xref: /qemu/tests/unit/test-crypto-secret.c (revision 9a29e02073e5d032e49fb3af992b6065bd2acd3c)
1ac1d8878SDaniel P. Berrange /*
2ac1d8878SDaniel P. Berrange  * QEMU Crypto secret handling
3ac1d8878SDaniel P. Berrange  *
4ac1d8878SDaniel P. Berrange  * Copyright (c) 2015 Red Hat, Inc.
5ac1d8878SDaniel P. Berrange  *
6ac1d8878SDaniel P. Berrange  * This library is free software; you can redistribute it and/or
7ac1d8878SDaniel P. Berrange  * modify it under the terms of the GNU Lesser General Public
8ac1d8878SDaniel P. Berrange  * License as published by the Free Software Foundation; either
9422c16e7SChetan Pant  * version 2.1 of the License, or (at your option) any later version.
10ac1d8878SDaniel P. Berrange  *
11ac1d8878SDaniel P. Berrange  * This library is distributed in the hope that it will be useful,
12ac1d8878SDaniel P. Berrange  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13ac1d8878SDaniel P. Berrange  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14ac1d8878SDaniel P. Berrange  * Lesser General Public License for more details.
15ac1d8878SDaniel P. Berrange  *
16ac1d8878SDaniel P. Berrange  * You should have received a copy of the GNU Lesser General Public
17ac1d8878SDaniel P. Berrange  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18ac1d8878SDaniel P. Berrange  *
19ac1d8878SDaniel P. Berrange  */
20ac1d8878SDaniel P. Berrange 
21681c28a3SPeter Maydell #include "qemu/osdep.h"
22ac1d8878SDaniel P. Berrange 
23ac1d8878SDaniel P. Berrange #include "crypto/init.h"
24ac1d8878SDaniel P. Berrange #include "crypto/secret.h"
25da34e65cSMarkus Armbruster #include "qapi/error.h"
267136fc1dSMarkus Armbruster #include "qemu/module.h"
27*9a29e020SJuan Quintela #if defined(CONFIG_KEYUTILS) && defined(CONFIG_SECRET_KEYRING)
2892500362SAlexey Krasikov #include "crypto/secret_keyring.h"
2992500362SAlexey Krasikov #include <keyutils.h>
3092500362SAlexey Krasikov #endif
31ac1d8878SDaniel P. Berrange 
32ac1d8878SDaniel P. Berrange static void test_secret_direct(void)
33ac1d8878SDaniel P. Berrange {
34ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
35ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
36ac1d8878SDaniel P. Berrange         object_get_objects_root(),
37ac1d8878SDaniel P. Berrange         "sec0",
38ac1d8878SDaniel P. Berrange         &error_abort,
39ac1d8878SDaniel P. Berrange         "data", "123456",
40ac1d8878SDaniel P. Berrange         NULL);
41ac1d8878SDaniel P. Berrange 
42ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
43ac1d8878SDaniel P. Berrange                                              &error_abort);
44ac1d8878SDaniel P. Berrange 
45ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "123456");
46ac1d8878SDaniel P. Berrange 
47ac1d8878SDaniel P. Berrange     object_unparent(sec);
48ac1d8878SDaniel P. Berrange     g_free(pw);
49ac1d8878SDaniel P. Berrange }
50ac1d8878SDaniel P. Berrange 
51ac1d8878SDaniel P. Berrange 
52ac1d8878SDaniel P. Berrange static void test_secret_indirect_good(void)
53ac1d8878SDaniel P. Berrange {
54ac1d8878SDaniel P. Berrange     Object *sec;
55ac1d8878SDaniel P. Berrange     char *fname = NULL;
56e7ed11f0SDaniel P. Berrange     int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX",
57ac1d8878SDaniel P. Berrange                              &fname,
58ac1d8878SDaniel P. Berrange                              NULL);
59ac1d8878SDaniel P. Berrange 
60ac1d8878SDaniel P. Berrange     g_assert(fd >= 0);
61ac1d8878SDaniel P. Berrange     g_assert_nonnull(fname);
62ac1d8878SDaniel P. Berrange 
63ac1d8878SDaniel P. Berrange     g_assert(write(fd, "123456", 6) == 6);
64ac1d8878SDaniel P. Berrange 
65ac1d8878SDaniel P. Berrange     sec = object_new_with_props(
66ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
67ac1d8878SDaniel P. Berrange         object_get_objects_root(),
68ac1d8878SDaniel P. Berrange         "sec0",
69ac1d8878SDaniel P. Berrange         &error_abort,
70ac1d8878SDaniel P. Berrange         "file", fname,
71ac1d8878SDaniel P. Berrange         NULL);
72ac1d8878SDaniel P. Berrange 
73ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
74ac1d8878SDaniel P. Berrange                                              &error_abort);
