e604d6 100644
--- a/tests/unit_tests/openvpn/test_tls_crypt.c
+++ b/tests/unit_tests/openvpn/test_tls_crypt.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2