fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-21 00:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-util/tests/test-crypto.c

407 lines
11 KiB
C
Raw Normal View History

libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
* Dan Williams <dcbw@redhat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
libnm-util, libnm-glib: standardize copyright/license headers - Remove list of authors from files that had them; these serve no purpose except to quickly get out of date (and were only used in libnm-util and not libnm-glib anyway). - Just say "Copyright", not "(C) Copyright" or "Copyright (C)" - Put copyright statement after the license, not before - Remove "NetworkManager - Network link manager" from the few files that contained it, and "libnm_glib -- Access network status & information from glib applications" from the many files that contained it. - Remove vim modeline from nm-device-olpc-mesh.[ch], add emacs modeline to files that were missing it.
2014-07-04 13:33:18 -04:00
* Copyright 2007 - 2011 Red Hat, Inc.
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
*/
all: cleanup includes and let "nm-default.h" include "config.h" - All internal source files (except "examples", which are not internal) should include "config.h" first. As also all internal source files should include "nm-default.h", let "config.h" be included by "nm-default.h" and include "nm-default.h" as first in every source file. We already wanted to include "nm-default.h" before other headers because it might contains some fixes (like "nm-glib.h" compatibility) that is required first. - After including "nm-default.h", we optinally allow for including the corresponding header file for the source file at hand. The idea is to ensure that each header file is self contained. - Don't include "config.h" or "nm-default.h" in any header file (except "nm-sd-adapt.h"). Public headers anyway must not include these headers, and internal headers are never included after "nm-default.h", as of the first previous point. - Include all internal headers with quotes instead of angle brackets. In practice it doesn't matter, because in our public headers we must include other headers with angle brackets. As we use our public headers also to compile our interal source files, effectively the result must be the same. Still do it for consistency. - Except for <config.h> itself. Include it with angle brackets as suggested by https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers
2016-02-19 14:57:48 +01:00
#include "nm-default.h"
all: consistently include config.h config.h should be included from every .c file, and it should be included before any other include. Fix that. (As a side effect of how I did this, this also changes us to consistently use "config.h" rather than <config.h>. To the extent that it matters [which is not much], quotes are more correct anyway, since we're talking about a file in our own build tree, not a system include.)
2014-11-13 10:07:02 -05:00
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "crypto.h"
libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups To be backwards compatible clients need to handle both paths to private keys and the decrypted private key data, which is what used to get passed in the private-key and phase2-private-key attributes of the 802.1x setting. When moving a connection around between system-settings and user-settings, if the private key is decrypted data, the settings service needs to store that decrypted data somewhere so that the key can be sent to NM during the connection process. But we don't want to store the decrypted private key data, so we have to re-encrypt it (possibly generating a private key password if one wasn't sent with the decrypted data) and save it to disk, then send NM a path to that private key during connection. To help clients do this, and so that they don't have to carry around multiple crypto implementations depending on whether they want to use NSS or gnutls/gcrypt, add a helper to libnm-util. Furthermore, I misunderstood a bunch of stuff with crypto padding when writing the encrypt/decrypt functions long ago, so fix that up. Don't return padding as part of the decrypted data, and make sure to verify the padding's expected lengths and values when decrypting. Many thanks to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
#include "nm-utils.h"
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
nmtst: combine files nm-test-helpers.h and nm-test-utils.h Move the content of nm-test-helpers.h to nm-test-utils.h which completly replaces the older file. Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-04-22 16:55:28 +02:00
#include "nm-test-utils.h"
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
#if 0
static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
static const char *pem_rsa_key_end = "-----END RSA PRIVATE KEY-----";
static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
static const char *pem_dsa_key_end = "-----END DSA PRIVATE KEY-----";
static void
dump_key_to_pem (const char *key, gsize key_len, int key_type)
{
char *b64 = NULL;
GString *str = NULL;
const char *start_tag;
const char *end_tag;
char *p;
switch (key_type) {
case NM_CRYPTO_KEY_TYPE_RSA:
start_tag = pem_rsa_key_begin;
end_tag = pem_rsa_key_end;
break;
case NM_CRYPTO_KEY_TYPE_DSA:
start_tag = pem_dsa_key_begin;
end_tag = pem_dsa_key_end;
break;
default:
g_warning ("Unknown key type %d", key_type);
return;
}
b64 = g_base64_encode ((const unsigned char *) key, key_len);
if (!b64) {
g_warning ("Couldn't base64 encode the key.");
goto out;
}
str = g_string_new (NULL);
g_string_append (str, start_tag);
g_string_append_c (str, '\n');
for (p = b64; p < (b64 + strlen (b64)); p += 64) {
g_string_append_len (str, p, strnlen (p, 64));
g_string_append_c (str, '\n');
}
g_string_append (str, end_tag);
g_string_append_c (str, '\n');
g_message ("Decrypted private key:\n\n%s", str->str);
out:
g_free (b64);
if (str)
g_string_free (str, TRUE);
}
#endif
static void
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