75ac1d8878SDaniel P. Berrange 
76ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "123456");
77ac1d8878SDaniel P. Berrange 
78ac1d8878SDaniel P. Berrange     object_unparent(sec);
79ac1d8878SDaniel P. Berrange     g_free(pw);
80ac1d8878SDaniel P. Berrange     close(fd);
81e7ed11f0SDaniel P. Berrange     unlink(fname);
82ac1d8878SDaniel P. Berrange     g_free(fname);
83ac1d8878SDaniel P. Berrange }
84ac1d8878SDaniel P. Berrange 
85ac1d8878SDaniel P. Berrange 
86ac1d8878SDaniel P. Berrange static void test_secret_indirect_badfile(void)
87ac1d8878SDaniel P. Berrange {
88ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
89ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
90ac1d8878SDaniel P. Berrange         object_get_objects_root(),
91ac1d8878SDaniel P. Berrange         "sec0",
92ac1d8878SDaniel P. Berrange         NULL,
93ac1d8878SDaniel P. Berrange         "file", "does-not-exist",
94ac1d8878SDaniel P. Berrange         NULL);
95ac1d8878SDaniel P. Berrange 
96ac1d8878SDaniel P. Berrange     g_assert(sec == NULL);
97ac1d8878SDaniel P. Berrange }
98ac1d8878SDaniel P. Berrange 
99ac1d8878SDaniel P. Berrange 
100ac1d8878SDaniel P. Berrange static void test_secret_indirect_emptyfile(void)
101ac1d8878SDaniel P. Berrange {
102ac1d8878SDaniel P. Berrange     Object *sec;
103ac1d8878SDaniel P. Berrange     char *fname = NULL;
104e7ed11f0SDaniel P. Berrange     int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX",
105ac1d8878SDaniel P. Berrange                              &fname,
106ac1d8878SDaniel P. Berrange                              NULL);
107ac1d8878SDaniel P. Berrange 
108ac1d8878SDaniel P. Berrange     g_assert(fd >= 0);
109ac1d8878SDaniel P. Berrange     g_assert_nonnull(fname);
110ac1d8878SDaniel P. Berrange 
111ac1d8878SDaniel P. Berrange     sec = object_new_with_props(
112ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
113ac1d8878SDaniel P. Berrange         object_get_objects_root(),
114ac1d8878SDaniel P. Berrange         "sec0",
115ac1d8878SDaniel P. Berrange         &error_abort,
116ac1d8878SDaniel P. Berrange         "file", fname,
117ac1d8878SDaniel P. Berrange         NULL);
118ac1d8878SDaniel P. Berrange 
119ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
120ac1d8878SDaniel P. Berrange                                              &error_abort);
121ac1d8878SDaniel P. Berrange 
122ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "");
123ac1d8878SDaniel P. Berrange 
124ac1d8878SDaniel P. Berrange     object_unparent(sec);
125ac1d8878SDaniel P. Berrange     g_free(pw);
126ac1d8878SDaniel P. Berrange     close(fd);
127e7ed11f0SDaniel P. Berrange     unlink(fname);
128ac1d8878SDaniel P. Berrange     g_free(fname);
129ac1d8878SDaniel P. Berrange }
130ac1d8878SDaniel P. Berrange 
131*9a29e020SJuan Quintela #if defined(CONFIG_KEYUTILS) && defined(CONFIG_SECRET_KEYRING)
13292500362SAlexey Krasikov 
13392500362SAlexey Krasikov #define DESCRIPTION "qemu_test_secret"
13492500362SAlexey Krasikov #define PAYLOAD "Test Payload"
13592500362SAlexey Krasikov 
13692500362SAlexey Krasikov 
13792500362SAlexey Krasikov static void test_secret_keyring_good(void)
13892500362SAlexey Krasikov {
13992500362SAlexey Krasikov     char key_str[16];
14092500362SAlexey Krasikov     Object *sec;
14192500362SAlexey Krasikov     int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
14292500362SAlexey Krasikov                           strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
14392500362SAlexey Krasikov 
14492500362SAlexey Krasikov     g_assert(key >= 0);
14592500362SAlexey Krasikov 
14692500362SAlexey Krasikov     snprintf(key_str, sizeof(key_str), "0x%08x", key);
14792500362SAlexey Krasikov     sec = object_new_with_props(
14892500362SAlexey Krasikov         TYPE_QCRYPTO_SECRET_KEYRING,
14992500362SAlexey Krasikov         object_get_objects_root(),
15092500362SAlexey Krasikov         "sec0",
15192500362SAlexey Krasikov         &error_abort,
15292500362SAlexey Krasikov         "serial", key_str,
15392500362SAlexey Krasikov         NULL);
15492500362SAlexey Krasikov 
15592500362SAlexey Krasikov     assert(0 <= keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING));
