Commit 5f854a31 authored by sigiesec's avatar sigiesec Committed by Luca Boccassi

Problem: test_security_curve not using test framework

Solution: use unity in test_security_curve
parent 21879abb
......@@ -40,11 +40,45 @@
#include <arpa/inet.h>
#include <unistd.h>
#endif
#include <unity.h>
#include "../src/tweetnacl.h"
#include "../src/curve_client_tools.hpp"
#include "../src/random.hpp"
char error_message_buffer[256];
const char *zmq_errno_message ()
{
snprintf (error_message_buffer, sizeof (error_message_buffer),
"errno=%i (%s)", zmq_errno (), zmq_strerror (zmq_errno ()));
return error_message_buffer;
}
#define TEST_ASSERT_ZMQ_ERRNO(condition) \
TEST_ASSERT_MESSAGE ((condition), zmq_errno_message ())
void *ctx;
void *handler;
void *zap_thread;
void *server;
void *server_mon;
char my_endpoint[MAX_SOCKET_STRING];
void setUp ()
{
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
}
void tearDown ()
{
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
}
const int timeout = 250;
const char large_routing_id[] = "0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789"
......@@ -106,8 +140,7 @@ void test_null_key (void *ctx,
#endif
}
void test_curve_security_with_valid_credentials (
void *ctx, char *my_endpoint, void *server, void *server_mon, int timeout)
void test_curve_security_with_valid_credentials ()
{
curve_client_data_t curve_client_data = {
valid_server_public, valid_client_public, valid_client_secret};
......@@ -117,7 +150,7 @@ void test_curve_security_with_valid_credentials (
&curve_client_data, &client_mon);
bounce (server, client);
int rc = zmq_close (client);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
#ifdef ZMQ_BUILD_DRAFT_API
int event = get_monitor_event_with_timeout (server_mon, NULL, NULL, -1);
......@@ -131,15 +164,12 @@ void test_curve_security_with_valid_credentials (
assert_no_more_monitor_events_with_timeout (client_mon, timeout);
rc = zmq_close (client_mon);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
#endif
}
void test_curve_security_with_bogus_client_credentials (
void *ctx, char *my_endpoint, void *server, void *server_mon, int timeout)
void test_curve_security_with_bogus_client_credentials ()
{
LIBZMQ_UNUSED (timeout);
// This must be caught by the ZAP handler
char bogus_public[41];
char bogus_secret[41];
......@@ -159,12 +189,12 @@ void test_curve_security_with_bogus_client_credentials (
#ifdef ZMQ_BUILD_DRAFT_API
server_event_count = expect_monitor_event_multiple (
server_mon, ZMQ_EVENT_HANDSHAKE_FAILED_AUTH, 400);
assert (server_event_count <= 1);
TEST_ASSERT_LESS_OR_EQUAL_INT (1, server_event_count);
#endif
// there may be more than one ZAP request due to repeated attempts by the client
assert (0 == server_event_count
|| 1 <= zmq_atomic_counter_value (zap_requests_handled));
TEST_ASSERT (0 == server_event_count
|| 1 <= zmq_atomic_counter_value (zap_requests_handled));
}
void expect_zmtp_mechanism_mismatch (void *client,
......@@ -174,7 +204,7 @@ void expect_zmtp_mechanism_mismatch (void *client,
{
// This must be caught by the curve_server class, not passed to ZAP
int rc = zmq_connect (client, my_endpoint);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
expect_bounce_fail (server, client);
close_zero_linger (client);
......@@ -184,31 +214,25 @@ void expect_zmtp_mechanism_mismatch (void *client,
ZMQ_PROTOCOL_ERROR_ZMTP_MECHANISM_MISMATCH);
#endif
assert (0 == zmq_atomic_counter_value (zap_requests_handled));
TEST_ASSERT_EQUAL_INT (0, zmq_atomic_counter_value (zap_requests_handled));
}
void test_curve_security_with_null_client_credentials (void *ctx,
char *my_endpoint,
void *server,
void *server_mon)
void test_curve_security_with_null_client_credentials ()
{
void *client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
TEST_ASSERT_NOT_NULL (client);
expect_zmtp_mechanism_mismatch (client, my_endpoint, server, server_mon);
}
void test_curve_security_with_plain_client_credentials (void *ctx,
char *my_endpoint,
void *server,
void *server_mon)
void test_curve_security_with_plain_client_credentials ()
{
