Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 1 | /* |
| 2 | * QEMU Crypto secret handling |
| 3 | * |
| 4 | * Copyright (c) 2015 Red Hat, Inc. |
| 5 | * |
| 6 | * This library is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU Lesser General Public |
| 8 | * License as published by the Free Software Foundation; either |
| 9 | * version 2 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * This library is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | * Lesser General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Lesser General Public |
| 17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | */ |
| 20 | |
Peter Maydell | 681c28a | 2016-02-08 18:08:51 +0000 | [diff] [blame] | 21 | #include "qemu/osdep.h" |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 22 | |
| 23 | #include "crypto/init.h" |
| 24 | #include "crypto/secret.h" |
Markus Armbruster | da34e65 | 2016-03-14 09:01:28 +0100 | [diff] [blame] | 25 | #include "qapi/error.h" |
Markus Armbruster | 7136fc1 | 2016-03-11 09:20:17 +0100 | [diff] [blame] | 26 | #include "qemu/module.h" |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 27 | |
| 28 | static void test_secret_direct(void) |
| 29 | { |
| 30 | Object *sec = object_new_with_props( |
| 31 | TYPE_QCRYPTO_SECRET, |
| 32 | object_get_objects_root(), |
| 33 | "sec0", |
| 34 | &error_abort, |
| 35 | "data", "123456", |
| 36 | NULL); |
| 37 | |
| 38 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 39 | &error_abort); |
| 40 | |
| 41 | g_assert_cmpstr(pw, ==, "123456"); |
| 42 | |
| 43 | object_unparent(sec); |
| 44 | g_free(pw); |
| 45 | } |
| 46 | |
| 47 | |
| 48 | static void test_secret_indirect_good(void) |
| 49 | { |
| 50 | Object *sec; |
| 51 | char *fname = NULL; |
Daniel P. Berrange | e7ed11f | 2016-04-26 10:59:09 +0100 | [diff] [blame^] | 52 | int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX", |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 53 | &fname, |
| 54 | NULL); |
| 55 | |
| 56 | g_assert(fd >= 0); |
| 57 | g_assert_nonnull(fname); |
| 58 | |
| 59 | g_assert(write(fd, "123456", 6) == 6); |
| 60 | |
| 61 | sec = object_new_with_props( |
| 62 | TYPE_QCRYPTO_SECRET, |
| 63 | object_get_objects_root(), |
| 64 | "sec0", |
| 65 | &error_abort, |
| 66 | "file", fname, |
| 67 | NULL); |
| 68 | |
| 69 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 70 | &error_abort); |
| 71 | |
| 72 | g_assert_cmpstr(pw, ==, "123456"); |
| 73 | |
| 74 | object_unparent(sec); |
| 75 | g_free(pw); |
| 76 | close(fd); |
Daniel P. Berrange | e7ed11f | 2016-04-26 10:59:09 +0100 | [diff] [blame^] | 77 | unlink(fname); |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 78 | g_free(fname); |
| 79 | } |
| 80 | |
| 81 | |
| 82 | static void test_secret_indirect_badfile(void) |
| 83 | { |
| 84 | Object *sec = object_new_with_props( |
| 85 | TYPE_QCRYPTO_SECRET, |
| 86 | object_get_objects_root(), |
| 87 | "sec0", |
| 88 | NULL, |
| 89 | "file", "does-not-exist", |
| 90 | NULL); |
| 91 | |
| 92 | g_assert(sec == NULL); |
| 93 | } |
| 94 | |
| 95 | |
| 96 | static void test_secret_indirect_emptyfile(void) |
| 97 | { |
| 98 | Object *sec; |
| 99 | char *fname = NULL; |
Daniel P. Berrange | e7ed11f | 2016-04-26 10:59:09 +0100 | [diff] [blame^] | 100 | int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX", |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 101 | &fname, |
| 102 | NULL); |
| 103 | |
| 104 | g_assert(fd >= 0); |
| 105 | g_assert_nonnull(fname); |
| 106 | |