15692500362SAlexey Krasikov     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
15792500362SAlexey Krasikov                                              &error_abort);
15892500362SAlexey Krasikov     g_assert_cmpstr(pw, ==, PAYLOAD);
15992500362SAlexey Krasikov 
16092500362SAlexey Krasikov     object_unparent(sec);
16192500362SAlexey Krasikov     g_free(pw);
16292500362SAlexey Krasikov }
16392500362SAlexey Krasikov 
16492500362SAlexey Krasikov 
16592500362SAlexey Krasikov static void test_secret_keyring_revoked_key(void)
16692500362SAlexey Krasikov {
16792500362SAlexey Krasikov     char key_str[16];
16892500362SAlexey Krasikov     Object *sec;
16992500362SAlexey Krasikov     int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
17092500362SAlexey Krasikov                           strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
17192500362SAlexey Krasikov     g_assert(key >= 0);
17292500362SAlexey Krasikov     g_assert_false(keyctl_revoke(key));
17392500362SAlexey Krasikov 
17492500362SAlexey Krasikov     snprintf(key_str, sizeof(key_str), "0x%08x", key);
17592500362SAlexey Krasikov     sec = object_new_with_props(
17692500362SAlexey Krasikov         TYPE_QCRYPTO_SECRET_KEYRING,
17792500362SAlexey Krasikov         object_get_objects_root(),
17892500362SAlexey Krasikov         "sec0",
17992500362SAlexey Krasikov         NULL,
18092500362SAlexey Krasikov         "serial", key_str,
18192500362SAlexey Krasikov         NULL);
18292500362SAlexey Krasikov 
18392500362SAlexey Krasikov     g_assert(errno == EKEYREVOKED);
18492500362SAlexey Krasikov     g_assert(sec == NULL);
18592500362SAlexey Krasikov 
18692500362SAlexey Krasikov     keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING);
18792500362SAlexey Krasikov }
18892500362SAlexey Krasikov 
18992500362SAlexey Krasikov 
19092500362SAlexey Krasikov static void test_secret_keyring_expired_key(void)
19192500362SAlexey Krasikov {
19292500362SAlexey Krasikov     char key_str[16];
19392500362SAlexey Krasikov     Object *sec;
19492500362SAlexey Krasikov     int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
19592500362SAlexey Krasikov                           strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
19692500362SAlexey Krasikov     g_assert(key >= 0);
19792500362SAlexey Krasikov     g_assert_false(keyctl_set_timeout(key, 1));
19892500362SAlexey Krasikov     sleep(1);
19992500362SAlexey Krasikov 
20092500362SAlexey Krasikov     snprintf(key_str, sizeof(key_str), "0x%08x", key);
20192500362SAlexey Krasikov     sec = object_new_with_props(
20292500362SAlexey Krasikov         TYPE_QCRYPTO_SECRET_KEYRING,
20392500362SAlexey Krasikov         object_get_objects_root(),
20492500362SAlexey Krasikov         "sec0",
20592500362SAlexey Krasikov         NULL,
20692500362SAlexey Krasikov         "serial", key_str,
20792500362SAlexey Krasikov         NULL);
20892500362SAlexey Krasikov 
20992500362SAlexey Krasikov     g_assert(errno == EKEYEXPIRED);
21092500362SAlexey Krasikov     g_assert(sec == NULL);
21192500362SAlexey Krasikov 
21292500362SAlexey Krasikov     keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING);
21392500362SAlexey Krasikov }
21492500362SAlexey Krasikov 
21592500362SAlexey Krasikov 
21692500362SAlexey Krasikov static void test_secret_keyring_bad_serial_key(void)
21792500362SAlexey Krasikov {
21892500362SAlexey Krasikov     Object *sec;
21992500362SAlexey Krasikov 
22092500362SAlexey Krasikov     sec = object_new_with_props(
22192500362SAlexey Krasikov         TYPE_QCRYPTO_SECRET_KEYRING,
22292500362SAlexey Krasikov         object_get_objects_root(),
22392500362SAlexey Krasikov         "sec0",
22492500362SAlexey Krasikov         NULL,
22592500362SAlexey Krasikov         "serial", "1",
22692500362SAlexey Krasikov         NULL);
22792500362SAlexey Krasikov 
22892500362SAlexey Krasikov     g_assert(errno == ENOKEY);
22992500362SAlexey Krasikov     g_assert(sec == NULL);
23092500362SAlexey Krasikov }
23192500362SAlexey Krasikov 
23292500362SAlexey Krasikov /*
23392500362SAlexey Krasikov  * TODO
23492500362SAlexey Krasikov  * test_secret_keyring_bad_key_access_right() is not working yet.