void *client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
TEST_ASSERT_NOT_NULL (client);
int rc = zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, "admin", 5);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
rc = zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, "password", 8);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
expect_zmtp_mechanism_mismatch (client, my_endpoint, server, server_mon);
}
......@@ -220,7 +244,7 @@ int connect_vanilla_socket (char *my_endpoint)
unsigned short int port;
int rc = sscanf (my_endpoint, "tcp://127.0.0.1:%hu", &port);
assert (rc == 1);
TEST_ASSERT_EQUAL_INT (1, rc);
ip4addr.sin_family = AF_INET;
ip4addr.sin_port = htons (port);
......@@ -232,13 +256,11 @@ int connect_vanilla_socket (char *my_endpoint)
s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
rc = connect (s, (struct sockaddr *) &ip4addr, sizeof (ip4addr));
assert (rc > -1);
TEST_ASSERT_GREATER_THAN_INT (-1, rc);
return s;
}
void test_curve_security_unauthenticated_message (char *my_endpoint,
void *server,
int timeout)
void test_curve_security_unauthenticated_message ()
{
// Unauthenticated messages from a vanilla socket shouldn't be received
int s = connect_vanilla_socket (my_endpoint);
......@@ -249,10 +271,7 @@ void test_curve_security_unauthenticated_message (char *my_endpoint,
zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
char *buf = s_recv (server);
if (buf != NULL) {
printf ("Received unauthenticated message: %s\n", buf);
assert (buf == NULL);
}
TEST_ASSERT_NULL_MESSAGE (buf, "Received unauthenticated message");
close (s);
}
......@@ -260,7 +279,7 @@ void send_all (int fd, const char *data, size_t size)
{
while (size > 0) {
int res = send (fd, data, size, 0);
assert (res > 0);
TEST_ASSERT_GREATER_THAN_INT (0, res);
size -= res;
data += res;
}
......@@ -280,14 +299,8 @@ void send_greeting (int s)
send (s, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
}
void test_curve_security_invalid_hello_wrong_length (char *my_endpoint,
void *server,
void *server_mon,
int timeout)
void test_curve_security_invalid_hello_wrong_length ()
{
LIBZMQ_UNUSED (server);
LIBZMQ_UNUSED (timeout);
int s = connect_vanilla_socket (my_endpoint);
// send GREETING
......@@ -357,14 +370,8 @@ template <size_t N> void send_command (int s, char (&command)[N])
send_all (s, command, N);
}
void test_curve_security_invalid_hello_command_name (char *my_endpoint,
void *server,
void *server_mon,
int timeout)
void test_curve_security_invalid_hello_command_name ()
{
LIBZMQ_UNUSED (server);
LIBZMQ_UNUSED (timeout);
int s = connect_vanilla_socket (my_endpoint);
send_greeting (s);
......@@ -374,7 +381,7 @@ void test_curve_security_invalid_hello_command_name (char *my_endpoint,
// send CURVE HELLO with a misspelled command name (but otherwise correct)
char hello[hello_length];
int rc = tools.produce_hello (hello, 0);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
hello[5] = 'X';
send_command (s, hello);
......@@ -388,14 +395,8 @@ void test_curve_security_invalid_hello_command_name (char *my_endpoint,
close (s);
}
void test_curve_security_invalid_hello_version (char *my_endpoint,
void *server,
void *server_mon,
int timeout)
void test_curve_security_invalid_hello_version ()
{
LIBZMQ_UNUSED (server);
LIBZMQ_UNUSED (timeout);
int s = connect_vanilla_socket (my_endpoint);
send_greeting (s);
......@@ -405,7 +406,7 @@ void test_curve_security_invalid_hello_version (char *my_endpoint,
// send CURVE HELLO with a wrong version number (but otherwise correct)
char hello[hello_length];
int rc = tools.produce_hello (hello, 0);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
hello[6] = 2;
send_command (s, hello);
......@@ -426,7 +427,7 @@ void flush_read (int fd)
while ((res = recv (fd, buf, 256, 0)) == 256) {
}
assert (res != -1);
TEST_ASSERT_NOT_EQUAL (-1, res);
}
void recv_all (int fd, uint8_t *data, size_t len)
......@@ -434,7 +435,7 @@ void recv_all (int fd, uint8_t *data, size_t len)
size_t received = 0;
while (received < len) {
int res = recv (fd, (char *) data, len, 0);
