[Asterisk-code-review] test: Add coverage for res_crypto (asterisk[20])
Friendly Automation
asteriskteam at digium.com
Mon Sep 12 16:18:33 CDT 2022
Friendly Automation has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/19148 )
Change subject: test: Add coverage for res_crypto
......................................................................
test: Add coverage for res_crypto
We're validating the following functionality:
encrypting a block of data with RSA
decrypting a block of data with RSA
signing a block of data with RSA
verifying a signature with RSA
encrypting a block of data with AES-ECB
encrypting a block of data with AES-ECB
as well as accessing test keys from the keystore.
ASTERISK-30045 #close
Change-Id: I0d10e7b41009c5290a4356c6480e636712d5c96d
---
M include/asterisk/crypto.h
M res/res_crypto.c
M tests/Makefile
A tests/keys/rsa_key1.key
A tests/keys/rsa_key1.pub
A tests/test_crypto.c
6 files changed, 690 insertions(+), 2 deletions(-)
Approvals:
George Joseph: Looks good to me, approved
Friendly Automation: Approved for Submit
diff --git a/include/asterisk/crypto.h b/include/asterisk/crypto.h
index 7b889e1..da6add9 100644
--- a/include/asterisk/crypto.h
+++ b/include/asterisk/crypto.h
@@ -39,6 +39,12 @@
typedef char ast_aes_decrypt_key;
#endif /* HAVE_CRYPTO */
+/* We previously used the key length explicitly; replace with constant.
+ * For now, Asterisk is limited to 1024 bit (128 byte) RSA keys.
+ */
+#define AST_CRYPTO_RSA_KEY_BITS 1024
+#define AST_CRYPTO_AES_BLOCKSIZE 128
+
#define AST_KEY_PUBLIC (1 << 0)
#define AST_KEY_PRIVATE (1 << 1)
diff --git a/res/res_crypto.c b/res/res_crypto.c
index 19b011d..2a6a0e9 100644
--- a/res/res_crypto.c
+++ b/res/res_crypto.c
@@ -320,7 +320,7 @@
SHA1((unsigned char *)msg, msglen, digest);
/* Verify signature */
- if (!(res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa))) {
+ if ((res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa)) != 1) {
ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
return -1;
}
@@ -433,7 +433,7 @@
SHA1((unsigned char *)msg, msglen, digest);
/* Verify signature */
- if (!(res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa))) {
+ if ((res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa)) != 1) {
ast_debug(1, "Key failed verification: %s\n", key->name);
return -1;
}
diff --git a/tests/Makefile b/tests/Makefile
index a3fc9dc..13f8855 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -22,5 +22,6 @@
test_astobj2.o: _ASTCFLAGS+=$(call get_menuselect_cflags,AO2_DEBUG)
# can't use '%y' in strftime() without warnings since it's not y2k compliant
test_capture.o: _ASTCFLAGS+=$(AST_NO_FORMAT_Y2K)
+test_crypto.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
test_strings.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION) $(AST_NO_STRINGOP_TRUNCATION)
test_voicemail_api.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
diff --git a/tests/keys/rsa_key1.key b/tests/keys/rsa_key1.key
new file mode 100644
index 0000000..117a4e9
--- /dev/null