| 107 | sec = object_new_with_props( |
| 108 | TYPE_QCRYPTO_SECRET, |
| 109 | object_get_objects_root(), |
| 110 | "sec0", |
| 111 | &error_abort, |
| 112 | "file", fname, |
| 113 | NULL); |
| 114 | |
| 115 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 116 | &error_abort); |
| 117 | |
| 118 | g_assert_cmpstr(pw, ==, ""); |
| 119 | |
| 120 | object_unparent(sec); |
| 121 | g_free(pw); |
| 122 | close(fd); |
Daniel P. Berrange | e7ed11f | 2016-04-26 10:59:09 +0100 | [diff] [blame^] | 123 | unlink(fname); |
Daniel P. Berrange | ac1d887 | 2015-10-14 09:58:38 +0100 | [diff] [blame] | 124 | g_free(fname); |
| 125 | } |
| 126 | |
| 127 | |
| 128 | static void test_secret_noconv_base64_good(void) |
| 129 | { |
| 130 | Object *sec = object_new_with_props( |
| 131 | TYPE_QCRYPTO_SECRET, |
| 132 | object_get_objects_root(), |
| 133 | "sec0", |
| 134 | &error_abort, |
| 135 | "data", "MTIzNDU2", |
| 136 | "format", "base64", |
| 137 | NULL); |
| 138 | |
| 139 | char *pw = qcrypto_secret_lookup_as_base64("sec0", |
| 140 | &error_abort); |
| 141 | |
| 142 | g_assert_cmpstr(pw, ==, "MTIzNDU2"); |
| 143 | |
| 144 | object_unparent(sec); |
| 145 | g_free(pw); |
| 146 | } |
| 147 | |
| 148 | |
| 149 | static void test_secret_noconv_base64_bad(void) |
| 150 | { |
| 151 | Object *sec = object_new_with_props( |
| 152 | TYPE_QCRYPTO_SECRET, |
| 153 | object_get_objects_root(), |
| 154 | "sec0", |
| 155 | NULL, |
| 156 | "data", "MTI$NDU2", |
| 157 | "format", "base64", |
| 158 | NULL); |
| 159 | |
| 160 | g_assert(sec == NULL); |
| 161 | } |
| 162 | |
| 163 | |
| 164 | static void test_secret_noconv_utf8(void) |
| 165 | { |
| 166 | Object *sec = object_new_with_props( |
| 167 | TYPE_QCRYPTO_SECRET, |
| 168 | object_get_objects_root(), |
| 169 | "sec0", |
| 170 | &error_abort, |
| 171 | "data", "123456", |
| 172 | "format", "raw", |
| 173 | NULL); |
| 174 | |
| 175 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 176 | &error_abort); |
| 177 | |
| 178 | g_assert_cmpstr(pw, ==, "123456"); |
| 179 | |
| 180 | object_unparent(sec); |
| 181 | g_free(pw); |
| 182 | } |
| 183 | |
| 184 | |
| 185 | static void test_secret_conv_base64_utf8valid(void) |
| 186 | { |
| 187 | Object *sec = object_new_with_props( |
| 188 | TYPE_QCRYPTO_SECRET, |
| 189 | object_get_objects_root(), |
| 190 | "sec0", |
| 191 | &error_abort, |
| 192 | "data", "MTIzNDU2", |
| 193 | "format", "base64", |
| 194 | NULL); |
| 195 | |
| 196 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 197 | &error_abort); |
| 198 | |
| 199 | g_assert_cmpstr(pw, ==, "123456"); |
| 200 | |
| 201 | object_unparent(sec); |
| 202 | g_free(pw); |
| 203 | } |
| 204 | |
| 205 | |
| 206 | static void test_secret_conv_base64_utf8invalid(void) |
| 207 | { |
| 208 | Object *sec = object_new_with_props( |
| 209 | TYPE_QCRYPTO_SECRET, |
| 210 | object_get_objects_root(), |
| 211 | "sec0", |
| 212 | &error_abort, |
| 213 | "data", "f0VMRgIBAQAAAA==", |
| 214 | "format", "base64", |
| 215 | NULL); |
| 216 | |
| 217 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 218 | NULL); |
| 219 | g_assert(pw == NULL); |
| 220 | |
| 221 | object_unparent(sec); |
| 222 | } |
| 223 | |
| 224 | |
| 225 | static void test_secret_conv_utf8_base64(void) |
| 226 | { |
| 227 | Object *sec = object_new_with_props( |
| 228 | TYPE_QCRYPTO_SECRET, |
| 229 | object_get_objects_root(), |
| 230 | "sec0", |
| 231 | &error_abort, |
| 232 | "data", "123456", |
| 233 | NULL); |
| 234 | |
| 235 | char *pw = qcrypto_secret_lookup_as_base64("sec0", |
