]> git.proxmox.com Git - mirror_qemu.git/blame - tests/test-crypto-secret.c
tests: virtio-9p: ".." cannot be used to walk out of the shared directory
[mirror_qemu.git] / tests / test-crypto-secret.c
CommitLineData
ac1d8878
DB
1/*
2 * QEMU Crypto secret handling
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
681c28a3 21#include "qemu/osdep.h"
ac1d8878
DB
22
23#include "crypto/init.h"
24#include "crypto/secret.h"
da34e65c 25#include "qapi/error.h"
7136fc1d 26#include "qemu/module.h"
ac1d8878
DB
27
28static void test_secret_direct(void)
29{
30 Object *sec = object_new_with_props(
31 TYPE_QCRYPTO_SECRET,
32 object_get_objects_root(),
33 "sec0",
34 &error_abort,
35 "data", "123456",
36 NULL);
37
38 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
39 &error_abort);
40
41 g_assert_cmpstr(pw, ==, "123456");
42
43 object_unparent(sec);
44 g_free(pw);
45}
46
47
48static void test_secret_indirect_good(void)
49{
50 Object *sec;
51 char *fname = NULL;
e7ed11f0 52 int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX",
ac1d8878
DB
53 &fname,
54 NULL);
55
56 g_assert(fd >= 0);
57 g_assert_nonnull(fname);
58
59 g_assert(write(fd, "123456", 6) == 6);
60
61 sec = object_new_with_props(
62 TYPE_QCRYPTO_SECRET,
63 object_get_objects_root(),
64 "sec0",
65 &error_abort,
66 "file", fname,
67 NULL);
68
69 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
70 &error_abort);
71
72 g_assert_cmpstr(pw, ==, "123456");
73
74 object_unparent(sec);
75 g_free(pw);
76 close(fd);
e7ed11f0 77 unlink(fname);
ac1d8878
DB
78 g_free(fname);
79}
80
81
82static void test_secret_indirect_badfile(void)
83{
84 Object *sec = object_new_with_props(
85 TYPE_QCRYPTO_SECRET,
86 object_get_objects_root(),
87 "sec0",
88 NULL,
89 "file", "does-not-exist",
90 NULL);
91
92 g_assert(sec == NULL);
93}
94
95
96static void test_secret_indirect_emptyfile(void)
97{
98 Object *sec;
99 char *fname = NULL;
e7ed11f0 100 int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX",
ac1d8878
DB
101 &fname,
102 NULL);
103
104 g_assert(fd >= 0);
105 g_assert_nonnull(fname);
106
107 sec = object_new_with_props(
108 TYPE_QCRYPTO_SECRET,
109 object_get_objects_root(),
110 "sec0",
111 &error_abort,
112 "file", fname,
113 NULL);
114
115 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
116 &error_abort);
117
118 g_assert_cmpstr(pw, ==, "");
119
120 object_unparent(sec);
121 g_free(pw);
122 close(fd);
e7ed11f0 123 unlink(fname);
ac1d8878
DB
124 g_free(fname);
125}
126
127
128static void test_secret_noconv_base64_good(void)
129{
130 Object *sec = object_new_with_props(
131 TYPE_QCRYPTO_SECRET,
132 object_get_objects_root(),
133 "sec0",
134 &error_abort,
135 "data", "MTIzNDU2",
136 "format", "base64",
137 NULL);
138
139 char *pw = qcrypto_secret_lookup_as_base64("sec0",
140 &error_abort);
141
142 g_assert_cmpstr(pw, ==, "MTIzNDU2");
143
144 object_unparent(sec);
145 g_free(pw);
146}
147
148
149static void test_secret_noconv_base64_bad(void)
150{
151 Object *sec = object_new_with_props(
152 TYPE_QCRYPTO_SECRET,
153 object_get_objects_root(),
154 "sec0",
155 NULL,
156 "data", "MTI$NDU2",
157 "format", "base64",
158 NULL);
159
160 g_assert(sec == NULL);
161}
162
163
164static void test_secret_noconv_utf8(void)
165{
166 Object *sec = object_new_with_props(
167 TYPE_QCRYPTO_SECRET,
168 object_get_objects_root(),
169 "sec0",
170 &error_abort,
171 "data", "123456",
172 "format", "raw",
173 NULL);
174
175 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
