summaryrefslogtreecommitdiff
path: root/tests/unit_tests/openvpn/test_tls_crypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/unit_tests/openvpn/test_tls_crypt.c')
-rw-r--r--tests/unit_tests/openvpn/test_tls_crypt.c206
1 files changed, 108 insertions, 98 deletions
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c
index 473a232..7b014e0 100644
--- a/tests/unit_tests/openvpn/test_tls_crypt.c
+++ b/tests/unit_tests/openvpn/test_tls_crypt.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2016-2017 Fox Crypto B.V. <openvpn@fox-it.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -44,32 +44,33 @@
#include "mock_msg.h"
-#define TESTBUF_SIZE 128
+#define TESTBUF_SIZE 128
const char plaintext_short[1];
struct test_context {
- struct crypto_options co;
- struct key_type kt;
- struct buffer source;
- struct buffer ciphertext;
- struct buffer unwrapped;
+ struct crypto_options co;
+ struct key_type kt;
+ struct buffer source;
+ struct buffer ciphertext;
+ struct buffer unwrapped;
};
-static int setup(void **state) {
+static int
+setup(void **state) {
struct test_context *ctx = calloc(1, sizeof(*ctx));
- ctx->kt.cipher = cipher_kt_get ("AES-256-CTR");
- ctx->kt.cipher_length = cipher_kt_key_size (ctx->kt.cipher);
- ctx->kt.digest = md_kt_get ("SHA256");
- ctx->kt.hmac_length = md_kt_size (ctx->kt.digest);
+ ctx->kt.cipher = cipher_kt_get("AES-256-CTR");
+ ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher);
+ ctx->kt.digest = md_kt_get("SHA256");
+ ctx->kt.hmac_length = md_kt_size(ctx->kt.digest);
struct key key = { 0 };
- init_key_ctx (&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
- init_key_ctx (&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
+ init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
+ init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
- packet_id_init (&ctx->co.packet_id, 0, 0, "test", 0);
+ packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
ctx->source = alloc_buf(TESTBUF_SIZE);
ctx->ciphertext = alloc_buf(TESTBUF_SIZE);
@@ -86,14 +87,15 @@ static int setup(void **state) {
return 0;
}
-static int teardown(void **state) {
+static int
+teardown(void **state) {
struct test_context *ctx = (struct test_context *) *state;
- free_buf (&ctx->source);
- free_buf (&ctx->ciphertext);
- free_buf (&ctx->unwrapped);
+ free_buf(&ctx->source);
+ free_buf(&ctx->ciphertext);
+ free_buf(&ctx->unwrapped);
- free_key_ctx_bi (&ctx->co.key_ctx_bi);
+ free_key_ctx_bi(&ctx->co.key_ctx_bi);
free(ctx);
@@ -103,92 +105,98 @@ static int teardown(void **state) {
/**
* Check that short messages are successfully wrapped-and-unwrapped.
*/
-static void tls_crypt_loopback(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
-
- assert_true (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
- assert_true (BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
- assert_true (tls_crypt_unwrap (&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
- assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
- assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
- BLEN(&ctx->source));
+static void
+tls_crypt_loopback(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
+
+ assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
+ assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
+ assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
+ assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
+ assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
+ BLEN(&ctx->source));
}
/**
* Check that zero-byte messages are successfully wrapped-and-unwrapped.
*/
-static void tls_crypt_loopback_zero_len(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
+static void
+tls_crypt_loopback_zero_len(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
- buf_clear(&ctx->source);
+ buf_clear(&ctx->source);
- assert_true (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
- assert_true (BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
- assert_true (tls_crypt_unwrap (&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
- assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
- assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
- BLEN(&ctx->source));
+ assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
+ assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
+ assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
+ assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
+ assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
+ BLEN(&ctx->source));
}
/**
* Check that max-length messages are successfully wrapped-and-unwrapped.