23592500362SAlexey Krasikov  * We don't know yet if this due a bug in the Linux kernel or
23692500362SAlexey Krasikov  * whether it's normal syscall behavior.
23792500362SAlexey Krasikov  * We've requested information from kernel maintainers.
23892500362SAlexey Krasikov  * See: <https://www.spinics.net/lists/keyrings/index.html>
23992500362SAlexey Krasikov  * Thread: 'security/keys: remove possessor verify after key permission check'
24092500362SAlexey Krasikov  */
24192500362SAlexey Krasikov 
24292500362SAlexey Krasikov static void test_secret_keyring_bad_key_access_right(void)
24392500362SAlexey Krasikov {
24492500362SAlexey Krasikov     char key_str[16];
24592500362SAlexey Krasikov     Object *sec;
24692500362SAlexey Krasikov 
24792500362SAlexey Krasikov     g_test_skip("TODO: Need responce from Linux kernel maintainers");
24892500362SAlexey Krasikov     return;
24992500362SAlexey Krasikov 
25092500362SAlexey Krasikov     int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
25192500362SAlexey Krasikov                           strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
25292500362SAlexey Krasikov     g_assert(key >= 0);
25392500362SAlexey Krasikov     g_assert_false(keyctl_setperm(key, KEY_POS_ALL & (~KEY_POS_READ)));
25492500362SAlexey Krasikov 
25592500362SAlexey Krasikov     snprintf(key_str, sizeof(key_str), "0x%08x", key);
25692500362SAlexey Krasikov 
25792500362SAlexey Krasikov     sec = object_new_with_props(
25892500362SAlexey Krasikov         TYPE_QCRYPTO_SECRET_KEYRING,
25992500362SAlexey Krasikov         object_get_objects_root(),
26092500362SAlexey Krasikov         "sec0",
26192500362SAlexey Krasikov         NULL,
26292500362SAlexey Krasikov         "serial", key_str,
26392500362SAlexey Krasikov         NULL);
26492500362SAlexey Krasikov 
26592500362SAlexey Krasikov     g_assert(errno == EACCES);
26692500362SAlexey Krasikov     g_assert(sec == NULL);
26792500362SAlexey Krasikov 
26892500362SAlexey Krasikov     keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING);
26992500362SAlexey Krasikov }
27092500362SAlexey Krasikov 
271*9a29e020SJuan Quintela #endif /* CONFIG_KEYUTILS && CONFIG_SECRET_KEYRING */
272ac1d8878SDaniel P. Berrange 
273ac1d8878SDaniel P. Berrange static void test_secret_noconv_base64_good(void)
274ac1d8878SDaniel P. Berrange {
275ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
276ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
277ac1d8878SDaniel P. Berrange         object_get_objects_root(),
278ac1d8878SDaniel P. Berrange         "sec0",
279ac1d8878SDaniel P. Berrange         &error_abort,
280ac1d8878SDaniel P. Berrange         "data", "MTIzNDU2",
281ac1d8878SDaniel P. Berrange         "format", "base64",
282ac1d8878SDaniel P. Berrange         NULL);
283ac1d8878SDaniel P. Berrange 
284ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_base64("sec0",
285ac1d8878SDaniel P. Berrange                                                &error_abort);
286ac1d8878SDaniel P. Berrange 
287ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "MTIzNDU2");
288ac1d8878SDaniel P. Berrange 
289ac1d8878SDaniel P. Berrange     object_unparent(sec);
290ac1d8878SDaniel P. Berrange     g_free(pw);
291ac1d8878SDaniel P. Berrange }
292ac1d8878SDaniel P. Berrange 
293ac1d8878SDaniel P. Berrange 
294ac1d8878SDaniel P. Berrange static void test_secret_noconv_base64_bad(void)
295ac1d8878SDaniel P. Berrange {
296ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
297ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
298ac1d8878SDaniel P. Berrange         object_get_objects_root(),
299ac1d8878SDaniel P. Berrange         "sec0",
300ac1d8878SDaniel P. Berrange         NULL,
301ac1d8878SDaniel P. Berrange         "data", "MTI$NDU2",
302ac1d8878SDaniel P. Berrange         "format", "base64",
303ac1d8878SDaniel P. Berrange         NULL);
304ac1d8878SDaniel P. Berrange 
305ac1d8878SDaniel P. Berrange     g_assert(sec == NULL);
306ac1d8878SDaniel P. Berrange }
307ac1d8878SDaniel P. Berrange 
308ac1d8878SDaniel P. Berrange 
309ac1d8878SDaniel P. Berrange static void test_secret_noconv_utf8(void)
310ac1d8878SDaniel P. Berrange {
311ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
312ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
313ac1d8878SDaniel P. Berrange         object_get_objects_root(),
