tests/test-crypto-secret.c

   1 /*
   2  * QEMU Crypto secret handling
   3  *
   4  * Copyright (c) 2015 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #include "qemu/osdep.h"
  22
  23 #include "crypto/init.h"
  24 #include "crypto/secret.h"
  25 #include "qapi/error.h"
  26 #include "qemu/module.h"
  27
  28 static void test_secret_direct(void)
  29 {
  30     Object *sec = object_new_with_props(
  31         TYPE_QCRYPTO_SECRET,
  32         object_get_objects_root(),
  33         "sec0",
  34         &error_abort,
  35         "data", "123456",
  36         NULL);
  37
  38     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
  39                                              &error_abort);
  40
  41     g_assert_cmpstr(pw, ==, "123456");
  42
  43     object_unparent(sec);
  44     g_free(pw);
  45 }
  46
  47
  48 static void test_secret_indirect_good(void)
  49 {
  50     Object *sec;
  51     char *fname = NULL;
  52     int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX",
  53                              &fname,
  54                              NULL);
  55
  56     g_assert(fd >= 0);
  57     g_assert_nonnull(fname);
  58
  59     g_assert(write(fd, "123456", 6) == 6);
  60
  61     sec = object_new_with_props(
  62         TYPE_QCRYPTO_SECRET,
  63         object_get_objects_root(),
  64         "sec0",
  65         &error_abort,
  66         "file", fname,
  67         NULL);
  68
  69     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
  70                                              &error_abort);
  71
  72     g_assert_cmpstr(pw, ==, "123456");
  73
  74     object_unparent(sec);
  75     g_free(pw);
  76     close(fd);
  77     unlink(fname);
  78     g_free(fname);
  79 }
  80
  81
  82 static void test_secret_indirect_badfile(void)
  83 {
  84     Object *sec = object_new_with_props(
  85         TYPE_QCRYPTO_SECRET,
  86         object_get_objects_root(),
  87         "sec0",
  88         NULL,
  89         "file", "does-not-exist",
  90         NULL);
  91
  92     g_assert(sec == NULL);
  93 }
  94
  95
  96 static void test_secret_indirect_emptyfile(void)
  97 {
  98     Object *sec;
  99     char *fname = NULL;
 100     int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX",
 101                              &fname,
 102                              NULL);
 103
 104     g_assert(fd >= 0);
 105     g_assert_nonnull(fname);
 106
 107     sec = object_new_with_props(
 108         TYPE_QCRYPTO_SECRET,
 109         object_get_objects_root(),
 110         "sec0",
 111         &error_abort,
 112         "file", fname,
 113         NULL);
 114
 115     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 116                                              &error_abort);
 117
 118     g_assert_cmpstr(pw, ==, "");
 119
 120     object_unparent(sec);
 121     g_free(pw);
 122     close(fd);
 123     unlink(fname);
 124     g_free(fname);
 125 }
 126
 127
 128 static void test_secret_noconv_base64_good(void)
 129 {
 130     Object *sec = object_new_with_props(
 131         TYPE_QCRYPTO_SECRET,
 132         object_get_objects_root(),
 133         "sec0",
 134         &error_abort,
 135         "data", "MTIzNDU2",
 136         "format", "base64",
 137         NULL);
 138
 139     char *pw = qcrypto_secret_lookup_as_base64("sec0",
 140                                                &error_abort);
 141
 142     g_assert_cmpstr(pw, ==, "MTIzNDU2");
 143
 144     object_unparent(sec);
 145     g_free(pw);
 146 }
 147
 148
 149 static void test_secret_noconv_base64_bad(void)
 150 {
 151     Object *sec = object_new_with_props(
 152         TYPE_QCRYPTO_SECRET,
 153         object_get_objects_root(),
 154         "sec0",
 155         NULL,
 156         "data", "MTI$NDU2",
 157         "format", "base64",
 158         NULL);
 159
 160     g_assert(sec == NULL);
 161 }
 162
 163
 164 static void test_secret_noconv_utf8(void)
 165 {
 166     Object *sec = object_new_with_props(
 167         TYPE_QCRYPTO_SECRET,
 168         object_get_objects_root(),
 169         "sec0",
 170         &error_abort,
 171         "data", "123456",
 172         "format", "raw",
 173         NULL);
 174
 175     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 176                                              &error_abort);
 177
 178     g_assert_cmpstr(pw, ==, "123456");
 179
 180     object_unparent(sec);
 181     g_free(pw);
 182 }
 183
 184