assert (res > 0);
TEST_ASSERT_GREATER_THAN_INT (0, res);
data += res;
received += res;
......@@ -459,19 +460,14 @@ int connect_exchange_greeting_and_send_hello (char *my_endpoint,
// send valid CURVE HELLO
char hello[hello_length];
int rc = tools.produce_hello (hello, 0);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
send_command (s, hello);
return s;
}
void test_curve_security_invalid_initiate_length (char *my_endpoint,
void *server,
void *server_mon,
int timeout)
void test_curve_security_invalid_initiate_wrong_length ()
{
LIBZMQ_UNUSED (server);
zmq::curve_client_tools_t tools = make_curve_client_tools ();
int s = connect_exchange_greeting_and_send_hello (my_endpoint, tools);
......@@ -481,7 +477,7 @@ void test_curve_security_invalid_initiate_length (char *my_endpoint,
#ifdef ZMQ_BUILD_DRAFT_API
int res = get_monitor_event_with_timeout (server_mon, NULL, NULL, timeout);
assert (res == -1);
TEST_ASSERT_EQUAL_INT (-1, res);
#else
LIBZMQ_UNUSED (timeout);
#endif
......@@ -511,23 +507,18 @@ int connect_exchange_greeting_and_hello_welcome (
uint8_t cn_precom[crypto_box_BEFORENMBYTES];
int res = tools.process_welcome (welcome + 2, welcome_length, cn_precom);
assert (res == 0);
TEST_ASSERT_ZMQ_ERRNO (res == 0);
#ifdef ZMQ_BUILD_DRAFT_API
res = get_monitor_event_with_timeout (server_mon, NULL, NULL, timeout);
assert (res == -1);
TEST_ASSERT_EQUAL_INT (-1, res);
#endif
return s;
}
void test_curve_security_invalid_initiate_command_name (char *my_endpoint,
void *server,
void *server_mon,
int timeout)
void test_curve_security_invalid_initiate_command_name ()
{
LIBZMQ_UNUSED (server);
zmq::curve_client_tools_t tools = make_curve_client_tools ();
int s = connect_exchange_greeting_and_hello_welcome (
my_endpoint, server_mon, timeout, tools);
......@@ -548,11 +539,8 @@ void test_curve_security_invalid_initiate_command_name (char *my_endpoint,
close (s);
}
void test_curve_security_invalid_initiate_command_encrypted_cookie (
char *my_endpoint, void *server, void *server_mon, int timeout)
void test_curve_security_invalid_initiate_command_encrypted_cookie ()
{
LIBZMQ_UNUSED (server);
zmq::curve_client_tools_t tools = make_curve_client_tools ();
int s = connect_exchange_greeting_and_hello_welcome (
my_endpoint, server_mon, timeout, tools);
......@@ -573,11 +561,8 @@ void test_curve_security_invalid_initiate_command_encrypted_cookie (
close (s);
}
void test_curve_security_invalid_initiate_command_encrypted_content (
char *my_endpoint, void *server, void *server_mon, int timeout)
void test_curve_security_invalid_initiate_command_encrypted_content ()
{
LIBZMQ_UNUSED (server);
zmq::curve_client_tools_t tools = make_curve_client_tools ();
int s = connect_exchange_greeting_and_hello_welcome (
my_endpoint, server_mon, timeout, tools);
......@@ -602,7 +587,7 @@ void test_curve_security_invalid_keysize (void *ctx)
{
// Check return codes for invalid buffer sizes
void *client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
TEST_ASSERT_NOT_NULL (client);
errno = 0;
int rc =
zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, valid_server_public, 123);
......@@ -614,160 +599,71 @@ void test_curve_security_invalid_keysize (void *ctx)
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, valid_client_secret, 123);
assert (rc == -1 && errno == EINVAL);
rc = zmq_close (client);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
}
int main (void)
{
if (!zmq_has ("curve")) {
printf ("CURVE encryption not installed, skipping test\n");
return 0;
}
zmq::random_open ();
setup_testutil_security_curve ();
int timeout = 250;
setup_test_environment ();
void *ctx;
void *handler;
void *zap_thread;
void *server;
void *server_mon;
char my_endpoint[MAX_SOCKET_STRING];
fprintf (stderr, "test_curve_security_with_valid_credentials\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_with_valid_credentials (ctx, my_endpoint, server,
server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
char null_key[] = "0000000000000000000000000000000000000000";
// TODO why isn't this const?