314ac1d8878SDaniel P. Berrange         "sec0",
315ac1d8878SDaniel P. Berrange         &error_abort,
316ac1d8878SDaniel P. Berrange         "data", "123456",
317ac1d8878SDaniel P. Berrange         "format", "raw",
318ac1d8878SDaniel P. Berrange         NULL);
319ac1d8878SDaniel P. Berrange 
320ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
321ac1d8878SDaniel P. Berrange                                              &error_abort);
322ac1d8878SDaniel P. Berrange 
323ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "123456");
324ac1d8878SDaniel P. Berrange 
325ac1d8878SDaniel P. Berrange     object_unparent(sec);
326ac1d8878SDaniel P. Berrange     g_free(pw);
327ac1d8878SDaniel P. Berrange }
328ac1d8878SDaniel P. Berrange 
329ac1d8878SDaniel P. Berrange 
330ac1d8878SDaniel P. Berrange static void test_secret_conv_base64_utf8valid(void)
331ac1d8878SDaniel P. Berrange {
332ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
333ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
334ac1d8878SDaniel P. Berrange         object_get_objects_root(),
335ac1d8878SDaniel P. Berrange         "sec0",
336ac1d8878SDaniel P. Berrange         &error_abort,
337ac1d8878SDaniel P. Berrange         "data", "MTIzNDU2",
338ac1d8878SDaniel P. Berrange         "format", "base64",
339ac1d8878SDaniel P. Berrange         NULL);
340ac1d8878SDaniel P. Berrange 
341ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
342ac1d8878SDaniel P. Berrange                                              &error_abort);
343ac1d8878SDaniel P. Berrange 
344ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "123456");
345ac1d8878SDaniel P. Berrange 
346ac1d8878SDaniel P. Berrange     object_unparent(sec);
347ac1d8878SDaniel P. Berrange     g_free(pw);
348ac1d8878SDaniel P. Berrange }
349ac1d8878SDaniel P. Berrange 
350ac1d8878SDaniel P. Berrange 
351ac1d8878SDaniel P. Berrange static void test_secret_conv_base64_utf8invalid(void)
352ac1d8878SDaniel P. Berrange {
353ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
354ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
355ac1d8878SDaniel P. Berrange         object_get_objects_root(),
356ac1d8878SDaniel P. Berrange         "sec0",
357ac1d8878SDaniel P. Berrange         &error_abort,
358ac1d8878SDaniel P. Berrange         "data", "f0VMRgIBAQAAAA==",
359ac1d8878SDaniel P. Berrange         "format", "base64",
360ac1d8878SDaniel P. Berrange         NULL);
361ac1d8878SDaniel P. Berrange 
362ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
363ac1d8878SDaniel P. Berrange                                              NULL);
364ac1d8878SDaniel P. Berrange     g_assert(pw == NULL);
365ac1d8878SDaniel P. Berrange 
366ac1d8878SDaniel P. Berrange     object_unparent(sec);
367ac1d8878SDaniel P. Berrange }
368ac1d8878SDaniel P. Berrange 
369ac1d8878SDaniel P. Berrange 
370ac1d8878SDaniel P. Berrange static void test_secret_conv_utf8_base64(void)
371ac1d8878SDaniel P. Berrange {
372ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
373ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
374ac1d8878SDaniel P. Berrange         object_get_objects_root(),
375ac1d8878SDaniel P. Berrange         "sec0",
376ac1d8878SDaniel P. Berrange         &error_abort,
377ac1d8878SDaniel P. Berrange         "data", "123456",
378ac1d8878SDaniel P. Berrange         NULL);
379ac1d8878SDaniel P. Berrange 
380ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_base64("sec0",
381ac1d8878SDaniel P. Berrange                                                &error_abort);
382ac1d8878SDaniel P. Berrange 
383ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "MTIzNDU2");
384ac1d8878SDaniel P. Berrange 
385ac1d8878SDaniel P. Berrange     object_unparent(sec);
386ac1d8878SDaniel P. Berrange     g_free(pw);
387ac1d8878SDaniel P. Berrange }
388ac1d8878SDaniel P. Berrange 
389ac1d8878SDaniel P. Berrange 
390ac1d8878SDaniel P. Berrange static void test_secret_crypt_raw(void)
391ac1d8878SDaniel P. Berrange {
392ac1d8878SDaniel P. Berrange     Object *master = object_new_with_props(
393ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
394ac1d8878SDaniel P. Berrange         object_get_objects_root(),
395ac1d8878SDaniel P. Berrange         "master",
396ac1d8878SDaniel P. Berrange         &error_abort,
397ac1d8878SDaniel P. Berrange         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