| 236 | &error_abort); |
| 237 | |
| 238 | g_assert_cmpstr(pw, ==, "MTIzNDU2"); |
| 239 | |
| 240 | object_unparent(sec); |
| 241 | g_free(pw); |
| 242 | } |
| 243 | |
| 244 | |
| 245 | static void test_secret_crypt_raw(void) |
| 246 | { |
| 247 | Object *master = object_new_with_props( |
| 248 | TYPE_QCRYPTO_SECRET, |
| 249 | object_get_objects_root(), |
| 250 | "master", |
| 251 | &error_abort, |
| 252 | "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", |
| 253 | "format", "base64", |
| 254 | NULL); |
| 255 | Object *sec = object_new_with_props( |
| 256 | TYPE_QCRYPTO_SECRET, |
| 257 | object_get_objects_root(), |
| 258 | "sec0", |
| 259 | &error_abort, |
| 260 | "data", |
| 261 | "\xCC\xBF\xF7\x09\x46\x19\x0B\x52\x2A\x3A\xB4\x6B\xCD\x7A\xB0\xB0", |
| 262 | "format", "raw", |
| 263 | "keyid", "master", |
| 264 | "iv", "0I7Gw/TKuA+Old2W2apQ3g==", |
| 265 | NULL); |
| 266 | |
| 267 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 268 | &error_abort); |
| 269 | |
| 270 | g_assert_cmpstr(pw, ==, "123456"); |
| 271 | |
| 272 | object_unparent(sec); |
| 273 | object_unparent(master); |
| 274 | g_free(pw); |
| 275 | } |
| 276 | |
| 277 | |
| 278 | static void test_secret_crypt_base64(void) |
| 279 | { |
| 280 | Object *master = object_new_with_props( |
| 281 | TYPE_QCRYPTO_SECRET, |
| 282 | object_get_objects_root(), |
| 283 | "master", |
| 284 | &error_abort, |
| 285 | "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", |
| 286 | "format", "base64", |
| 287 | NULL); |
| 288 | Object *sec = object_new_with_props( |
| 289 | TYPE_QCRYPTO_SECRET, |
| 290 | object_get_objects_root(), |
| 291 | "sec0", |
| 292 | &error_abort, |
| 293 | "data", "zL/3CUYZC1IqOrRrzXqwsA==", |
| 294 | "format", "base64", |
| 295 | "keyid", "master", |
| 296 | "iv", "0I7Gw/TKuA+Old2W2apQ3g==", |
| 297 | NULL); |
| 298 | |
| 299 | char *pw = qcrypto_secret_lookup_as_utf8("sec0", |
| 300 | &error_abort); |
| 301 | |
| 302 | g_assert_cmpstr(pw, ==, "123456"); |
| 303 | |
| 304 | object_unparent(sec); |
| 305 | object_unparent(master); |
| 306 | g_free(pw); |
| 307 | } |
| 308 | |
| 309 | |
| 310 | static void test_secret_crypt_short_key(void) |
| 311 | { |
| 312 | Object *master = object_new_with_props( |
| 313 | TYPE_QCRYPTO_SECRET, |
| 314 | object_get_objects_root(), |
| 315 | "master", |
| 316 | &error_abort, |
| 317 | "data", "9miloPQCzGy+TL6aonfzVc", |
| 318 | "format", "base64", |
| 319 | NULL); |
| 320 | Object *sec = object_new_with_props( |
| 321 | TYPE_QCRYPTO_SECRET, |
| 322 | object_get_objects_root(), |
| 323 | "sec0", |
| 324 | NULL, |
| 325 | "data", "zL/3CUYZC1IqOrRrzXqwsA==", |
| 326 | "format", "raw", |
| 327 | "keyid", "master", |
| 328 | "iv", "0I7Gw/TKuA+Old2W2apQ3g==", |
| 329 | NULL); |
| 330 | |
| 331 | g_assert(sec == NULL); |
| 332 | object_unparent(master); |
| 333 | } |
| 334 | |
| 335 | |
| 336 | static void test_secret_crypt_short_iv(void) |
| 337 | { |
| 338 | Object *master = object_new_with_props( |
| 339 | TYPE_QCRYPTO_SECRET, |
| 340 | object_get_objects_root(), |
| 341 | "master", |
| 342 | &error_abort, |
| 343 | "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", |
| 344 | "format", "base64", |
| 345 | NULL); |
| 346 | Object *sec = object_new_with_props( |
| 347 | TYPE_QCRYPTO_SECRET, |
| 348 | object_get_objects_root(), |
| 349 | "sec0", |
| 350 | NULL, |
| 351 | "data", "zL/3CUYZC1IqOrRrzXqwsA==", |
| 352 | "format", "raw", |
| 353 | "keyid", "master", |
| 354 | "iv", "0I7Gw/TKuA+Old2W2a", |
| 355 | NULL); |
| 356 | |
| 357 | g_assert(sec == NULL); |
| 358 | object_unparent(master); |
| 359 | } |
| 360 | |
| 361 | |
| 362 | static void test_secret_crypt_missing_iv(void) |
| 363 | { |
| 364 | Object *master = object_new_with_props( |
| 365 | TYPE_QCRYPTO_SECRET, |
| 366 | object_get_objects_root(), |
| 367 | "master", |
| 368 | &error_abort, |
| 369 | "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", |
| 370 | "format", "base64", |
| 371 | NULL); |
| 372 | Object *sec = object_new_with_props( |
| 373 | TYPE_QCRYPTO_SECRET, |
| 374 | object_get_objects_root(), |
| 375 | "sec0", |
| 376 | NULL, |
| 377 | "data", "zL/3CUYZC1IqOrRrzXqwsA==", |
| 378 | "format", "raw", |
| 379 | "keyid", "master", |
| 380 | NULL); |
| 381 | |
| 382 | g_assert(sec == NULL); |
| 383 | object_unparent(master); |
| 384 | } |
| 385 | |
| 386 | |
| 387 | static void test_secret_crypt_bad_iv(void) |
| 388 | { |
| 389 | Object *master = object_new_with_props( |
| 390 | TYPE_QCRYPTO_SECRET, |
| 391 | object_get_objects_root(), |
| 392 | "master", |
| 393 | &error_abort, |
| 394 | "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", |
| 395 | "format", "base64", |
| 396 | NULL); |
| 397 | Object *sec = object_new_with_props( |
| 398 | TYPE_QCRYPTO_SECRET, |
| 399 | object_get_objects_root(), |
| 400 | "sec0", |
| 401 | NULL, |
| 402 | "data", "zL/3CUYZC1IqOrRrzXqwsA==", |
| 403 | "format", "raw", |
| 404 | "keyid", "master", |
| 405 | "iv", "0I7Gw/TK$$uA+Old2W2a", |
| 406 | NULL); |
| 407 | |
| 408 | g_assert(sec == NULL); |
| 409 | object_unparent(master); |
| 410 | } |
| 411 | |
| 412 | |
| 413 | int main(int argc, char **argv) |
| 414 | { |
| 415 | module_call_init(MODULE_INIT_QOM); |
| 416 | g_test_init(&argc, &argv, NULL); |
| 417 | |
| 418 | g_assert(qcrypto_init(NULL) == 0); |
| 419 | |
| 420 | g_test_add_func("/crypto/secret/direct", |
| 421 | test_secret_direct); |
| 422 | g_test_add_func("/crypto/secret/indirect/good", |
| 423 | test_secret_indirect_good); |
| 424 | g_test_add_func("/crypto/secret/indirect/badfile", |
| 425 | test_secret_indirect_badfile); |
| 426 | g_test_add_func("/crypto/secret/indirect/emptyfile", |
| 427 | test_secret_indirect_emptyfile); |
| 428 | |
| 429 | g_test_add_func("/crypto/secret/noconv/base64/good", |
| 430 | test_secret_noconv_base64_good); |
| 431 | g_test_add_func("/crypto/secret/noconv/base64/bad", |
| 432 | test_secret_noconv_base64_bad); |
| 433 | g_test_add_func("/crypto/secret/noconv/utf8", |
| 434 | test_secret_noconv_utf8); |
| 435 | g_test_add_func("/crypto/secret/conv/base64/utf8valid", |
| 436 | test_secret_conv_base64_utf8valid); |
| 437 | g_test_add_func("/crypto/secret/conv/base64/utf8invalid", |
| 438 | test_secret_conv_base64_utf8invalid); |
| 439 | g_test_add_func("/crypto/secret/conv/utf8/base64", |
| 440 | test_secret_conv_utf8_base64); |
| 441 | |
| 442 | g_test_add_func("/crypto/secret/crypt/raw", |
| 443 | test_secret_crypt_raw); |
| 444 | g_test_add_func("/crypto/secret/crypt/base64", |
| 445 | test_secret_crypt_base64); |
| 446 | g_test_add_func("/crypto/secret/crypt/shortkey", |
| 447 | test_secret_crypt_short_key); |
| 448 | g_test_add_func("/crypto/secret/crypt/shortiv", |
| 449 | test_secret_crypt_short_iv); |
| 450 | g_test_add_func("/crypto/secret/crypt/missingiv", |
| 451 | test_secret_crypt_missing_iv); |
| 452 | g_test_add_func("/crypto/secret/crypt/badiv", |
| 453 | test_secret_crypt_bad_iv); |
| 454 | |
| 455 | return g_test_run(); |
| 456 | } |