 185 static void test_secret_conv_base64_utf8valid(void)
 186 {
 187     Object *sec = object_new_with_props(
 188         TYPE_QCRYPTO_SECRET,
 189         object_get_objects_root(),
 190         "sec0",
 191         &error_abort,
 192         "data", "MTIzNDU2",
 193         "format", "base64",
 194         NULL);
 195
 196     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 197                                              &error_abort);
 198
 199     g_assert_cmpstr(pw, ==, "123456");
 200
 201     object_unparent(sec);
 202     g_free(pw);
 203 }
 204
 205
 206 static void test_secret_conv_base64_utf8invalid(void)
 207 {
 208     Object *sec = object_new_with_props(
 209         TYPE_QCRYPTO_SECRET,
 210         object_get_objects_root(),
 211         "sec0",
 212         &error_abort,
 213         "data", "f0VMRgIBAQAAAA==",
 214         "format", "base64",
 215         NULL);
 216
 217     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 218                                              NULL);
 219     g_assert(pw == NULL);
 220
 221     object_unparent(sec);
 222 }
 223
 224
 225 static void test_secret_conv_utf8_base64(void)
 226 {
 227     Object *sec = object_new_with_props(
 228         TYPE_QCRYPTO_SECRET,
 229         object_get_objects_root(),
 230         "sec0",
 231         &error_abort,
 232         "data", "123456",
 233         NULL);
 234
 235     char *pw = qcrypto_secret_lookup_as_base64("sec0",
 236                                                &error_abort);
 237
 238     g_assert_cmpstr(pw, ==, "MTIzNDU2");
 239
 240     object_unparent(sec);
 241     g_free(pw);
 242 }
 243
 244
 245 static void test_secret_crypt_raw(void)
 246 {
 247     Object *master = object_new_with_props(
 248         TYPE_QCRYPTO_SECRET,
 249         object_get_objects_root(),
 250         "master",
 251         &error_abort,
 252         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 253         "format", "base64",
 254         NULL);
 255     Object *sec = object_new_with_props(
 256         TYPE_QCRYPTO_SECRET,
 257         object_get_objects_root(),
 258         "sec0",
 259         &error_abort,
 260         "data",
 261         "\xCC\xBF\xF7\x09\x46\x19\x0B\x52\x2A\x3A\xB4\x6B\xCD\x7A\xB0\xB0",
 262         "format", "raw",
 263         "keyid", "master",
 264         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
 265         NULL);
 266
 267     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 268                                              &error_abort);
 269
 270     g_assert_cmpstr(pw, ==, "123456");
 271
 272     object_unparent(sec);
 273     object_unparent(master);
 274     g_free(pw);
 275 }
 276
 277
 278 static void test_secret_crypt_base64(void)
 279 {
 280     Object *master = object_new_with_props(
 281         TYPE_QCRYPTO_SECRET,
 282         object_get_objects_root(),
 283         "master",
 284         &error_abort,
 285         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 286         "format", "base64",
 287         NULL);
 288     Object *sec = object_new_with_props(
 289         TYPE_QCRYPTO_SECRET,
 290         object_get_objects_root(),
 291         "sec0",
 292         &error_abort,
 293         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 294         "format", "base64",
 295         "keyid", "master",
 296         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
 297         NULL);
 298
 299     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
 300                                              &error_abort);
 301
 302     g_assert_cmpstr(pw, ==, "123456");
 303
 304     object_unparent(sec);
 305     object_unparent(master);
 306     g_free(pw);
 307 }
 308
 309
 310 static void test_secret_crypt_short_key(void)
 311 {
 312     Object *master = object_new_with_props(
 313         TYPE_QCRYPTO_SECRET,
 314         object_get_objects_root(),
 315         "master",
 316         &error_abort,
 317         "data", "9miloPQCzGy+TL6aonfzVc",
 318         "format", "base64",
 319         NULL);
 320     Object *sec = object_new_with_props(
 321         TYPE_QCRYPTO_SECRET,
 322         object_get_objects_root(),
 323         "sec0",
 324         NULL,
 325         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 326         "format", "raw",
 327         "keyid", "master",
 328         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
 329         NULL);
 330