398ac1d8878SDaniel P. Berrange         "format", "base64",
399ac1d8878SDaniel P. Berrange         NULL);
400ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
401ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
402ac1d8878SDaniel P. Berrange         object_get_objects_root(),
403ac1d8878SDaniel P. Berrange         "sec0",
404ac1d8878SDaniel P. Berrange         &error_abort,
405ac1d8878SDaniel P. Berrange         "data",
406ac1d8878SDaniel P. Berrange         "\xCC\xBF\xF7\x09\x46\x19\x0B\x52\x2A\x3A\xB4\x6B\xCD\x7A\xB0\xB0",
407ac1d8878SDaniel P. Berrange         "format", "raw",
408ac1d8878SDaniel P. Berrange         "keyid", "master",
409ac1d8878SDaniel P. Berrange         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
410ac1d8878SDaniel P. Berrange         NULL);
411ac1d8878SDaniel P. Berrange 
412ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
413ac1d8878SDaniel P. Berrange                                              &error_abort);
414ac1d8878SDaniel P. Berrange 
415ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "123456");
416ac1d8878SDaniel P. Berrange 
417ac1d8878SDaniel P. Berrange     object_unparent(sec);
418ac1d8878SDaniel P. Berrange     object_unparent(master);
419ac1d8878SDaniel P. Berrange     g_free(pw);
420ac1d8878SDaniel P. Berrange }
421ac1d8878SDaniel P. Berrange 
422ac1d8878SDaniel P. Berrange 
423ac1d8878SDaniel P. Berrange static void test_secret_crypt_base64(void)
424ac1d8878SDaniel P. Berrange {
425ac1d8878SDaniel P. Berrange     Object *master = object_new_with_props(
426ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
427ac1d8878SDaniel P. Berrange         object_get_objects_root(),
428ac1d8878SDaniel P. Berrange         "master",
429ac1d8878SDaniel P. Berrange         &error_abort,
430ac1d8878SDaniel P. Berrange         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
431ac1d8878SDaniel P. Berrange         "format", "base64",
432ac1d8878SDaniel P. Berrange         NULL);
433ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
434ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
435ac1d8878SDaniel P. Berrange         object_get_objects_root(),
436ac1d8878SDaniel P. Berrange         "sec0",
437ac1d8878SDaniel P. Berrange         &error_abort,
438ac1d8878SDaniel P. Berrange         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
439ac1d8878SDaniel P. Berrange         "format", "base64",
440ac1d8878SDaniel P. Berrange         "keyid", "master",
441ac1d8878SDaniel P. Berrange         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
442ac1d8878SDaniel P. Berrange         NULL);
443ac1d8878SDaniel P. Berrange 
444ac1d8878SDaniel P. Berrange     char *pw = qcrypto_secret_lookup_as_utf8("sec0",
445ac1d8878SDaniel P. Berrange                                              &error_abort);
446ac1d8878SDaniel P. Berrange 
447ac1d8878SDaniel P. Berrange     g_assert_cmpstr(pw, ==, "123456");
448ac1d8878SDaniel P. Berrange 
449ac1d8878SDaniel P. Berrange     object_unparent(sec);
450ac1d8878SDaniel P. Berrange     object_unparent(master);
451ac1d8878SDaniel P. Berrange     g_free(pw);
452ac1d8878SDaniel P. Berrange }
453ac1d8878SDaniel P. Berrange 
454ac1d8878SDaniel P. Berrange 
455ac1d8878SDaniel P. Berrange static void test_secret_crypt_short_key(void)
456ac1d8878SDaniel P. Berrange {
457ac1d8878SDaniel P. Berrange     Object *master = object_new_with_props(
458ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
459ac1d8878SDaniel P. Berrange         object_get_objects_root(),
460ac1d8878SDaniel P. Berrange         "master",
461ac1d8878SDaniel P. Berrange         &error_abort,
462ac1d8878SDaniel P. Berrange         "data", "9miloPQCzGy+TL6aonfzVc",
463ac1d8878SDaniel P. Berrange         "format", "base64",
464ac1d8878SDaniel P. Berrange         NULL);
465ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
466ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
467ac1d8878SDaniel P. Berrange         object_get_objects_root(),
468ac1d8878SDaniel P. Berrange         "sec0",
469ac1d8878SDaniel P. Berrange         NULL,
470ac1d8878SDaniel P. Berrange         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
471ac1d8878SDaniel P. Berrange         "format", "raw",
472ac1d8878SDaniel P. Berrange         "keyid", "master",
473ac1d8878SDaniel P. Berrange         "iv", "0I7Gw/TKuA+Old2W2apQ3g==",