*/
-static void tls_crypt_loopback_max_len(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
-
- buf_clear(&ctx->source);
- assert_non_null (buf_write_alloc (&ctx->source,
- TESTBUF_SIZE - BLEN (&ctx->ciphertext) - tls_crypt_buf_overhead()));
-
- assert_true (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
- assert_true (BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
- assert_true (tls_crypt_unwrap (&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
- assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
- assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
- BLEN(&ctx->source));
+static void
+tls_crypt_loopback_max_len(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
+
+ buf_clear(&ctx->source);
+ assert_non_null(buf_write_alloc(&ctx->source,
+ TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead()));
+
+ assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
+ assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
+ assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
+ assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
+ assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
+ BLEN(&ctx->source));
}
/**
* Check that too-long messages are gracefully rejected.
*/
-static void tls_crypt_fail_msg_too_long(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
+static void
+tls_crypt_fail_msg_too_long(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
- buf_clear(&ctx->source);
- assert_non_null (buf_write_alloc (&ctx->source,
- TESTBUF_SIZE - BLEN (&ctx->ciphertext) - tls_crypt_buf_overhead() + 1));
- assert_false (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
+ buf_clear(&ctx->source);
+ assert_non_null(buf_write_alloc(&ctx->source,
+ TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1));
+ assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
}
/**
* Check that packets that were wrapped (or unwrapped) with a different key
* are not accepted.
*/
-static void tls_crypt_fail_invalid_key(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
+static void
+tls_crypt_fail_invalid_key(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
- /* Change decrypt key */
- struct key key = { { 1 } };
- free_key_ctx (&ctx->co.key_ctx_bi.decrypt);
- init_key_ctx (&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
+ /* Change decrypt key */
+ struct key key = { { 1 } };
+ free_key_ctx(&ctx->co.key_ctx_bi.decrypt);
+ init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
- assert_true (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
- assert_true (BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
- assert_false (tls_crypt_unwrap (&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
+ assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
+ assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
+ assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
}
/**
* Check that replayed packets are not accepted.
*/
-static void tls_crypt_fail_replay(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
-
- assert_true (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
- assert_true (BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
- struct buffer tmp = ctx->ciphertext;
- assert_true (tls_crypt_unwrap (&tmp, &ctx->unwrapped, &ctx->co));
- buf_clear (&ctx->unwrapped);
- assert_false (tls_crypt_unwrap (&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
+static void
+tls_crypt_fail_replay(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
+
+ assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
+ assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
+ struct buffer tmp = ctx->ciphertext;
+ assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
+ buf_clear(&ctx->unwrapped);
+ assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
}
/**
@@ -196,34 +204,36 @@ static void tls_crypt_fail_replay(void **state) {
* is used for the first control channel packet that arrives, because we don't
* know the packet ID yet.
*/
-static void tls_crypt_ignore_replay(void **state) {
- struct test_context *ctx = (struct test_context *) *state;
+static void
+tls_crypt_ignore_replay(void **state) {
+ struct test_context *ctx = (struct test_context *) *state;
- ctx->co.flags |= CO_IGNORE_PACKET_ID;
+ ctx->co.flags |= CO_IGNORE_PACKET_ID;
- assert_true (tls_crypt_wrap (&ctx->source, &ctx->ciphertext, &ctx->co));
- assert_true (BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
- struct buffer tmp = ctx->ciphertext;
- assert_true (tls_crypt_unwrap (&tmp, &ctx->unwrapped, &ctx->co));
- buf_clear (&ctx->unwrapped);
- assert_true (tls_crypt_unwrap (&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
+ assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
+ assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
+ struct buffer tmp = ctx->ciphertext;
+ assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
+ buf_clear(&ctx->unwrapped);
+ assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
}
-int main(void) {
+int
+main(void) {
const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(tls_crypt_loopback, setup, teardown),
- cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len,
- setup, teardown),
- cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len,
- setup, teardown),
- cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long,
- setup, teardown),
- cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key,
- setup, teardown),
- cmocka_unit_test_setup_teardown(tls_crypt_fail_replay,
- setup, teardown),
- cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay,
- setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_loopback, setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_fail_replay,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay,
+ setup, teardown),
};
#if defined(ENABLE_CRYPTO_OPENSSL)