1 /* Copyright (C) 2019-2021 Greenbone Networks GmbH
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 #include "authutils.h"
21 #include "passwordbasedauthentication.c"
22
23 #include <cgreen/cgreen.h>
24 #include <cgreen/mocks.h>
25 #include <string.h>
26 Describe (PBA);
BeforeEach(PBA)27 BeforeEach (PBA)
28 {
29 }
AfterEach(PBA)30 AfterEach (PBA)
31 {
32 }
33
Ensure(PBA,returns_false_on_not_phc_compliant_setting)34 Ensure (PBA, returns_false_on_not_phc_compliant_setting)
35 {
36 assert_false (pba_is_phc_compliant ("$"));
37 assert_false (pba_is_phc_compliant ("password"));
38 }
Ensure(PBA,returns_true_on_phc_compliant_setting)39 Ensure (PBA, returns_true_on_phc_compliant_setting)
40 {
41 assert_true (pba_is_phc_compliant ("$password"));
42 }
Ensure(PBA,returns_NULL_on_unsupport_settings)43 Ensure (PBA, returns_NULL_on_unsupport_settings)
44 {
45 struct PBASettings setting = {"0000", 20000, "$6$"};
46 assert_false (pba_hash (NULL, "*password"));
47 assert_false (pba_hash (&setting, NULL));
48 setting.prefix = "$1$";
49 assert_false (pba_hash (&setting, "*password"));
50 }
Ensure(PBA,unique_hash_without_adding_used_pepper)51 Ensure (PBA, unique_hash_without_adding_used_pepper)
52 {
53 struct PBASettings setting = {"4242", 20000, "$6$"};
54 char *cmp_hash, *hash;
55 hash = pba_hash (&setting, "*password");
56 assert_not_equal (hash, NULL);
57 assert_false (string_contains (hash, setting.pepper));
58 cmp_hash = pba_hash (&setting, "*password");
59 assert_string_not_equal (hash, cmp_hash);
60 free (hash);
61 free (cmp_hash);
62 }
Ensure(PBA,verify_hash)63 Ensure (PBA, verify_hash)
64 {
65 struct PBASettings setting = {"4242", 20000, "$6$"};
66 char *hash;
67 hash = pba_hash (&setting, "*password");
68 assert_not_equal (hash, NULL);
69 assert_equal (pba_verify_hash (&setting, hash, "*password"), VALID);
70 assert_equal (pba_verify_hash (&setting, hash, "*password1"), INVALID);
71 free (hash);
72 struct PBASettings setting_wo_pepper = {"\0\0\0\0", 20000, "$6$"};
73 hash = pba_hash (&setting_wo_pepper, "*password");
74 assert_equal (pba_verify_hash (&setting_wo_pepper, hash, "*password"), VALID);
75 free (hash);
76 }
77
Ensure(PBA,verify_hash_returns_invalid_on_np_hash_np_password)78 Ensure (PBA, verify_hash_returns_invalid_on_np_hash_np_password)
79 {
80 struct PBASettings setting = {"4242", 20000, "$6$"};
81 char *hash;
82 hash = pba_hash (&setting, "*password");
83 assert_not_equal (hash, NULL);
84 assert_equal (pba_verify_hash (&setting, NULL, "*password"), INVALID);
85 assert_equal (pba_verify_hash (&setting, hash, NULL), INVALID);
86 }
87
Ensure(PBA,defaults)88 Ensure (PBA, defaults)
89 {
90 int i;
91 struct PBASettings *settings = pba_init (NULL, 0, 0, NULL);
92 assert_equal (settings->count, 20000);
93 for (i = 0; i < MAX_PEPPER_SIZE; i++)
94 assert_equal_with_message (settings->pepper[i], 0,
95 "init_without_pepper_should_not_have_pepper");
96 assert_string_equal (settings->prefix, "$6$");
97 pba_finalize (settings);
98 }
Ensure(PBA,initialization)99 Ensure (PBA, initialization)
100 {
101 int i;
102 struct PBASettings *settings = pba_init ("444", 3, 1, "$6$");
103 assert_equal (settings->count, 1);
104 for (i = 0; i < MAX_PEPPER_SIZE - 1; i++)
105 assert_equal_with_message (settings->pepper[i], '4',
106 "init_with_pepper_should_be_set");
107 assert_equal_with_message (settings->pepper[MAX_PEPPER_SIZE - 1], '\0',
108 "last_pepper_should_be_unset_by_pepper_3");
109 assert_string_equal (settings->prefix, "$6$");
110 pba_finalize (settings);
111 settings = pba_init ("444", MAX_PEPPER_SIZE + 1, 1, "$6$");
112 assert_equal_with_message (settings, NULL,
113 "should_fail_due_to_too_much_pepper");
114 settings = pba_init ("444", MAX_PEPPER_SIZE, 1, "$WALDFEE$");
115 assert_equal_with_message (settings, NULL,
116 "should_fail_due_to_unknown_prefix");
117 }
118
Ensure(PBA,handle_md5_hash)119 Ensure (PBA, handle_md5_hash)
120 {
121 struct PBASettings *settings = pba_init (NULL, 0, 0, NULL);
122 char *hash;
123 assert_equal (gvm_auth_init (), 0);
124 hash = get_password_hashes ("admin");
125 assert_equal (pba_verify_hash (settings, hash, "admin"), UPDATE_RECOMMENDED);
126 pba_finalize (settings);
127 }
128
129 int
main(int argc,char ** argv)130 main (int argc, char **argv)
131 {
132 TestSuite *suite;
133
134 suite = create_test_suite ();
135
136 add_test_with_context (suite, PBA,
137 returns_false_on_not_phc_compliant_setting);
138 add_test_with_context (suite, PBA, returns_true_on_phc_compliant_setting);
139 add_test_with_context (suite, PBA, returns_NULL_on_unsupport_settings);
140 add_test_with_context (suite, PBA, unique_hash_without_adding_used_pepper);
141 add_test_with_context (suite, PBA, verify_hash);
142 add_test_with_context (suite, PBA,
143 verify_hash_returns_invalid_on_np_hash_np_password);
144 add_test_with_context (suite, PBA, handle_md5_hash);
145 add_test_with_context (suite, PBA, defaults);
146 add_test_with_context (suite, PBA, initialization);
147 if (argc > 1)
148 return run_single_test (suite, argv[1], create_text_reporter ());
149 return run_test_suite (suite, create_text_reporter ());
150 }
151