474ac1d8878SDaniel P. Berrange         NULL);
475ac1d8878SDaniel P. Berrange 
476ac1d8878SDaniel P. Berrange     g_assert(sec == NULL);
477ac1d8878SDaniel P. Berrange     object_unparent(master);
478ac1d8878SDaniel P. Berrange }
479ac1d8878SDaniel P. Berrange 
480ac1d8878SDaniel P. Berrange 
481ac1d8878SDaniel P. Berrange static void test_secret_crypt_short_iv(void)
482ac1d8878SDaniel P. Berrange {
483ac1d8878SDaniel P. Berrange     Object *master = object_new_with_props(
484ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
485ac1d8878SDaniel P. Berrange         object_get_objects_root(),
486ac1d8878SDaniel P. Berrange         "master",
487ac1d8878SDaniel P. Berrange         &error_abort,
488ac1d8878SDaniel P. Berrange         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
489ac1d8878SDaniel P. Berrange         "format", "base64",
490ac1d8878SDaniel P. Berrange         NULL);
491ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
492ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
493ac1d8878SDaniel P. Berrange         object_get_objects_root(),
494ac1d8878SDaniel P. Berrange         "sec0",
495ac1d8878SDaniel P. Berrange         NULL,
496ac1d8878SDaniel P. Berrange         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
497ac1d8878SDaniel P. Berrange         "format", "raw",
498ac1d8878SDaniel P. Berrange         "keyid", "master",
499ac1d8878SDaniel P. Berrange         "iv", "0I7Gw/TKuA+Old2W2a",
500ac1d8878SDaniel P. Berrange         NULL);
501ac1d8878SDaniel P. Berrange 
502ac1d8878SDaniel P. Berrange     g_assert(sec == NULL);
503ac1d8878SDaniel P. Berrange     object_unparent(master);
504ac1d8878SDaniel P. Berrange }
505ac1d8878SDaniel P. Berrange 
506ac1d8878SDaniel P. Berrange 
507ac1d8878SDaniel P. Berrange static void test_secret_crypt_missing_iv(void)
508ac1d8878SDaniel P. Berrange {
509ac1d8878SDaniel P. Berrange     Object *master = object_new_with_props(
510ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
511ac1d8878SDaniel P. Berrange         object_get_objects_root(),
512ac1d8878SDaniel P. Berrange         "master",
513ac1d8878SDaniel P. Berrange         &error_abort,
514ac1d8878SDaniel P. Berrange         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
515ac1d8878SDaniel P. Berrange         "format", "base64",
516ac1d8878SDaniel P. Berrange         NULL);
517ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
518ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
519ac1d8878SDaniel P. Berrange         object_get_objects_root(),
520ac1d8878SDaniel P. Berrange         "sec0",
521ac1d8878SDaniel P. Berrange         NULL,
522ac1d8878SDaniel P. Berrange         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
523ac1d8878SDaniel P. Berrange         "format", "raw",
524ac1d8878SDaniel P. Berrange         "keyid", "master",
525ac1d8878SDaniel P. Berrange         NULL);
526ac1d8878SDaniel P. Berrange 
527ac1d8878SDaniel P. Berrange     g_assert(sec == NULL);
528ac1d8878SDaniel P. Berrange     object_unparent(master);
529ac1d8878SDaniel P. Berrange }
530ac1d8878SDaniel P. Berrange 
531ac1d8878SDaniel P. Berrange 
532ac1d8878SDaniel P. Berrange static void test_secret_crypt_bad_iv(void)
533ac1d8878SDaniel P. Berrange {
534ac1d8878SDaniel P. Berrange     Object *master = object_new_with_props(
535ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
536ac1d8878SDaniel P. Berrange         object_get_objects_root(),
537ac1d8878SDaniel P. Berrange         "master",
538ac1d8878SDaniel P. Berrange         &error_abort,
539ac1d8878SDaniel P. Berrange         "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=",
540ac1d8878SDaniel P. Berrange         "format", "base64",
541ac1d8878SDaniel P. Berrange         NULL);
542ac1d8878SDaniel P. Berrange     Object *sec = object_new_with_props(
543ac1d8878SDaniel P. Berrange         TYPE_QCRYPTO_SECRET,
544ac1d8878SDaniel P. Berrange         object_get_objects_root(),
545ac1d8878SDaniel P. Berrange         "sec0",
546ac1d8878SDaniel P. Berrange         NULL,
547ac1d8878SDaniel P. Berrange         "data", "zL/3CUYZC1IqOrRrzXqwsA==",
548ac1d8878SDaniel P. Berrange         "format", "raw",
549ac1d8878SDaniel P. Berrange         "keyid", "master",
550ac1d8878SDaniel P. Berrange         "iv", "0I7Gw/TK$$uA+Old2W2a",
551ac1d8878SDaniel P. Berrange         NULL);