test_cert (gconstpointer test_data)
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
{
test: initialize auto-destructed pointers Otherwise the compiler complains that they could be left uninitialized in case the function returns too early. Fixes: 76745817c3e77b7d6c22290a7564b73224147516
2015-02-09 15:17:53 +01:00
gs_free char *path = NULL;
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
GByteArray *array;
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL;
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
array = crypto_load_and_verify_certificate (path, &format, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
nmtst_assert_success (array != NULL, error);
g_assert (format == NM_CRYPTO_FILE_FORMAT_X509);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
g_byte_array_free (array, TRUE);
}
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
static GByteArray *
file_to_byte_array (const char *filename)
{
char *contents;
GByteArray *array = NULL;
gsize length = 0;
if (g_file_get_contents (filename, &contents, &length, NULL)) {
array = g_byte_array_sized_new (length);
all: remove pointless NULL checks g_malloc(), etc, never return NULL, by API contract. Likewise, by extension, no other glib function ever returns NULL due to lack of memory. So remove lots of unnecessary checks (the vast majority of which would have immediately crashed had they ever run anyway, since g_set_error(), g_warning(), and nm_log_*() all need to allocate memory). https://bugzilla.gnome.org/show_bug.cgi?id=693678
2013-01-31 15:36:12 -05:00
g_byte_array_append (array, (guint8 *) contents, length);
g_assert (array->len == length);
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
g_free (contents);
}
return array;
}
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
static void
test_load_private_key (const char *path,
const char *password,
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
const char *decrypted_path,
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
gboolean expect_fail,
const char *desc)
{
NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
GByteArray *array, *decrypted;
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
GError *error = NULL;
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
array = crypto_decrypt_private_key (path, password, &key_type, &error);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
if (expect_fail) {
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (!array);
g_assert ((password && error) || (!password && !error));
g_assert (key_type != NM_CRYPTO_KEY_TYPE_UNKNOWN);
libnm/tests: fix memleaks in tests for valgrind
2015-02-06 13:31:06 +01:00
g_clear_error (&error);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
return;
}
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (array);
g_assert (key_type == NM_CRYPTO_KEY_TYPE_RSA);
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
if (decrypted_path) {
/* Compare the crypto decrypted key against a known-good decryption */
decrypted = file_to_byte_array (decrypted_path);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (decrypted);
g_assert_cmpint (decrypted->len, >, 0);
g_assert_cmpmem (decrypted->data, decrypted->len, array->data, array->len);
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
g_byte_array_free (decrypted, TRUE);
}
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
libnm/tests: fix memleaks in tests for valgrind
2015-02-06 13:31:06 +01:00
g_clear_error (&error);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
g_byte_array_free (array, TRUE);
}
static void
test_load_pkcs12 (const char *path,
const char *password,
gboolean expect_fail,
const char *desc)
{
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL;
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
format = crypto_verify_private_key (path, password, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
if (expect_fail)
g_assert (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN);
else
g_assert (format == NM_CRYPTO_FILE_FORMAT_PKCS12);
libnm/tests: fix memleaks in tests for valgrind
2015-02-06 13:31:06 +01:00
g_clear_error (&error);
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
}
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
static void
test_load_pkcs12_no_password (const char *path, const char *desc)
{
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL;
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
/* We should still get a valid returned crypto file format */
format = crypto_verify_private_key (path, NULL, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (format == NM_CRYPTO_FILE_FORMAT_PKCS12);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
}
static void
test_is_pkcs12 (const char *path, gboolean expect_fail, const char *desc)
{
gboolean is_pkcs12;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
is_pkcs12 = crypto_is_pkcs12_file (path, NULL);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
if (expect_fail)
g_assert (!is_pkcs12);
else
g_assert (is_pkcs12);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
}
libnm-util: recognize PKCS#8 private keys and check passwords (bgo #649326) Neither gnutls nor NSS fully support PKCS#8 so we don't have complete support here, but at least recognize the keys and make an attempt to check the private key if we can.
2011-05-12 10:09:18 -05:00
static void
test_load_pkcs8 (const char *path,
const char *password,
gboolean expect_fail,
const char *desc)
{
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL;
format = crypto_verify_private_key (path, password, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
if (expect_fail)
g_assert (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN);
else
g_assert (format == NM_CRYPTO_FILE_FORMAT_RAW_KEY);
libnm-util: recognize PKCS#8 private keys and check passwords (bgo #649326) Neither gnutls nor NSS fully support PKCS#8 so we don't have complete support here, but at least recognize the keys and make an attempt to check the private key if we can.
