tests/test-crypto-secret.c

   1 /*
   2  * QEMU Crypto secret handling
   3  *
   4  * Copyright (c) 2015 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #include "qemu/osdep.h"
  22 #include <glib.h>
  23
  24 #include "crypto/init.h"
  25 #include "crypto/secret.h"
  26 #include "qapi/error.h"
  27 #include "qemu/module.h"
  28
  29 static void test_secret_direct(void)
  30 {
  31     Object *sec = object_new_with_props(
  32         TYPE_QCRYPTO_SECRET,
  33         object_get_objects_root(),
  34         "sec0",
  35         &error_abort,
  36         "data", "123456",
  37         NULL);
  38
  39     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
  40                                              &error_abort);
  41
  42     g_assert_cmpstr(pw, ==, "123456");
  43
  44     object_unparent(sec);
  45     g_free(pw);
  46 }
  47
  48
  49 static void test_secret_indirect_good(void)
  50 {
  51     Object *sec;
  52     char *fname = NULL;
  53     int fd = g_file_open_tmp("secretXXXXXX",
  54                              &fname,
  55                              NULL);
  56
  57     g_assert(fd >= 0);
  58     g_assert_nonnull(fname);
  59
  60     g_assert(write(fd, "123456", 6) == 6);
  61
  62     sec = object_new_with_props(
  63         TYPE_QCRYPTO_SECRET,
  64         object_get_objects_root(),
  65         "sec0",
  66         &error_abort,
  67         "file", fname,
  68         NULL);
  69
  70     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
  71                                              &error_abort);
  72
  73     g_assert_cmpstr(pw, ==, "123456");
  74
  75     object_unparent(sec);
  76     g_free(pw);
  77     close(fd);
  78     g_free(fname);
  79 }
  80
  81
  82 static void test_secret_indirect_badfile(void)
  83 {
  84     Object *sec = object_new_with_props(
  85         TYPE_QCRYPTO_SECRET,
  86         object_get_objects_root(),
  87         "sec0",
  88         NULL,
  89         "file", "does-not-exist",
  90         NULL);
  91
  92     g_assert(sec == NULL);
  93 }
  94
  95
  96 static void test_secret_indirect_emptyfile(void)
  97 {
  98     Object *sec;
  99     char *fname = NULL;
 100     int fd = g_file_open_tmp("secretXXXXXX",
 101                              &fname,
 102                              NULL);
 103
 104     g_assert(fd >= 0);
 105     g_assert_nonnull(fname);
 106
 107     sec = object_new_with_props(
 108         TYPE_QCRYPTO_SECRET,
 109         object_get_objects_root(),
 110         "sec0",
 111         &error_abort,
 112         "file", fname,
 113         NULL);
 114
 115     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 116                                              &error_abort);
 117
 118     g_assert_cmpstr(pw, ==, "");
 119
 120     object_unparent(sec);
 121     g_free(pw);
 122     close(fd);
 123     g_free(fname);
 124 }
 125
 126
 127 static void test_secret_noconv_base64_good(void)
 128 {
 129     Object *sec = object_new_with_props(
 130         TYPE_QCRYPTO_SECRET,
 131         object_get_objects_root(),
 132         "sec0",
 133         &error_abort,
 134         "data", "MTIzNDU2",
 135         "format", "base64",
 136         NULL);
 137
 138     char *pw = qcrypto_secret_lookup_as_base64("sec0",
 139                                                &error_abort);
 140
 141     g_assert_cmpstr(pw, ==, "MTIzNDU2");
 142
 143     object_unparent(sec);
 144     g_free(pw);
 145 }
 146
 147
 148 static void test_secret_noconv_base64_bad(void)
 149 {
 150     Object *sec = object_new_with_props(
 151         TYPE_QCRYPTO_SECRET,
 152         object_get_objects_root(),
 153         "sec0",
 154         NULL,
 155         "data", "MTI$NDU2",
 156         "format", "base64",
 157         NULL);
 158
 159     g_assert(sec == NULL);
 160 }
 161
 162
 163 static void test_secret_noconv_utf8(void)
 164 {
 165     Object *sec = object_new_with_props(
 166         TYPE_QCRYPTO_SECRET,
 167         object_get_objects_root(),
 168         "sec0",
 169         &error_abort,
 170         "data", "123456",
 171         "format", "raw",
 172         NULL);
 173
 174     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 175                                              &error_abort);
 176
 177     g_assert_cmpstr(pw, ==, "123456");
 178
 179     object_unparent(sec);
 180     g_free(pw);
 181 }
 182
 183
 184 static void test_secret_conv_base64_utf8valid(void)