552ac1d8878SDaniel P. Berrange 
553ac1d8878SDaniel P. Berrange     g_assert(sec == NULL);
554ac1d8878SDaniel P. Berrange     object_unparent(master);
555ac1d8878SDaniel P. Berrange }
556ac1d8878SDaniel P. Berrange 
557ac1d8878SDaniel P. Berrange 
558ac1d8878SDaniel P. Berrange int main(int argc, char **argv)
559ac1d8878SDaniel P. Berrange {
560ac1d8878SDaniel P. Berrange     module_call_init(MODULE_INIT_QOM);
561ac1d8878SDaniel P. Berrange     g_test_init(&argc, &argv, NULL);
562ac1d8878SDaniel P. Berrange 
563ac1d8878SDaniel P. Berrange     g_assert(qcrypto_init(NULL) == 0);
564ac1d8878SDaniel P. Berrange 
565ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/direct",
566ac1d8878SDaniel P. Berrange                     test_secret_direct);
567ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/indirect/good",
568ac1d8878SDaniel P. Berrange                     test_secret_indirect_good);
569ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/indirect/badfile",
570ac1d8878SDaniel P. Berrange                     test_secret_indirect_badfile);
571ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/indirect/emptyfile",
572ac1d8878SDaniel P. Berrange                     test_secret_indirect_emptyfile);
573ac1d8878SDaniel P. Berrange 
574*9a29e020SJuan Quintela #if defined(CONFIG_KEYUTILS) && defined(CONFIG_SECRET_KEYRING)
57592500362SAlexey Krasikov     g_test_add_func("/crypto/secret/keyring/good",
57692500362SAlexey Krasikov                     test_secret_keyring_good);
57792500362SAlexey Krasikov     g_test_add_func("/crypto/secret/keyring/revoked_key",
57892500362SAlexey Krasikov                     test_secret_keyring_revoked_key);
57992500362SAlexey Krasikov     g_test_add_func("/crypto/secret/keyring/expired_key",
58092500362SAlexey Krasikov                     test_secret_keyring_expired_key);
58192500362SAlexey Krasikov     g_test_add_func("/crypto/secret/keyring/bad_serial_key",
58292500362SAlexey Krasikov                     test_secret_keyring_bad_serial_key);
58392500362SAlexey Krasikov     g_test_add_func("/crypto/secret/keyring/bad_key_access_right",
58492500362SAlexey Krasikov                     test_secret_keyring_bad_key_access_right);
585*9a29e020SJuan Quintela #endif /* CONFIG_KEYUTILS && CONFIG_SECRET_KEYRING */
58692500362SAlexey Krasikov 
587ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/noconv/base64/good",
588ac1d8878SDaniel P. Berrange                     test_secret_noconv_base64_good);
589ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/noconv/base64/bad",
590ac1d8878SDaniel P. Berrange                     test_secret_noconv_base64_bad);
591ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/noconv/utf8",
592ac1d8878SDaniel P. Berrange                     test_secret_noconv_utf8);
593ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/conv/base64/utf8valid",
594ac1d8878SDaniel P. Berrange                     test_secret_conv_base64_utf8valid);
595ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/conv/base64/utf8invalid",
596ac1d8878SDaniel P. Berrange                     test_secret_conv_base64_utf8invalid);
597ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/conv/utf8/base64",
598ac1d8878SDaniel P. Berrange                     test_secret_conv_utf8_base64);
599ac1d8878SDaniel P. Berrange 
600ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/crypt/raw",
601ac1d8878SDaniel P. Berrange                     test_secret_crypt_raw);
602ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/crypt/base64",
603ac1d8878SDaniel P. Berrange                     test_secret_crypt_base64);
604ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/crypt/shortkey",
605ac1d8878SDaniel P. Berrange                     test_secret_crypt_short_key);
606ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/crypt/shortiv",
607ac1d8878SDaniel P. Berrange                     test_secret_crypt_short_iv);
608ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/crypt/missingiv",
609ac1d8878SDaniel P. Berrange                     test_secret_crypt_missing_iv);
610ac1d8878SDaniel P. Berrange     g_test_add_func("/crypto/secret/crypt/badiv",
611ac1d8878SDaniel P. Berrange                     test_secret_crypt_bad_iv);
612ac1d8878SDaniel P. Berrange 
613ac1d8878SDaniel P. Berrange     return g_test_run();
614ac1d8878SDaniel P. Berrange }
615