1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29
30 #include "syshead.h"
31
32 #include <stdio.h>
33 #include <unistd.h>
34 #include <stdlib.h>
35 #include <stdarg.h>
36 #include <string.h>
37 #include <setjmp.h>
38 #include <cmocka.h>
39
40 #include "crypto.h"
41
42 #include "mock_msg.h"
43
44 static const char testtext[] = "Dummy text to test PEM encoding";
45
46 static void
crypto_pem_encode_decode_loopback(void ** state)47 crypto_pem_encode_decode_loopback(void **state)
48 {
49 struct gc_arena gc = gc_new();
50 struct buffer src_buf;
51 buf_set_read(&src_buf, (void *)testtext, sizeof(testtext));
52
53 uint8_t dec[sizeof(testtext)];
54 struct buffer dec_buf;
55 buf_set_write(&dec_buf, dec, sizeof(dec));
56
57 struct buffer pem_buf;
58
59 assert_true(crypto_pem_encode("TESTKEYNAME", &pem_buf, &src_buf, &gc));
60 assert_true(BLEN(&src_buf) < BLEN(&pem_buf));
61
62 /* Wrong key name */
63 assert_false(crypto_pem_decode("WRONGNAME", &dec_buf, &pem_buf));
64
65 assert_true(crypto_pem_decode("TESTKEYNAME", &dec_buf, &pem_buf));
66 assert_int_equal(BLEN(&src_buf), BLEN(&dec_buf));
67 assert_memory_equal(BPTR(&src_buf), BPTR(&dec_buf), BLEN(&src_buf));
68
69 gc_free(&gc);
70 }
71
72 static void
test_translate_cipher(const char * ciphername,const char * openvpn_name)73 test_translate_cipher(const char *ciphername, const char *openvpn_name)
74 {
75 const cipher_kt_t *cipher = cipher_kt_get(ciphername);
76
77 /* Empty cipher is fine */
78 if (!cipher)
79 {
80 return;
81 }
82
83 const char *kt_name = cipher_kt_name(cipher);
84
85 assert_string_equal(kt_name, openvpn_name);
86 }
87
88 static void
test_cipher_names(const char * ciphername,const char * openvpn_name)89 test_cipher_names(const char *ciphername, const char *openvpn_name)
90 {
91 struct gc_arena gc = gc_new();
92 /* Go through some variants, if the cipher library accepts these, they
93 * should be normalised to the openvpn name */
94 char *upper = string_alloc(ciphername, &gc);
95 char *lower = string_alloc(ciphername, &gc);
96 char *random_case = string_alloc(ciphername, &gc);
97
98 for (int i = 0; i < strlen(ciphername); i++)
99 {
100 upper[i] = toupper(ciphername[i]);
101 lower[i] = tolower(ciphername[i]);
102 if (rand() & 0x1)
103 {
104 random_case[i] = upper[i];
105 }
106 else
107 {
108 random_case[i] = lower[i];
109 }
110 }
111
112 if (!openvpn_name)
113 {
114 openvpn_name = upper;
115 }
116
117 test_translate_cipher(upper, openvpn_name);
118 test_translate_cipher(lower, openvpn_name);
119 test_translate_cipher(random_case, openvpn_name);
120 test_translate_cipher(ciphername, openvpn_name);
121
122
123 gc_free(&gc);
124 }
125
126 static void
crypto_translate_cipher_names(void ** state)127 crypto_translate_cipher_names(void **state)
128 {
129 /* Test that a number of ciphers to see that they turn out correctly */
130 test_cipher_names("BF-CBC", NULL);
131 test_cipher_names("BLOWFISH-CBC", "BF-CBC");
132 test_cipher_names("Chacha20-Poly1305", NULL);
133 test_cipher_names("AES-128-GCM", NULL);
134 test_cipher_names("AES-128-CBC", NULL);
135 test_cipher_names("CAMELLIA-128-CFB128", "CAMELLIA-128-CFB");
136 test_cipher_names("id-aes256-GCM", "AES-256-GCM");
137 }
138
139 int
main(void)140 main(void)
141 {
142 const struct CMUnitTest tests[] = {
143 cmocka_unit_test(crypto_pem_encode_decode_loopback),
144 cmocka_unit_test(crypto_translate_cipher_names),
145 };
146
147 #if defined(ENABLE_CRYPTO_OPENSSL)
148 OpenSSL_add_all_algorithms();
149 #endif
150
151 int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL);
152
153 #if defined(ENABLE_CRYPTO_OPENSSL)
154 EVP_cleanup();
155 #endif
156
157 return ret;
158 }
159