 185 {
 186     Object *sec = object_new_with_props(
 187         TYPE_QCRYPTO_SECRET,
 188         object_get_objects_root(),
 189         "sec0",
 190         &error_abort,
 191         "data", "MTIzNDU2",
 192         "format", "base64",
 193         NULL);
 194
 195     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 196                                              &error_abort);
 197
 198     g_assert_cmpstr(pw, ==, "123456");
 199
 200     object_unparent(sec);
 201     g_free(pw);
 202 }
 203
 204
 205 static void test_secret_conv_base64_utf8invalid(void)
 206 {
 207     Object *sec = object_new_with_props(
 208         TYPE_QCRYPTO_SECRET,
 209         object_get_objects_root(),
 210         "sec0",
 211         &error_abort,
 212         "data", "f0VMRgIBAQAAAA==",
 213         "format", "base64",
 214         NULL);
 215
 216     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 217                                              NULL);
 218     g_assert(pw == NULL);
 219
 220     object_unparent(sec);
 221 }
 222
 223
 224 static void test_secret_conv_utf8_base64(void)
 225 {
 226     Object *sec = object_new_with_props(
 227         TYPE_QCRYPTO_SECRET,
 228         object_get_objects_root(),
 229         "sec0",
 230         &error_abort,
 231         "data", "123456",
 232         NULL);
 233
 234     char *pw = qcrypto_secret_lookup_as_base64("sec0",
 235                                                &error_abort);
 236
 237     g_assert_cmpstr(pw, ==, "MTIzNDU2");
 238
 239     object_unparent(sec);
 240     g_free(pw);
 241 }
 242
 243
 244 static void test_secret_crypt_raw(void)
 245 {
 246     Object *master = object_new_with_props(
 247         TYPE_QCRYPTO_SECRET,
 248         object_get_objects_root(),
 249         "master",
 250         &error_abort,
 251         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 252         "format", "base64",
 253         NULL);
 254     Object *sec = object_new_with_props(
 255         TYPE_QCRYPTO_SECRET,
 256         object_get_objects_root(),
 257         "sec0",
 258         &error_abort,
 259         "data",
 260         "\xCC\xBF\xF7\x09\x46\x19\x0B\x52\x2A\x3A\xB4\x6B\xCD\x7A\xB0\xB0",
 261         "format", "raw",
 262         "keyid", "master",
 263         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
 264         NULL);
 265
 266     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 267                                              &error_abort);
 268
 269     g_assert_cmpstr(pw, ==, "123456");
 270
 271     object_unparent(sec);
 272     object_unparent(master);
 273     g_free(pw);
 274 }
 275
 276
 277 static void test_secret_crypt_base64(void)
 278 {
 279     Object *master = object_new_with_props(
 280         TYPE_QCRYPTO_SECRET,
 281         object_get_objects_root(),
 282         "master",
 283         &error_abort,
 284         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 285         "format", "base64",
 286         NULL);
 287     Object *sec = object_new_with_props(
 288         TYPE_QCRYPTO_SECRET,
 289         object_get_objects_root(),
 290         "sec0",
 291         &error_abort,
 292         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 293         "format", "base64",
 294         "keyid", "master",
 295         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
 296         NULL);
 297
 298     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 299                                              &error_abort);
 300
 301     g_assert_cmpstr(pw, ==, "123456");
 302
 303     object_unparent(sec);
 304     object_unparent(master);
 305     g_free(pw);
 306 }
 307
 308
 309 static void test_secret_crypt_short_key(void)
 310 {
 311     Object *master = object_new_with_props(
 312         TYPE_QCRYPTO_SECRET,
 313         object_get_objects_root(),
 314         "master",
 315         &error_abort,
 316         "data", "9miloPQCzGy+TL6aonfzVc",
 317         "format", "base64",
 318         NULL);
 319     Object *sec = object_new_with_props(
 320         TYPE_QCRYPTO_SECRET,
 321         object_get_objects_root(),
 322         "sec0",
 323         NULL,
 324         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 325         "format", "raw",
 326         "keyid", "master",
 327         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
 328         NULL);
 329
 330     g_assert(sec == NULL);