2011-05-12 10:09:18 -05:00
}
libnm-util: add nm_utils_rsa_key_encrypt_aes() encrypting RSA key with AES
2014-05-09 13:48:30 +02:00
static gboolean
is_cipher_aes (const char *path)
{
char *contents;
gsize length = 0;
const char *cipher;
gboolean is_aes = FALSE;
if (!g_file_get_contents (path, &contents, &length, NULL))
return FALSE;
cipher = strstr (contents, "DEK-Info: ");
if (cipher) {
cipher += strlen ("DEK-Info: ");
if (g_str_has_prefix (cipher, "AES-128-CBC"))
is_aes = TRUE;
}
g_free (contents);
libnm-util, libnm-glib: whitespace fixes Fix indentation, kill trailing whitespace, split some long lines.
2014-05-09 14:45:59 -04:00
return is_aes;
libnm-util: add nm_utils_rsa_key_encrypt_aes() encrypting RSA key with AES
2014-05-09 13:48:30 +02:00
}
libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups To be backwards compatible clients need to handle both paths to private keys and the decrypted private key data, which is what used to get passed in the private-key and phase2-private-key attributes of the 802.1x setting. When moving a connection around between system-settings and user-settings, if the private key is decrypted data, the settings service needs to store that decrypted data somewhere so that the key can be sent to NM during the connection process. But we don't want to store the decrypted private key data, so we have to re-encrypt it (possibly generating a private key password if one wasn't sent with the decrypted data) and save it to disk, then send NM a path to that private key during connection. To help clients do this, and so that they don't have to carry around multiple crypto implementations depending on whether they want to use NSS or gnutls/gcrypt, add a helper to libnm-util. Furthermore, I misunderstood a bunch of stuff with crypto padding when writing the encrypt/decrypt functions long ago, so fix that up. Don't return padding as part of the decrypted data, and make sure to verify the padding's expected lengths and values when decrypting. Many thanks to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
static void
test_encrypt_private_key (const char *path,
const char *password,
const char *desc)
{
NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
GByteArray *array, *encrypted, *re_decrypted;
GError *error = NULL;
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
array = crypto_decrypt_private_key (path, password, &key_type, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (array);
g_assert_no_error (error);
g_assert (key_type == NM_CRYPTO_KEY_TYPE_RSA);
libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups To be backwards compatible clients need to handle both paths to private keys and the decrypted private key data, which is what used to get passed in the private-key and phase2-private-key attributes of the 802.1x setting. When moving a connection around between system-settings and user-settings, if the private key is decrypted data, the settings service needs to store that decrypted data somewhere so that the key can be sent to NM during the connection process. But we don't want to store the decrypted private key data, so we have to re-encrypt it (possibly generating a private key password if one wasn't sent with the decrypted data) and save it to disk, then send NM a path to that private key during connection. To help clients do this, and so that they don't have to carry around multiple crypto implementations depending on whether they want to use NSS or gnutls/gcrypt, add a helper to libnm-util. Furthermore, I misunderstood a bunch of stuff with crypto padding when writing the encrypt/decrypt functions long ago, so fix that up. Don't return padding as part of the decrypted data, and make sure to verify the padding's expected lengths and values when decrypting. Many thanks to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
/* Now re-encrypt the private key */
libnm-util: add nm_utils_rsa_key_encrypt_aes() encrypting RSA key with AES
2014-05-09 13:48:30 +02:00
if (is_cipher_aes (path))
encrypted = nm_utils_rsa_key_encrypt_aes (array, password, NULL, &error);
else
encrypted = nm_utils_rsa_key_encrypt (array, password, NULL, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (encrypted);
g_assert_no_error (error);
libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups To be backwards compatible clients need to handle both paths to private keys and the decrypted private key data, which is what used to get passed in the private-key and phase2-private-key attributes of the 802.1x setting. When moving a connection around between system-settings and user-settings, if the private key is decrypted data, the settings service needs to store that decrypted data somewhere so that the key can be sent to NM during the connection process. But we don't want to store the decrypted private key data, so we have to re-encrypt it (possibly generating a private key password if one wasn't sent with the decrypted data) and save it to disk, then send NM a path to that private key during connection. To help clients do this, and so that they don't have to carry around multiple crypto implementations depending on whether they want to use NSS or gnutls/gcrypt, add a helper to libnm-util. Furthermore, I misunderstood a bunch of stuff with crypto padding when writing the encrypt/decrypt functions long ago, so fix that up. Don't return padding as part of the decrypted data, and make sure to verify the padding's expected lengths and values when decrypting. Many thanks to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
/* Then re-decrypt the private key */
key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
re_decrypted = crypto_decrypt_private_key_data (encrypted, password, &key_type, &error);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (re_decrypted);
g_assert_no_error (error);
g_assert (key_type == NM_CRYPTO_KEY_TYPE_RSA);
libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups To be backwards compatible clients need to handle both paths to private keys and the decrypted private key data, which is what used to get passed in the private-key and phase2-private-key attributes of the 802.1x setting. When moving a connection around between system-settings and user-settings, if the private key is decrypted data, the settings service needs to store that decrypted data somewhere so that the key can be sent to NM during the connection process. But we don't want to store the decrypted private key data, so we have to re-encrypt it (possibly generating a private key password if one wasn't sent with the decrypted data) and save it to disk, then send NM a path to that private key during connection. To help clients do this, and so that they don't have to carry around multiple crypto implementations depending on whether they want to use NSS or gnutls/gcrypt, add a helper to libnm-util. Furthermore, I misunderstood a bunch of stuff with crypto padding when writing the encrypt/decrypt functions long ago, so fix that up. Don't return padding as part of the decrypted data, and make sure to verify the padding's expected lengths and values when decrypting. Many thanks to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
/* Compare the original decrypted key with the re-decrypted key */
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert_cmpmem (array->data, array->len, re_decrypted->data, re_decrypted->len);
libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups To be backwards compatible clients need to handle both paths to private keys and the decrypted private key data, which is what used to get passed in the private-key and phase2-private-key attributes of the 802.1x setting. When moving a connection around between system-settings and user-settings, if the private key is decrypted data, the settings service needs to store that decrypted data somewhere so that the key can be sent to NM during the connection process. But we don't want to store the decrypted private key data, so we have to re-encrypt it (possibly generating a private key password if one wasn't sent with the decrypted data) and save it to disk, then send NM a path to that private key during connection. To help clients do this, and so that they don't have to carry around multiple crypto implementations depending on whether they want to use NSS or gnutls/gcrypt, add a helper to libnm-util. Furthermore, I misunderstood a bunch of stuff with crypto padding when writing the encrypt/decrypt functions long ago, so fix that up. Don't return padding as part of the decrypted data, and make sure to verify the padding's expected lengths and values when decrypting. Many thanks to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
g_byte_array_free (re_decrypted, TRUE);
g_byte_array_free (encrypted, TRUE);
g_byte_array_free (array, TRUE);
}
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
static void
test_key (gconstpointer test_data)
{
char **parts, *path, *password, *decrypted_path;
int len;
parts = g_strsplit ((const char *) test_data, ", ", -1);
len = g_strv_length (parts);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert (len == 2 || len == 3);
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (path, password, "private-key-rencrypt");
g_free (path);
g_free (decrypted_path);
g_strfreev (parts);
}
static void
test_pkcs12 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert_cmpint (g_strv_length (parts), ==, 2);
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, FALSE, "is-pkcs12");
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
g_free (path);
g_strfreev (parts);
}
static void
test_pkcs8 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c)
2016-02-14 21:14:20 +01:00
g_assert_cmpint (g_strv_length (parts), ==, 2);
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
g_free (path);
g_strfreev (parts);
}
NMTST_DEFINE ();
int
main (int argc, char **argv)
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
{
GError *error = NULL;
tests: get rid of FAIL macro
2016-02-11 09:49:01 -06:00
gboolean success;
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
nmtst_init (&argc, &argv, TRUE);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
tests: get rid of FAIL macro
2016-02-11 09:49:01 -06:00
success = crypto_init (&error);
g_assert_no_error (error);
g_assert (success);
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-06 20:19:07 -04:00
g_test_add_data_func ("/libnm/crypto/cert/pem",
"test_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-2",
"test2_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/der",
"test_ca_cert.der",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
"ca-no-ending-newline.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
"test_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
"test2_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/key/padding-6",
"test_key_and_cert.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/key-only",
"test-key-only.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
g_test_add_data_func ("/libnm/crypto/key/aes",
"test-aes-key.pem, test-aes-password",
test_key);
g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
"test-cert.p12, test",
test_pkcs12);
g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
"test2-cert.p12, 12345testing",
test_pkcs12);
g_test_add_data_func ("/libnm/crypto/PKCS#8",
"pkcs8-enc-key.pem, 1234567890",
test_pkcs8);
libnm-util: Note that nm_utils_deinit() is a no-op nm_utils_deinit() is a no-op, so don't suggest that people need to call it.
2014-12-02 09:26:39 -05:00
return g_test_run ();
libnm-util: move crypto tests to libnm-util/tests/ Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00
}
Reference in a new issue Copy permalink