 331     g_assert(sec == NULL);
 332     object_unparent(master);
 333 }
 334
 335
 336 static void test_secret_crypt_short_iv(void)
 337 {
 338     Object *master = object_new_with_props(
 339         TYPE_QCRYPTO_SECRET,
 340         object_get_objects_root(),
 341         "master",
 342         &error_abort,
 343         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 344         "format", "base64",
 345         NULL);
 346     Object *sec = object_new_with_props(
 347         TYPE_QCRYPTO_SECRET,
 348         object_get_objects_root(),
 349         "sec0",
 350         NULL,
 351         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 352         "format", "raw",
 353         "keyid", "master",
 354         "iv", "0I7Gw/TKuA+Old2W2a",
 355         NULL);
 356
 357     g_assert(sec == NULL);
 358     object_unparent(master);
 359 }
 360
 361
 362 static void test_secret_crypt_missing_iv(void)
 363 {
 364     Object *master = object_new_with_props(
 365         TYPE_QCRYPTO_SECRET,
 366         object_get_objects_root(),
 367         "master",
 368         &error_abort,
 369         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 370         "format", "base64",
 371         NULL);
 372     Object *sec = object_new_with_props(
 373         TYPE_QCRYPTO_SECRET,
 374         object_get_objects_root(),
 375         "sec0",
 376         NULL,
 377         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 378         "format", "raw",
 379         "keyid", "master",
 380         NULL);
 381
 382     g_assert(sec == NULL);
 383     object_unparent(master);
 384 }
 385
 386
 387 static void test_secret_crypt_bad_iv(void)
 388 {
 389     Object *master = object_new_with_props(
 390         TYPE_QCRYPTO_SECRET,
 391         object_get_objects_root(),
 392         "master",
 393         &error_abort,
 394         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
 395         "format", "base64",
 396         NULL);
 397     Object *sec = object_new_with_props(
 398         TYPE_QCRYPTO_SECRET,
 399         object_get_objects_root(),
 400         "sec0",
 401         NULL,
 402         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
 403         "format", "raw",
 404         "keyid", "master",
 405         "iv", "0I7Gw/TK$$uA+Old2W2a",
 406         NULL);
 407
 408     g_assert(sec == NULL);
 409     object_unparent(master);
 410 }
 411
 412
 413 int main(int argc, char **argv)
 414 {
 415     module_call_init(MODULE_INIT_QOM);
 416     g_test_init(&argc, &argv, NULL);
 417
 418     g_assert(qcrypto_init(NULL) == 0);
 419
 420     g_test_add_func("/crypto/secret/direct",
 421                     test_secret_direct);
 422     g_test_add_func("/crypto/secret/indirect/good",
 423                     test_secret_indirect_good);
 424     g_test_add_func("/crypto/secret/indirect/badfile",
 425                     test_secret_indirect_badfile);
 426     g_test_add_func("/crypto/secret/indirect/emptyfile",
 427                     test_secret_indirect_emptyfile);
 428
 429     g_test_add_func("/crypto/secret/noconv/base64/good",
 430                     test_secret_noconv_base64_good);
 431     g_test_add_func("/crypto/secret/noconv/base64/bad",
 432                     test_secret_noconv_base64_bad);
 433     g_test_add_func("/crypto/secret/noconv/utf8",
 434                     test_secret_noconv_utf8);
 435     g_test_add_func("/crypto/secret/conv/base64/utf8valid",
 436                     test_secret_conv_base64_utf8valid);
 437     g_test_add_func("/crypto/secret/conv/base64/utf8invalid",
 438                     test_secret_conv_base64_utf8invalid);
 439     g_test_add_func("/crypto/secret/conv/utf8/base64",
 440                     test_secret_conv_utf8_base64);
 441
 442     g_test_add_func("/crypto/secret/crypt/raw",
 443                     test_secret_crypt_raw);
 444     g_test_add_func("/crypto/secret/crypt/base64",
 445                     test_secret_crypt_base64);
 446     g_test_add_func("/crypto/secret/crypt/shortkey",
 447                     test_secret_crypt_short_key);
 448     g_test_add_func("/crypto/secret/crypt/shortiv",
 449                     test_secret_crypt_short_iv);
 450     g_test_add_func("/crypto/secret/crypt/missingiv",
 451                     test_secret_crypt_missing_iv);
 452     g_test_add_func("/crypto/secret/crypt/badiv",
 453                     test_secret_crypt_bad_iv);
 454
 455     return g_test_run();
 456 }