 331     object_unparent(master);
 332 }
 333
 334
 335 static void test_secret_crypt_short_iv(void)
 336 {
 337     Object *master = object_new_with_props(
 338         TYPE_QCRYPTO_SECRET,
 339         object_get_objects_root(),
 340         "master",
 341         &error_abort,
 342         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 343         "format", "base64",
 344         NULL);
 345     Object *sec = object_new_with_props(
 346         TYPE_QCRYPTO_SECRET,
 347         object_get_objects_root(),
 348         "sec0",
 349         NULL,
 350         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 351         "format", "raw",
 352         "keyid", "master",
 353         "iv", "0I7Gw/TKuA+Old2W2a",
 354         NULL);
 355
 356     g_assert(sec == NULL);
 357     object_unparent(master);
 358 }
 359
 360
 361 static void test_secret_crypt_missing_iv(void)
 362 {
 363     Object *master = object_new_with_props(
 364         TYPE_QCRYPTO_SECRET,
 365         object_get_objects_root(),
 366         "master",
 367         &error_abort,
 368         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 369         "format", "base64",
 370         NULL);
 371     Object *sec = object_new_with_props(
 372         TYPE_QCRYPTO_SECRET,
 373         object_get_objects_root(),
 374         "sec0",
 375         NULL,
 376         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 377         "format", "raw",
 378         "keyid", "master",
 379         NULL);
 380
 381     g_assert(sec == NULL);
 382     object_unparent(master);
 383 }
 384
 385
 386 static void test_secret_crypt_bad_iv(void)
 387 {
 388     Object *master = object_new_with_props(
 389         TYPE_QCRYPTO_SECRET,
 390         object_get_objects_root(),
 391         "master",
 392         &error_abort,
 393         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 394         "format", "base64",
 395         NULL);
 396     Object *sec = object_new_with_props(
 397         TYPE_QCRYPTO_SECRET,
 398         object_get_objects_root(),
 399         "sec0",
 400         NULL,
 401         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 402         "format", "raw",
 403         "keyid", "master",
 404         "iv", "0I7Gw/TK$$uA+Old2W2a",
 405         NULL);
 406
 407     g_assert(sec == NULL);
 408     object_unparent(master);
 409 }
 410
 411
 412 int main(int argc, char **argv)
 413 {
 414     module_call_init(MODULE_INIT_QOM);
 415     g_test_init(&argc, &argv, NULL);
 416
 417     g_assert(qcrypto_init(NULL) == 0);
 418
 419     g_test_add_func("/crypto/secret/direct",
 420                     test_secret_direct);
 421     g_test_add_func("/crypto/secret/indirect/good",
 422                     test_secret_indirect_good);
 423     g_test_add_func("/crypto/secret/indirect/badfile",
 424                     test_secret_indirect_badfile);
 425     g_test_add_func("/crypto/secret/indirect/emptyfile",
 426                     test_secret_indirect_emptyfile);
 427
 428     g_test_add_func("/crypto/secret/noconv/base64/good",
 429                     test_secret_noconv_base64_good);
 430     g_test_add_func("/crypto/secret/noconv/base64/bad",
 431                     test_secret_noconv_base64_bad);
 432     g_test_add_func("/crypto/secret/noconv/utf8",
 433                     test_secret_noconv_utf8);
 434     g_test_add_func("/crypto/secret/conv/base64/utf8valid",
 435                     test_secret_conv_base64_utf8valid);
 436     g_test_add_func("/crypto/secret/conv/base64/utf8invalid",
 437                     test_secret_conv_base64_utf8invalid);
 438     g_test_add_func("/crypto/secret/conv/utf8/base64",
 439                     test_secret_conv_utf8_base64);
 440
 441     g_test_add_func("/crypto/secret/crypt/raw",
 442                     test_secret_crypt_raw);
 443     g_test_add_func("/crypto/secret/crypt/base64",
 444                     test_secret_crypt_base64);
 445     g_test_add_func("/crypto/secret/crypt/shortkey",
 446                     test_secret_crypt_short_key);
 447     g_test_add_func("/crypto/secret/crypt/shortiv",
 448                     test_secret_crypt_short_iv);
 449     g_test_add_func("/crypto/secret/crypt/missingiv",
 450                     test_secret_crypt_missing_iv);
 451     g_test_add_func("/crypto/secret/crypt/badiv",
 452                     test_secret_crypt_bad_iv);
 453
 454     return g_test_run();
 455 }