176 &error_abort);
177
178 g_assert_cmpstr(pw, ==, "123456");
179
180 object_unparent(sec);
181 g_free(pw);
182}
183
184
185static void test_secret_conv_base64_utf8valid(void)
186{
187 Object *sec = object_new_with_props(
188 TYPE_QCRYPTO_SECRET,
189 object_get_objects_root(),
190 "sec0",
191 &error_abort,
192 "data", "MTIzNDU2",
193 "format", "base64",
194 NULL);
195
196 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
197 &error_abort);
198
199 g_assert_cmpstr(pw, ==, "123456");
200
201 object_unparent(sec);
202 g_free(pw);
203}
204
205
206static void test_secret_conv_base64_utf8invalid(void)
207{
208 Object *sec = object_new_with_props(
209 TYPE_QCRYPTO_SECRET,
210 object_get_objects_root(),
211 "sec0",
212 &error_abort,
213 "data", "f0VMRgIBAQAAAA==",
214 "format", "base64",
215 NULL);
216
217 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
218 NULL);
219 g_assert(pw == NULL);
220
221 object_unparent(sec);
222}
223
224
225static void test_secret_conv_utf8_base64(void)
226{
227 Object *sec = object_new_with_props(
228 TYPE_QCRYPTO_SECRET,
229 object_get_objects_root(),
230 "sec0",
231 &error_abort,
232 "data", "123456",
233 NULL);
234
235 char *pw = qcrypto_secret_lookup_as_base64("sec0",
236 &error_abort);
237
238 g_assert_cmpstr(pw, ==, "MTIzNDU2");
239
240 object_unparent(sec);
241 g_free(pw);
242}
243
244
245static void test_secret_crypt_raw(void)
246{
247 Object *master = object_new_with_props(
248 TYPE_QCRYPTO_SECRET,
249 object_get_objects_root(),
250 "master",
251 &error_abort,
252 "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
253 "format", "base64",
254 NULL);
255 Object *sec = object_new_with_props(
256 TYPE_QCRYPTO_SECRET,
257 object_get_objects_root(),
258 "sec0",
259 &error_abort,
260 "data",
261 "\xCC\xBF\xF7\x09\x46\x19\x0B\x52\x2A\x3A\xB4\x6B\xCD\x7A\xB0\xB0",
262 "format", "raw",
263 "keyid", "master",
264 "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
265 NULL);
266
267 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
268 &error_abort);
269
270 g_assert_cmpstr(pw, ==, "123456");
271
272 object_unparent(sec);
273 object_unparent(master);
274 g_free(pw);
275}
276
277
278static void test_secret_crypt_base64(void)
279{
280 Object *master = object_new_with_props(
281 TYPE_QCRYPTO_SECRET,
282 object_get_objects_root(),
283 "master",
284 &error_abort,
285 "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
286 "format", "base64",
287 NULL);
288 Object *sec = object_new_with_props(
289 TYPE_QCRYPTO_SECRET,
290 object_get_objects_root(),
291 "sec0",
292 &error_abort,
293 "data", "zL/3CUYZC1IqOrRrzXqwsA==",
294 "format", "base64",
295 "keyid", "master",
296 "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
297 NULL);
298
299 char *pw = qcrypto_secret_lookup_as_utf8("sec0",
300 &error_abort);
301
302 g_assert_cmpstr(pw, ==, "123456");
303
304 object_unparent(sec);
305 object_unparent(master);
306 g_free(pw);
307}
308
309
310static void test_secret_crypt_short_key(void)
311{
312 Object *master = object_new_with_props(
313 TYPE_QCRYPTO_SECRET,
314 object_get_objects_root(),
315 "master",
316 &error_abort,
317 "data", "9miloPQCzGy+TL6aonfzVc",
318 "format", "base64",
319 NULL);
320 Object *sec = object_new_with_props(
321 TYPE_QCRYPTO_SECRET,
322 object_get_objects_root(),
323 "sec0",
324 NULL,
325 "data", "zL/3CUYZC1IqOrRrzXqwsA==",
326 "format", "raw",
327 "keyid", "master",
328 "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
329 NULL);
330
331 g_assert(sec == NULL);
332 object_unparent(master);
333}
334
335
336static void test_secret_crypt_short_iv(void)
337{
338 Object *master = object_new_with_props(
339 TYPE_QCRYPTO_SECRET,
340 object_get_objects_root(),
341 "master",
342 &error_abort,
343 "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
344 "format", "base64",
345 NULL);
346 Object *sec = object_new_with_props(
347 TYPE_QCRYPTO_SECRET,
348 object_get_objects_root(),
349 "sec0",
350 NULL,
351 "data", "zL/3CUYZC1IqOrRrzXqwsA==",
352 "format", "raw",
353 "keyid", "master",
354 "iv", "0I7Gw/TKuA+Old2W2a",
355 NULL);
356
357 g_assert(sec == NULL);
358 object_unparent(master);
359}
360
361
362static void test_secret_crypt_missing_iv(void)
363{
364 Object *master = object_new_with_props(
365 TYPE_QCRYPTO_SECRET,
366 object_get_objects_root(),
367 "master",
368 &error_abort,
369 "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
370 "format", "base64",
371 NULL);
372 Object *sec = object_new_with_props(
373 TYPE_QCRYPTO_SECRET,
374 object_get_objects_root(),
375 "sec0",
376 NULL,
377 "data", "zL/3CUYZC1IqOrRrzXqwsA==",
378 "format", "raw",
379 "keyid", "master",
380 NULL);
381
382 g_assert(sec == NULL);
383 object_unparent(master);
384}
385
386
387static void test_secret_crypt_bad_iv(void)
388{
389 Object *master = object_new_with_props(
390 TYPE_QCRYPTO_SECRET,
391 object_get_objects_root(),
392 "master",
393 &error_abort,
394 "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
395 "format", "base64",
396 NULL);
397 Object *sec = object_new_with_props(
398 TYPE_QCRYPTO_SECRET,
399 object_get_objects_root(),
400 "sec0",
401 NULL,
402 "data", "zL/3CUYZC1IqOrRrzXqwsA==",
403 "format", "raw",
404 "keyid", "master",
405 "iv", "0I7Gw/TK$$uA+Old2W2a",
406 NULL);
407
408 g_assert(sec == NULL);
409 object_unparent(master);
410}
411
412
413int main(int argc, char **argv)
414{
415 module_call_init(MODULE_INIT_QOM);
416 g_test_init(&argc, &argv, NULL);
417
418 g_assert(qcrypto_init(NULL) == 0);
419
420 g_test_add_func("/crypto/secret/direct",
421 test_secret_direct);
422 g_test_add_func("/crypto/secret/indirect/good",
423 test_secret_indirect_good);
424 g_test_add_func("/crypto/secret/indirect/badfile",
425 test_secret_indirect_badfile);
426 g_test_add_func("/crypto/secret/indirect/emptyfile",
427 test_secret_indirect_emptyfile);
428
429 g_test_add_func("/crypto/secret/noconv/base64/good",
430 test_secret_noconv_base64_good);
431 g_test_add_func("/crypto/secret/noconv/base64/bad",
432 test_secret_noconv_base64_bad);
433 g_test_add_func("/crypto/secret/noconv/utf8",
434 test_secret_noconv_utf8);
435 g_test_add_func("/crypto/secret/conv/base64/utf8valid",
436 test_secret_conv_base64_utf8valid);
437 g_test_add_func("/crypto/secret/conv/base64/utf8invalid",
438 test_secret_conv_base64_utf8invalid);
439 g_test_add_func("/crypto/secret/conv/utf8/base64",
440 test_secret_conv_utf8_base64);
441
442 g_test_add_func("/crypto/secret/crypt/raw",
443 test_secret_crypt_raw);
444 g_test_add_func("/crypto/secret/crypt/base64",
445 test_secret_crypt_base64);
446 g_test_add_func("/crypto/secret/crypt/shortkey",
447 test_secret_crypt_short_key);
448 g_test_add_func("/crypto/secret/crypt/shortiv",
449 test_secret_crypt_short_iv);
450 g_test_add_func("/crypto/secret/crypt/missingiv",
451 test_secret_crypt_missing_iv);
452 g_test_add_func("/crypto/secret/crypt/badiv",
453 test_secret_crypt_bad_iv);
454
455 return g_test_run();
456}