char null_key[] = "0000000000000000000000000000000000000000";
void test_null_server_key ()
{
// Check CURVE security with a null server key
// This will be caught by the curve_server class, not passed to ZAP
fprintf (stderr, "test_null_key (server)\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_null_key (ctx, server, server_mon, my_endpoint, null_key,
valid_client_public, valid_client_secret);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
}
void test_null_client_public_key ()
{
// Check CURVE security with a null client public key
// This will be caught by the curve_server class, not passed to ZAP
fprintf (stderr, "test_null_key (client public)\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_null_key (ctx, server, server_mon, my_endpoint, valid_server_public,
null_key, valid_client_secret);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
}
// Check CURVE security with a null client secret key
void test_null_client_secret_key ()
{
// Check CURVE security with a null client public key
// This will be caught by the curve_server class, not passed to ZAP
fprintf (stderr, "test_null_key (client secret)\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_null_key (ctx, server, server_mon, my_endpoint, valid_server_public,
valid_client_public, null_key);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
fprintf (stderr, "test_curve_security_with_bogus_client_credentials\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_with_bogus_client_credentials (ctx, my_endpoint, server,
server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
fprintf (stderr, "test_curve_security_with_null_client_credentials\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_with_null_client_credentials (ctx, my_endpoint, server,
server_mon);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
}
fprintf (stderr, "test_curve_security_with_plain_client_credentials\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_with_plain_client_credentials (ctx, my_endpoint, server,
server_mon);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
fprintf (stderr, "test_curve_security_unauthenticated_message\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_unauthenticated_message (my_endpoint, server, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
// tests with misbehaving CURVE client
fprintf (stderr, "test_curve_security_invalid_hello_wrong_length\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_hello_wrong_length (my_endpoint, server,
server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
fprintf (stderr, "test_curve_security_invalid_hello_command_name\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_hello_command_name (my_endpoint, server,
server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
int main (void)
{
if (!zmq_has ("curve")) {
printf ("CURVE encryption not installed, skipping test\n");
return 0;
}
fprintf (stderr, "test_curve_security_invalid_hello_command_version\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_hello_version (my_endpoint, server, server_mon,
timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
zmq::random_open ();
fprintf (stderr, "test_curve_security_invalid_initiate_command_length\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_initiate_length (my_endpoint, server,
server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
setup_testutil_security_curve ();
fprintf (stderr, "test_curve_security_invalid_initiate_command_name\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_initiate_command_name (my_endpoint, server,
server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
fprintf (stderr,
"test_curve_security_invalid_initiate_command_encrypted_cookie\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_initiate_command_encrypted_cookie (
my_endpoint, server, server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
setup_test_environment ();
fprintf (
stderr,
"test_curve_security_invalid_initiate_command_encrypted_content\n");
setup_context_and_server_side (&ctx, &handler, &zap_thread, &server,
&server_mon, my_endpoint);
test_curve_security_invalid_initiate_command_encrypted_content (
my_endpoint, server, server_mon, timeout);
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
UNITY_BEGIN ();
RUN_TEST (test_curve_security_with_valid_credentials);
RUN_TEST (test_null_server_key);
RUN_TEST (test_null_client_public_key);
RUN_TEST (test_null_client_secret_key);
RUN_TEST (test_curve_security_with_bogus_client_credentials);
RUN_TEST (test_curve_security_with_null_client_credentials);
RUN_TEST (test_curve_security_with_plain_client_credentials);
RUN_TEST (test_curve_security_unauthenticated_message);
// tests with misbehaving CURVE client
RUN_TEST (test_curve_security_invalid_hello_wrong_length);
RUN_TEST (test_curve_security_invalid_hello_command_name);
RUN_TEST (test_curve_security_invalid_hello_version);
RUN_TEST (test_curve_security_invalid_initiate_wrong_length);
RUN_TEST (test_curve_security_invalid_initiate_command_name);
RUN_TEST (test_curve_security_invalid_initiate_command_encrypted_cookie);
RUN_TEST (test_curve_security_invalid_initiate_command_encrypted_content);
// TODO this requires a deviating test setup, must be moved to a separate executable/fixture
// test with a large routing id (resulting in large metadata)
fprintf (stderr,
"test_curve_security_with_valid_credentials (large routing id)\n");
......@@ -775,17 +671,16 @@ int main (void)
&ctx, &handler, &zap_thread, &server, &server_mon, my_endpoint,
&zap_handler_large_routing_id, &socket_config_curve_server,
&valid_server_secret, large_routing_id);
test_curve_security_with_valid_credentials (ctx, my_endpoint, server,
server_mon, timeout);
test_curve_security_with_valid_credentials ();
shutdown_context_and_server_side (ctx, zap_thread, server, server_mon,
handler);
ctx = zmq_ctx_new ();
test_curve_security_invalid_keysize (ctx);
int rc = zmq_ctx_term (ctx);
assert (rc == 0);
TEST_ASSERT_ZMQ_ERRNO (rc == 0);
zmq::random_close ();
return 0;
return UNITY_END ();
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment