Line data Source code
1 : /*
2 : * Unit tests for source4/rpc_server/dnsserver/dnsutils.c
3 : *
4 : * Copyright (C) Catalyst.NET Ltd 2018
5 : * Copyright (C) Andrew Bartlett 2019
6 : *
7 : * This program is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * This program is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : *
20 : */
21 :
22 : /*
23 : * from cmocka.c:
24 : * These headers or their equivalents should be included prior to
25 : * including
26 : * this header file.
27 : *
28 : * #include <stdarg.h>
29 : * #include <stddef.h>
30 : * #include <setjmp.h>
31 : *
32 : * This allows test applications to use custom definitions of C standard
33 : * library functions and types.
34 : *
35 : */
36 :
37 : #include <stdarg.h>
38 : #include <stddef.h>
39 : #include <setjmp.h>
40 : #include <cmocka.h>
41 :
42 :
43 : #include "../repl_decrypt.c"
44 :
45 :
46 : /*
47 : * test encryption and decryption including RID obfustincation
48 : */
49 1 : static void test_drsuapi_rid_encrypt_decrypt_attribute_value(void **state)
50 : {
51 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
52 : 0xe1, 0xf2, 0x03, 0x14,
53 : 0x21, 0x32, 0x43, 0x54,
54 : 0x61, 0x72, 0x83, 0x94 };
55 :
56 1 : uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
57 : 0x01, 0x02, 0x03, 0x04,
58 : 0x01, 0x02, 0x03, 0x04,
59 : 0x01, 0x02, 0x03, 0x04 };
60 1 : const uint32_t rid = 514;
61 :
62 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
63 :
64 1 : WERROR werr;
65 :
66 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
67 1 : const DATA_BLOB plaintext = data_blob_const(test_data,
68 : sizeof(test_data));
69 1 : DATA_BLOB encrypted;
70 1 : DATA_BLOB decrypted = data_blob_null;
71 :
72 1 : werr = drsuapi_encrypt_attribute_value(mem_ctx,
73 : &key_blob,
74 : true,
75 : rid,
76 : &plaintext,
77 : &encrypted);
78 :
79 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_OK));
80 1 : assert_int_not_equal(encrypted.length, plaintext.length);
81 :
82 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
83 : &key_blob,
84 : true,
85 : rid,
86 : &encrypted,
87 : &decrypted);
88 :
89 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_OK));
90 :
91 1 : assert_int_equal(decrypted.length, plaintext.length);
92 :
93 1 : assert_memory_equal(decrypted.data, plaintext.data, plaintext.length);
94 1 : TALLOC_FREE(mem_ctx);
95 1 : }
96 :
97 : /*
98 : * test encryption and decryption failing RID obfustincation (data length)
99 : */
100 1 : static void test_drsuapi_bad_len_rid_encrypt_decrypt_attribute_value(void **state)
101 : {
102 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
103 : 0xe1, 0xf2, 0x03, 0x14,
104 : 0x21, 0x32, 0x43, 0x54,
105 : 0x61, 0x72, 0x83, 0x94 };
106 :
107 1 : uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
108 : 0x01, 0x02, 0x03, 0x04,
109 : 0x01, 0x02, 0x03, 0x04,
110 : 0x01, 0x02, 0x03, 0x04, 0x05 };
111 1 : const uint32_t rid = 514;
112 :
113 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
114 :
115 1 : WERROR werr;
116 :
117 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
118 1 : const DATA_BLOB plaintext = data_blob_const(test_data,
119 : sizeof(test_data));
120 1 : DATA_BLOB encrypted;
121 :
122 1 : werr = drsuapi_encrypt_attribute_value(mem_ctx,
123 : &key_blob,
124 : true,
125 : rid,
126 : &plaintext,
127 : &encrypted);
128 :
129 1 : assert_int_equal(W_ERROR_V(werr),
130 : W_ERROR_V(WERR_DS_DRA_INVALID_PARAMETER));
131 1 : TALLOC_FREE(mem_ctx);
132 1 : }
133 :
134 : /*
135 : * test encryption and decryption failing RID obfustincation (zero rid)
136 : */
137 1 : static void test_drsuapi_zero_rid_encrypt_decrypt_attribute_value(void **state)
138 : {
139 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
140 : 0xe1, 0xf2, 0x03, 0x14,
141 : 0x21, 0x32, 0x43, 0x54,
142 : 0x61, 0x72, 0x83, 0x94 };
143 :
144 1 : uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
145 : 0x01, 0x02, 0x03, 0x04,
146 : 0x01, 0x02, 0x03, 0x04,
147 : 0x01, 0x02, 0x03, 0x04 };
148 1 : const uint32_t rid = 0;
149 :
150 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
151 :
152 1 : WERROR werr;
153 :
154 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
155 1 : const DATA_BLOB plaintext = data_blob_const(test_data,
156 : sizeof(test_data));
157 1 : DATA_BLOB encrypted;
158 :
159 1 : werr = drsuapi_encrypt_attribute_value(mem_ctx,
160 : &key_blob,
161 : true,
162 : rid,
163 : &plaintext,
164 : &encrypted);
165 :
166 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_DS_DRA_INVALID_PARAMETER));
167 1 : TALLOC_FREE(mem_ctx);
168 1 : }
169 :
170 : /*
171 : * test encryption and decryption without RID obfustication
172 : */
173 1 : static void test_drsuapi_encrypt_decrypt_attribute_value(void **state)
174 : {
175 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
176 : 0xe1, 0xf2, 0x03, 0x14,
177 : 0x21, 0x32, 0x43, 0x54,
178 : 0x61, 0x72, 0x83, 0x94 };
179 :
180 : /* Ensures we can cope with odd lengths */
181 1 : uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
182 : 0x01, 0x02, 0x03, 0x04,
183 : 0x01, 0x02, 0x03, 0x04,
184 : 0x01, 0x02, 0x03, 0x04, 0x05 };
185 :
186 :
187 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
188 :
189 1 : WERROR werr;
190 :
191 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
192 1 : const DATA_BLOB plaintext = data_blob_const(test_data,
193 : sizeof(test_data));
194 1 : DATA_BLOB encrypted;
195 1 : DATA_BLOB decrypted = data_blob_null;
196 :
197 1 : werr = drsuapi_encrypt_attribute_value(mem_ctx,
198 : &key_blob,
199 : false,
200 : 0,
201 : &plaintext,
202 : &encrypted);
203 :
204 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_OK));
205 1 : assert_int_not_equal(encrypted.length, plaintext.length);
206 :
207 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
208 : &key_blob,
209 : false,
210 : 0,
211 : &encrypted,
212 : &decrypted);
213 :
214 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_OK));
215 :
216 1 : assert_int_equal(decrypted.length, plaintext.length);
217 :
218 1 : assert_memory_equal(decrypted.data, plaintext.data, plaintext.length);
219 1 : TALLOC_FREE(mem_ctx);
220 1 : }
221 :
222 : /*
223 : * test decryption of fixed buffer
224 : */
225 1 : static void test_drsuapi_decrypt_attribute_value(void **state)
226 : {
227 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
228 : 0xe1, 0xf2, 0x03, 0x14,
229 : 0x21, 0x32, 0x43, 0x54,
230 : 0x61, 0x72, 0x83, 0x94 };
231 :
232 : /* Ensures we can cope with odd lengths */
233 1 : uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
234 : 0x01, 0x02, 0x03, 0x04,
235 : 0x01, 0x02, 0x03, 0x04,
236 : 0x01, 0x02, 0x03, 0x04, 0x05 };
237 :
238 1 : uint8_t encrypted_test_data[] = { 0xFF, 0x5C, 0x58, 0x3F,
239 : 0xD4, 0x41, 0xCA, 0xB0,
240 : 0x14, 0xFE, 0xFB, 0xA6,
241 : 0xB0, 0x32, 0x45, 0x45,
242 : 0x9D, 0x76, 0x75, 0xD2,
243 : 0xFB, 0x34, 0x77, 0xBD,
244 : 0x8C, 0x1E, 0x09, 0x1A,
245 : 0xF1, 0xAB, 0xD3, 0x0E,
246 : 0xBE, 0x80, 0xAB, 0x19, 0xFC };
247 :
248 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
249 :
250 1 : WERROR werr;
251 :
252 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
253 1 : const DATA_BLOB plaintext = data_blob_const(test_data,
254 : sizeof(test_data));
255 1 : const DATA_BLOB encrypted
256 1 : = data_blob_const(encrypted_test_data,
257 : sizeof(encrypted_test_data));
258 1 : DATA_BLOB decrypted = data_blob_null;
259 :
260 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
261 : &key_blob,
262 : false,
263 : 0,
264 : &encrypted,
265 : &decrypted);
266 :
267 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_OK));
268 :
269 1 : assert_int_equal(decrypted.length, plaintext.length);
270 :
271 1 : assert_memory_equal(decrypted.data, plaintext.data, plaintext.length);
272 1 : TALLOC_FREE(mem_ctx);
273 1 : }
274 :
275 : /*
276 : * test decryption of fixed buffer (rid decrypt)
277 : */
278 1 : static void test_drsuapi_rid_decrypt_attribute_value(void **state)
279 : {
280 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
281 : 0xe1, 0xf2, 0x03, 0x14,
282 : 0x21, 0x32, 0x43, 0x54,
283 : 0x61, 0x72, 0x83, 0x94 };
284 :
285 : /* Ensures we can cope with odd lengths */
286 1 : uint8_t test_data[] = { 0x01, 0x02, 0x03, 0x04,
287 : 0x01, 0x02, 0x03, 0x04,
288 : 0x01, 0x02, 0x03, 0x04,
289 : 0x01, 0x02, 0x03, 0x04 };
290 :
291 1 : uint8_t encrypted_test_data[] = {0x95, 0xB2, 0xE8, 0x02,
292 : 0x05, 0x5E, 0xFD, 0x3D,
293 : 0x7D, 0x17, 0xB9, 0x76,
294 : 0x4D, 0x91, 0xED, 0x59,
295 : 0x98, 0x79, 0x7A, 0xFC,
296 : 0x38, 0x73, 0x28, 0x55,
297 : 0x62, 0x27, 0x99, 0x3B,
298 : 0xD0, 0x18, 0xBD, 0x23,
299 : 0x5D, 0x98, 0xFE, 0xA8};
300 :
301 1 : const uint32_t rid = 514;
302 :
303 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
304 :
305 1 : WERROR werr;
306 :
307 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
308 1 : const DATA_BLOB plaintext = data_blob_const(test_data,
309 : sizeof(test_data));
310 1 : const DATA_BLOB encrypted
311 1 : = data_blob_const(encrypted_test_data,
312 : sizeof(encrypted_test_data));
313 1 : DATA_BLOB decrypted = data_blob_null;
314 :
315 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
316 : &key_blob,
317 : true,
318 : rid,
319 : &encrypted,
320 : &decrypted);
321 :
322 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_OK));
323 :
324 1 : assert_int_equal(decrypted.length, plaintext.length);
325 :
326 1 : assert_memory_equal(decrypted.data, plaintext.data, plaintext.length);
327 :
328 1 : TALLOC_FREE(mem_ctx);
329 1 : }
330 :
331 : /*
332 : * test decryption of fixed buffer (rid decrypt)
333 : */
334 1 : static void test_drsuapi_bad_len_rid_decrypt_attribute_value(void **state)
335 : {
336 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
337 : 0xe1, 0xf2, 0x03, 0x14,
338 : 0x21, 0x32, 0x43, 0x54,
339 : 0x61, 0x72, 0x83, 0x94 };
340 :
341 1 : uint8_t encrypted_test_data[] = { 0xFF, 0x5C, 0x58, 0x3F,
342 : 0xD4, 0x41, 0xCA, 0xB0,
343 : 0x14, 0xFE, 0xFB, 0xA6,
344 : 0xB0, 0x32, 0x45, 0x45,
345 : 0x9D, 0x76, 0x75, 0xD2,
346 : 0xFB, 0x34, 0x77, 0xBD,
347 : 0x8C, 0x1E, 0x09, 0x1A,
348 : 0xF1, 0xAB, 0xD3, 0x0E,
349 : 0xBE, 0x80, 0xAB, 0x19, 0xFC };
350 :
351 1 : const uint32_t rid = 514;
352 :
353 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
354 :
355 1 : WERROR werr;
356 :
357 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
358 1 : const DATA_BLOB encrypted
359 1 : = data_blob_const(encrypted_test_data,
360 : sizeof(encrypted_test_data));
361 1 : DATA_BLOB decrypted;
362 :
363 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
364 : &key_blob,
365 : true,
366 : rid,
367 : &encrypted,
368 : &decrypted);
369 :
370 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_DS_DRA_INVALID_PARAMETER));
371 :
372 1 : TALLOC_FREE(mem_ctx);
373 1 : }
374 :
375 : /*
376 : * test decryption of fixed buffer (rid decrypt)
377 : */
378 1 : static void test_drsuapi_zero_rid_decrypt_attribute_value(void **state)
379 : {
380 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
381 : 0xe1, 0xf2, 0x03, 0x14,
382 : 0x21, 0x32, 0x43, 0x54,
383 : 0x61, 0x72, 0x83, 0x94 };
384 :
385 1 : uint8_t encrypted_test_data[] = { 0x01, 0x02, 0x03, 0x04,
386 : 0x01, 0x02, 0x03, 0x04,
387 : 0x01, 0x02, 0x03, 0x04,
388 : 0x01, 0x02, 0x03, 0x04, 0x05 };
389 1 : const uint32_t rid = 0;
390 :
391 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
392 :
393 1 : WERROR werr;
394 :
395 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
396 1 : const DATA_BLOB encrypted
397 1 : = data_blob_const(encrypted_test_data,
398 : sizeof(encrypted_test_data));
399 1 : DATA_BLOB decrypted;
400 :
401 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
402 : &key_blob,
403 : true,
404 : rid,
405 : &encrypted,
406 : &decrypted);
407 :
408 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_DS_DRA_INVALID_PARAMETER));
409 :
410 1 : TALLOC_FREE(mem_ctx);
411 1 : }
412 :
413 : /*
414 : * test decryption of fixed buffer (bad crc)
415 : */
416 1 : static void test_drsuapi_bad_crc_decrypt_attribute_value(void **state)
417 : {
418 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
419 : 0xe1, 0xf2, 0x03, 0x14,
420 : 0x21, 0x32, 0x43, 0x54,
421 : 0x61, 0x72, 0x83, 0x94 };
422 :
423 1 : uint8_t encrypted_test_data[] = { 0xFF, 0x5C, 0x58, 0x3F,
424 : 0xD4, 0x41, 0xCA, 0xB0,
425 : 0x14, 0xFE, 0xFB, 0xA6,
426 : 0xB0, 0x32, 0x45, 0x45,
427 : 0x9D, 0x76, 0x75, 0xD2,
428 : 0xFB, 0x34, 0x77, 0xBD,
429 : 0x8C, 0x1E, 0x09, 0x1A,
430 : 0xF1, 0xAB, 0xD3, 0x0E,
431 : 0xBE, 0x80, 0xAB, 0x19, 0xFF };
432 :
433 1 : const uint32_t rid = 514;
434 :
435 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
436 :
437 1 : WERROR werr;
438 :
439 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
440 1 : const DATA_BLOB encrypted
441 1 : = data_blob_const(encrypted_test_data,
442 : sizeof(encrypted_test_data));
443 1 : DATA_BLOB decrypted;
444 :
445 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
446 : &key_blob,
447 : true,
448 : rid,
449 : &encrypted,
450 : &decrypted);
451 :
452 1 : assert_int_equal(W_ERROR_V(werr), HRES_ERROR_V(HRES_SEC_E_DECRYPT_FAILURE));
453 :
454 1 : TALLOC_FREE(mem_ctx);
455 1 : }
456 :
457 : /*
458 : * test decryption of short buffer
459 : */
460 1 : static void test_drsuapi_short_decrypt_attribute_value(void **state)
461 : {
462 1 : uint8_t key[] = { 0xa1, 0xb2, 0xc3, 0xd4,
463 : 0xe1, 0xf2, 0x03, 0x14,
464 : 0x21, 0x32, 0x43, 0x54,
465 : 0x61, 0x72, 0x83, 0x94 };
466 :
467 1 : uint8_t encrypted_test_data[] = { 0x01, 0x02, 0x03, 0x04,
468 : 0x01, 0x02, 0x03, 0x04,
469 : 0x01, 0x02, 0x03, 0x04,
470 : 0x01, 0x02, 0x03, 0x04, 0x05 };
471 1 : const uint32_t rid = 514;
472 :
473 1 : TALLOC_CTX *mem_ctx = talloc_new(NULL);
474 :
475 1 : WERROR werr;
476 :
477 1 : const DATA_BLOB key_blob = data_blob_const(key, sizeof(key));
478 1 : const DATA_BLOB encrypted
479 1 : = data_blob_const(encrypted_test_data,
480 : sizeof(encrypted_test_data));
481 1 : DATA_BLOB decrypted;
482 :
483 1 : werr = drsuapi_decrypt_attribute_value(mem_ctx,
484 : &key_blob,
485 : true,
486 : rid,
487 : &encrypted,
488 : &decrypted);
489 :
490 1 : assert_int_equal(W_ERROR_V(werr), W_ERROR_V(WERR_DS_DRA_INVALID_PARAMETER));
491 :
492 1 : TALLOC_FREE(mem_ctx);
493 1 : }
494 :
495 1 : int main(int argc, const char **argv)
496 : {
497 1 : const struct CMUnitTest tests[] = {
498 : cmocka_unit_test(
499 : test_drsuapi_rid_encrypt_decrypt_attribute_value),
500 : cmocka_unit_test(
501 : test_drsuapi_bad_len_rid_encrypt_decrypt_attribute_value),
502 : cmocka_unit_test(
503 : test_drsuapi_zero_rid_encrypt_decrypt_attribute_value),
504 : cmocka_unit_test(
505 : test_drsuapi_encrypt_decrypt_attribute_value),
506 : cmocka_unit_test(
507 : test_drsuapi_decrypt_attribute_value),
508 : cmocka_unit_test(
509 : test_drsuapi_bad_crc_decrypt_attribute_value),
510 : cmocka_unit_test(
511 : test_drsuapi_rid_decrypt_attribute_value),
512 : cmocka_unit_test(
513 : test_drsuapi_zero_rid_decrypt_attribute_value),
514 : cmocka_unit_test(
515 : test_drsuapi_bad_len_rid_decrypt_attribute_value),
516 : cmocka_unit_test(
517 : test_drsuapi_short_decrypt_attribute_value),
518 : };
519 :
520 1 : cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
521 1 : return cmocka_run_group_tests(tests, NULL, NULL);
522 : }
|