+++ b/tests/keys/rsa_key1.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC206PN7hvmoc0p1urAeKozmUha/h3KIAIO4DG5Muz6x3Zribdx
+cKfgmw28FwamAGT1n0y1+qGkL1vyHY4YMDjHVVSLB8h5Je89UxgXxl/PUpSx4kFN
+gZofk28Mx1lG2aLEBHXFNhrjZbdfZzeljZHYfrsLf9nxQvYeA0W2YJ3g1wIDAQAB
+AoGBAJ2V9OYmrAPySS4cIoI+P650G+raiIDVcBC0bAeO/rb2QHtW3Di6euldnMwY
+KNHjGyKf6XYeDz++1ojtsrHktrqcaXfh9J1qpxXXGxMZww00so+VOrhCbs0uf6Yh
+FdZ1Dc3UsBLhrA/fBaaw3xRwFvsgnxmJPX6R/gmC+A6uc/QxAkEA5z9TBbdW6bsA
+SPCmUOmSalX9WyGrbaZwkvCBtuKCfHzKUcxdbXw8e68GralzGITwU3XcYn/mVqk0
+ztfBWNt+fwJBAMplfFU7uPDZwfjC3eXXljxaSzoA7EzLcByslYLuAJMYKITQOiv0
+KBb+zJxvTntArF5TOkCeVYUMZKcL8HEXIakCQFaOwnHKTZMRdyrWQTraIv8AjuQU
+t0lE2rB1q+gb4wHb6BM0Luhzb2RQgGxyl+1enWJwJH0OKNbZYTXnVqz/A9sCQFME
+4cUMZEXW7GufcumOTr+ewfCe5E5zvB7m48T63x128VfZGaNh2PfluAQK3AROeOWP
++fr7d1TFypuCmDOrK1ECQH1CeBWxVRx695uYmsAYwX8FNIn0agFasdk7wGUyP7ow
+idIaA92AHJ1gQXbEyh4iDrZZdh5fopg8sxRXdFfouFo=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/keys/rsa_key1.pub b/tests/keys/rsa_key1.pub
new file mode 100644
index 0000000..d25a2e4
--- /dev/null
+++ b/tests/keys/rsa_key1.pub
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC206PN7hvmoc0p1urAeKozmUha
+/h3KIAIO4DG5Muz6x3ZribdxcKfgmw28FwamAGT1n0y1+qGkL1vyHY4YMDjHVVSL
+B8h5Je89UxgXxl/PUpSx4kFNgZofk28Mx1lG2aLEBHXFNhrjZbdfZzeljZHYfrsL
+f9nxQvYeA0W2YJ3g1wIDAQAB
+-----END PUBLIC KEY-----
diff --git a/tests/test_crypto.c b/tests/test_crypto.c
new file mode 100644
index 0000000..55497d6
--- /dev/null
+++ b/tests/test_crypto.c
@@ -0,0 +1,638 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2022, Philip Prindeville
+ *
+ * Philip Prindeville <philipp at redfish-solutions.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*!
+ * \file
+ * \brief Unit Tests for crypto API
+ *
+ * \author Philip Prindeville <philipp at redfish-solutions.com>
+ */
+
+/*** MODULEINFO
+ <depend>TEST_FRAMEWORK</depend>
+ <depend>res_crypto</depend>
+ <depend>crypto</depend>
+ <support_level>core</support_level>
+ ***/
+
+#include "asterisk.h"
+
+#include "asterisk/utils.h"
+#include "asterisk/test.h"
+#include "asterisk/crypto.h"
+#include "asterisk/paths.h"
+#include "asterisk/module.h"
+#include "asterisk/file.h"
+
+#include <assert.h>
+#include <linux/limits.h>
+#include <openssl/evp.h>
+
+static const char *keypair1 = "rsa_key1";
+
+static const char *old_key_dir = NULL;
+
+static char *hexstring(const unsigned char *data, unsigned datalen)
+{
+ char *buf = alloca(datalen * 2 + 1);
+ unsigned n;
+
+ for (n = 0; n < datalen; ++n) {
+ snprintf(&buf[n * 2], 3, "%02x", data[n]);
+ }
+ buf[datalen * 2] = '\0';
+
+ return buf;
+}
+
+static void push_key_dir(const char *dir)
+{
+ assert(old_key_dir == NULL);
+
+ old_key_dir = ast_config_AST_KEY_DIR;
+
+ ast_config_AST_KEY_DIR = ast_strdup(dir);
+}
+
+static void pop_key_dir(void)
+{
+ assert(old_key_dir != NULL);
+
+ ast_free((char *)ast_config_AST_KEY_DIR);
+
+ ast_config_AST_KEY_DIR = old_key_dir;
+
+ old_key_dir = NULL;
+}
+
+AST_TEST_DEFINE(crypto_rsa_encrypt)
+{
+ int res = AST_TEST_FAIL;
+ struct ast_key *key = NULL;
+ const unsigned char plaintext[23] = "Mary had a little lamb.";
+ char wd[PATH_MAX], key_dir[PATH_MAX], priv[PATH_MAX];
+ unsigned char buf[AST_CRYPTO_RSA_KEY_BITS / 8];
+ const char *command = "openssl";
+ char *args[] = { "openssl", "pkeyutl", "-decrypt", "-inkey", "PRIVATE", "-pkeyopt", "rsa_padding_mode:oaep", NULL };
+ enum { PRIVATE = 4 };
+ struct ast_test_capture cap;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "crypto_rsa_encrypt";
+ info->category = "/res/res_crypto/";
+ info->summary = "Encrypt w/ RSA public key";
+ info->description = "Encrypt string with RSA public key";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_status_update(test, "Executing RSA encryption test\n");
+
+ if (!ast_check_command_in_path(command)) {
+ ast_test_status_update(test, "couldn't find %s\n", command);
+ return res;
+ }
+
+ getcwd(wd, sizeof(wd));
+ snprintf(key_dir, sizeof(key_dir), "%s/%s", wd, "tests/keys");
+ push_key_dir((const char *)key_dir);
+ snprintf(priv, sizeof(priv), "%s/%s.key", key_dir, keypair1);
+
+ if (ast_crypto_reload() != 1) {
+ ast_test_status_update(test, "Couldn't force crypto reload\n");
+ goto cleanup;
+ }
+
+ key = ast_key_get(keypair1, AST_KEY_PUBLIC);
+
+ if (!key) {
+ ast_test_status_update(test, "Couldn't read key: %s\n", keypair1);
+ goto cleanup;
+ }
+
+ memset(buf, 0, sizeof(buf));
+ ast_encrypt_bin(buf, plaintext, sizeof(plaintext), key);
+
+ args[PRIVATE] = priv;
+ if (ast_test_capture_command(&cap, command, args, (const char *)buf, sizeof(buf)) != 1) {
+ ast_test_status_update(test, "ast_test_capture_command() failed\n");
+ goto cleanup;
+ }
+
+ if (cap.outlen != sizeof(plaintext) || memcmp(cap.outbuf, plaintext, cap.outlen)) {
+ ast_test_status_update(test, "Unexpected value/length for stdout: '%.*s' (%zu)\n", (int) cap.outlen, cap.outbuf, cap.outlen);
+ goto cleanup;
+ }
+
+ if (cap.errlen != 0) {
+ ast_test_status_update(test, "Unexpected length for stderr: '%.*s' (%zu)\n", (int) cap.errlen, cap.errbuf, cap.errlen);
+ goto cleanup;
+ }
+
+ if (cap.pid == -1) {
+ ast_test_status_update(test, "Invalid process id\n");
+ goto cleanup;
+ }
+
+ if (cap.exitcode != 0) {
+ ast_test_status_update(test, "Child exited %d\n", cap.exitcode);
+ goto cleanup;
+ }
+
+ res = AST_TEST_PASS;
+
+cleanup:
+ ast_test_capture_free(&cap);
+ pop_key_dir();
+ return res;
+}
+
+AST_TEST_DEFINE(crypto_rsa_decrypt)
+{
+ int res = AST_TEST_FAIL;
+ struct ast_key *key = NULL;
+ const unsigned char plaintext[23] = "Mary had a little lamb.";
+ char wd[PATH_MAX], key_dir[PATH_MAX], pub[PATH_MAX];
+ unsigned char buf[AST_CRYPTO_RSA_KEY_BITS / 8];
+ const char *command = "openssl";
+ char *args[] = { "openssl", "pkeyutl", "-encrypt", "-pubin", "-inkey", "PUBLIC", "-pkeyopt", "rsa_padding_mode:oaep", NULL };
+ enum { PUBLIC = 5 };
+ struct ast_test_capture cap;
+ int len;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "crypto_decrypt_pub_key";
+ info->category = "/res/res_crypto/";
+ info->summary = "Decrypt w/ RSA public key";
+ info->description = "Decrypt string with RSA private key";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_status_update(test, "Executing RSA decryption test\n");
+
+ if (!ast_check_command_in_path(command)) {
+ ast_test_status_update(test, "couldn't find %s\n", command);
+ return res;
+ }
+
+ getcwd(wd, sizeof(wd));
+ snprintf(key_dir, sizeof(key_dir), "%s/%s", wd, "tests/keys");
+ push_key_dir((const char *)key_dir);
+ snprintf(pub, sizeof(pub), "%s/%s.pub", key_dir, keypair1);
+
+ if (ast_crypto_reload() != 1) {
+ ast_test_status_update(test, "Couldn't force crypto reload\n");
+ goto cleanup;
+ }
+
+ key = ast_key_get(keypair1, AST_KEY_PRIVATE);
+
+ if (!key) {
+ ast_test_status_update(test, "Couldn't read key: %s\n", keypair1);
+ goto cleanup;
+ }
+
+ args[PUBLIC] = pub;
+ if (ast_test_capture_command(&cap, command, args, (const char *)plaintext, sizeof(plaintext)) != 1) {
+ ast_test_status_update(test, "ast_test_capture_command() failed\n");
+ goto cleanup;
+ }
+
+ if (cap.outlen != sizeof(buf)) {
+ ast_test_status_update(test, "Unexpected length for stdout: %zu\n", cap.outlen);
+ goto cleanup;
+ }
+
+ if (cap.errlen != 0) {
+ ast_test_status_update(test, "Unexpected value/length for stderr: '%.*s' (%zu)\n", (int) cap.errlen, cap.errbuf, cap.errlen);
+ goto cleanup;
+ }
+
+ if (cap.pid == -1) {
+ ast_test_status_update(test, "Invalid process id\n");
+ goto cleanup;
+ }
+
+ if (cap.exitcode != 0) {
+ ast_test_status_update(test, "Child exited %d\n", cap.exitcode);
+ goto cleanup;
+ }
+
+ memset(buf, 0, sizeof(buf));
+ len = ast_decrypt_bin(buf, (unsigned char *)cap.outbuf, cap.outlen, key);
+
+ if (len != sizeof(plaintext) || memcmp(buf, plaintext, len)) {
+ ast_test_status_update(test, "Unexpected value for decrypted text\n");
+ goto cleanup;
+ }
+
+ res = AST_TEST_PASS;
+
+cleanup:
+ ast_test_capture_free(&cap);
+ pop_key_dir();
+ return res;
+}
+
+AST_TEST_DEFINE(crypto_sign)
+{
+ int res = AST_TEST_FAIL;
+ struct ast_key *key = NULL;
+ const char plaintext[23] = "Mary had a little lamb.";
+ char wd[PATH_MAX], key_dir[PATH_MAX], pub[PATH_MAX];
+ unsigned char buf[AST_CRYPTO_RSA_KEY_BITS / 8];
+ const char *command = "openssl";
+ char *args[] = { "openssl", "pkeyutl", "-verify", "-inkey", "PUBLIC", "-pubin", "-sigfile", "SIGNATURE", "-pkeyopt", "digest:sha1", NULL };
+ enum { PUBLIC = 4, SIGNATURE = 7 };
+ struct ast_test_capture cap;
+ unsigned char digest[20];
+ unsigned digestlen;
+ EVP_MD_CTX *ctx;
+ FILE *fsig = NULL;
+ char signpath[64] = "/tmp/signingXXXXXX";
+ const char success[] = "Signature Verified Successfully\n";
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "crypto_sign";
+ info->category = "/res/res_crypto/";
+ info->summary = "Sign w/ RSA private key";
+ info->description = "Sign string with RSA private key";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_status_update(test, "Executing RSA signing test\n");
+
+ if (!ast_check_command_in_path(command)) {
+ ast_test_status_update(test, "couldn't find %s\n", command);
+ return res;
+ }
+
+ getcwd(wd, sizeof(wd));
+ snprintf(key_dir, sizeof(key_dir), "%s/%s", wd, "tests/keys");
+ push_key_dir((const char *)key_dir);
+ snprintf(pub, sizeof(pub), "%s/%s.pub", key_dir, keypair1);
+
+ ctx = EVP_MD_CTX_create();
+ EVP_DigestInit(ctx, EVP_sha1());
+ EVP_DigestUpdate(ctx, plaintext, sizeof(plaintext));
+ EVP_DigestFinal(ctx, digest, &digestlen);
+ EVP_MD_CTX_destroy(ctx);
+ ctx = NULL;
+
+ if (ast_crypto_reload() != 1) {
+ ast_test_status_update(test, "Couldn't force crypto reload\n");
+ goto cleanup;
+ }
+
+ key = ast_key_get(keypair1, AST_KEY_PRIVATE);
+
+ if (!key) {
+ ast_test_status_update(test, "Couldn't read key: %s\n", keypair1);
+ goto cleanup;
+ }
+
+ memset(buf, 0, sizeof(buf));
+ if (ast_sign_bin(key, plaintext, sizeof(plaintext), buf) != 0) {
+ ast_test_status_update(test, "ast_sign_bin() failed\n");
+ goto cleanup;
+ }
+
+ fsig = ast_file_mkftemp(signpath, 0600);
+ if (fsig == NULL) {
+ ast_test_status_update(test, "Couldn't open temp signing file\n");
+ goto cleanup;
+ }
+ fwrite(buf, sizeof(char), sizeof(buf), fsig);
+ fclose(fsig);
+ fsig = NULL;
+
+ args[PUBLIC] = pub;
+ args[SIGNATURE] = signpath;
+ if (ast_test_capture_command(&cap, command, args, (const char *)digest, digestlen) != 1) {
+ ast_test_status_update(test, "ast_test_capture_command() failed\n");
+ goto cleanup;
+ }
+
+ if (cap.outlen != sizeof(success) - 1 || memcmp(cap.outbuf, success, cap.outlen)) {
+ ast_test_status_update(test, "Unexpected value/length for stdout: '%.*s' (%zu)\n", (int) cap.outlen, cap.outbuf, cap.outlen);
+ goto cleanup;
+ }
+
+ if (cap.errlen != 0) {
+ ast_test_status_update(test, "Unexpected value for stderr: '%.*s' (%zu)\n", (int) cap.errlen, cap.errbuf, cap.errlen);
+ goto cleanup;
+ }
+
+ if (cap.pid == -1) {
+ ast_test_status_update(test, "Invalid process id\n");
+ goto cleanup;
+ }
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (cap.exitcode != 0) {
+#else
+ if (cap.exitcode != 0 && cap.exitcode != 1) {
+#endif
+ ast_test_status_update(test, "Child exited %d\n", cap.exitcode);
+ goto cleanup;
+ }
+
+ res = AST_TEST_PASS;
+
+cleanup:
+ ast_test_capture_free(&cap);
+ unlink(signpath);
+ pop_key_dir();
+ return res;
+}
+
+AST_TEST_DEFINE(crypto_verify)
+{
+ int res = AST_TEST_FAIL;
+ struct ast_key *key = NULL;
+ const char plaintext[23] = "Mary had a little lamb.";
+ char wd[PATH_MAX], key_dir[PATH_MAX], priv[PATH_MAX];
+ const char *command = "openssl";
+ char *args[] = { "openssl", "pkeyutl", "-sign", "-inkey", "PRIVATE", "-pkeyopt", "digest:sha1", NULL };
+ enum { PRIVATE = 4 };
+ struct ast_test_capture cap;
+ unsigned char digest[20];
+ unsigned digestlen;
+ EVP_MD_CTX *ctx;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "crypto_verify";
+ info->category = "/res/res_crypto/";
+ info->summary = "Verify w/ RSA public key";
+ info->description = "Verify signature with RSA public key";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_status_update(test, "Executing RSA signature verification test\n");
+
+ if (!ast_check_command_in_path(command)) {
+ ast_test_status_update(test, "couldn't find %s\n", command);
+ return res;
+ }
+
+ getcwd(wd, sizeof(wd));
+ snprintf(key_dir, sizeof(key_dir), "%s/%s", wd, "tests/keys");
+ push_key_dir((const char *)key_dir);
+ snprintf(priv, sizeof(priv), "%s/%s.key", key_dir, keypair1);
+
+ if (ast_crypto_reload() != 1) {
+ ast_test_status_update(test, "Couldn't force crypto reload\n");
+ goto cleanup;
+ }
+
+ key = ast_key_get(keypair1, AST_KEY_PUBLIC);
+
+ if (!key) {
+ ast_test_status_update(test, "Couldn't read key: %s\n", keypair1);
+ goto cleanup;
+ }
+
+ ctx = EVP_MD_CTX_create();
+ EVP_DigestInit(ctx, EVP_sha1());
+ EVP_DigestUpdate(ctx, plaintext, sizeof(plaintext));
+ EVP_DigestFinal(ctx, digest, &digestlen);
+ EVP_MD_CTX_destroy(ctx);
+
+ args[PRIVATE] = priv;
+ if (ast_test_capture_command(&cap, command, args, (const char *)digest, sizeof(digest)) != 1) {
+ ast_test_status_update(test, "ast_test_capture_command() failed\n");
+ goto cleanup;
+ }
+
+ if (cap.outlen != (AST_CRYPTO_RSA_KEY_BITS / 8)) {
+ ast_test_status_update(test, "Unexpected length for stdout: %zu\n", cap.outlen);
+ goto cleanup;
+ }
+
+ if (cap.errlen != 0) {
+ ast_test_status_update(test, "Unexpected value/length for stderr: '%.*s'\n", (int) cap.errlen, cap.errbuf);
+ goto cleanup;
+ }
+
+ if (cap.pid == -1) {
+ ast_test_status_update(test, "Invalid process id\n");
+ goto cleanup;
+ }
+
+ if (cap.exitcode != 0) {
+ ast_test_status_update(test, "Child exited %d\n", cap.exitcode);
+ goto cleanup;
+ }
+
+ if (ast_check_signature_bin(key, plaintext, sizeof(plaintext), (const unsigned char *)cap.outbuf) != 0) {
+ ast_test_status_update(test, "ast_check_signature_bin() failed\n");
+ goto cleanup;
+ }
+
+ res = AST_TEST_PASS;
+
+cleanup:
+ ast_test_capture_free(&cap);
+ pop_key_dir();
+ return res;
+}
+
+AST_TEST_DEFINE(crypto_aes_encrypt)
+{
+ int res = AST_TEST_FAIL;
+ const unsigned char key[16] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45,
+ 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01
+ };
+ const unsigned char plaintext[16] = "Mary had a littl";
+ const char *command = "openssl";
+ char *args[] = { "openssl", "enc", "-aes-128-ecb", "-d", "-K", "KEY", "-nopad", NULL };
+ enum { KEY = 5 };
+ struct ast_test_capture cap;
+ unsigned char buf[16];
+ ast_aes_encrypt_key aes_key;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "crypto_aes_encrypt";
+ info->category = "/res/res_crypto/";
+ info->summary = "Encrypt test AES-128-ECB";
+ info->description = "Encrypt a test string using AES-128 and ECB";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_status_update(test, "Executing AES-ECB encryption test\n");
+
+ if (!ast_check_command_in_path(command)) {
+ ast_test_status_update(test, "couldn't find %s\n", command);
+ return res;
+ }
+
+ memset(buf, 0, sizeof(buf));
+ ast_aes_set_encrypt_key(key, &aes_key);
+ ast_aes_encrypt(plaintext, buf, &aes_key);
+
+ args[KEY] = hexstring(key, sizeof(key));
+ if (ast_test_capture_command(&cap, command, args, (const char *)buf, sizeof(buf)) != 1) {
+ ast_test_status_update(test, "ast_test_capture_command() failed\n");
+ goto cleanup;
+ }
+
+ if (cap.outlen != sizeof(plaintext) || memcmp(cap.outbuf, plaintext, cap.outlen)) {
+ ast_test_status_update(test, "Unexpected value/length for stdout: '%.*s' (%zu)\n", (int) cap.outlen, cap.outbuf, cap.outlen);
+ goto cleanup;
+ }
+
+ if (cap.errlen != 0) {
+ ast_test_status_update(test, "Unexpected value/length for stderr: '%.*s'\n", (int) cap.errlen, cap.errbuf);
+ goto cleanup;
+ }
+
+ if (cap.pid == -1) {
+ ast_test_status_update(test, "Invalid process id\n");
+ goto cleanup;
+ }
+
+ if (cap.exitcode != 0) {
+ ast_test_status_update(test, "Child exited %d\n", cap.exitcode);
+ goto cleanup;
+ }
+
+ res = AST_TEST_PASS;
+
+cleanup:
+ ast_test_capture_free(&cap);
+ return res;
+}
+
+AST_TEST_DEFINE(crypto_aes_decrypt)
+{
+ int res = AST_TEST_FAIL;
+ const unsigned char key[16] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45,
+ 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01
+ };
+ const unsigned char plaintext[16] = "Mary had a littl";
+ unsigned char buf[16];
+ const char *command = "openssl";
+ char *args[] = { "openssl", "enc", "-aes-128-ecb", "-e", "-K", "KEY", "-nopad", NULL };
+ enum { KEY = 5 };
+ struct ast_test_capture cap;
+ ast_aes_encrypt_key aes_key;
+
+ switch (cmd) {
+ case TEST_INIT:
+ info->name = "crypto_aes_decrypt";
+ info->category = "/res/res_crypto/";
+ info->summary = "Decrypt test AES-128-ECB";
+ info->description = "Decrypt a test string using AES-128 and ECB";
+ return AST_TEST_NOT_RUN;
+ case TEST_EXECUTE:
+ break;
+ }
+
+ ast_test_status_update(test, "Executing AES-ECB decryption test\n");
+
+ if (!ast_check_command_in_path(command)) {
+ ast_test_status_update(test, "couldn't find %s\n", command);
+ return res;
+ }
+
+ args[KEY] = hexstring(key, sizeof(key));
+ if (ast_test_capture_command(&cap, command, args, (const char *)plaintext, sizeof(plaintext)) != 1) {
+ ast_test_status_update(test, "ast_test_capture_command() failed\n");
+ goto cleanup;
+ }
+
+ if (cap.outlen != sizeof(buf)) {
+ ast_test_status_update(test, "Unexpected length for stdout: %zu\n", cap.outlen);
+ goto cleanup;
+ }
+
+ if (cap.errlen != 0) {
+ ast_test_status_update(test, "Unexpected value/length for stderr: '%.*s'\n", (int) cap.errlen, cap.errbuf);
+ goto cleanup;
+ }
+
+ if (cap.pid == -1) {
+ ast_test_status_update(test, "Invalid process id\n");
+ goto cleanup;
+ }
+
+ if (cap.exitcode != 0) {
+ ast_test_status_update(test, "Child exited %d\n", cap.exitcode);
+ goto cleanup;
+ }
+
+ memset(buf, 0, sizeof(buf));
+ ast_aes_set_decrypt_key(key, &aes_key);
+ ast_aes_decrypt((const unsigned char *)cap.outbuf, buf, &aes_key);
+
+ if (memcmp(plaintext, buf, sizeof(plaintext))) {
+ ast_test_status_update(test, "AES decryption mismatch\n");
+ goto cleanup;
+ }
+
+ res = AST_TEST_PASS;
+
+cleanup:
+ ast_test_capture_free(&cap);
+ return res;
+}
+
+static int unload_module(void)
+{
+ AST_TEST_UNREGISTER(crypto_rsa_encrypt);
+ AST_TEST_UNREGISTER(crypto_rsa_decrypt);
+ AST_TEST_UNREGISTER(crypto_sign);
+ AST_TEST_UNREGISTER(crypto_verify);
+ AST_TEST_UNREGISTER(crypto_aes_encrypt);
+ AST_TEST_UNREGISTER(crypto_aes_decrypt);
+ return 0;
+}
+
+static int load_module(void)
+{
+ AST_TEST_REGISTER(crypto_rsa_encrypt);
+ AST_TEST_REGISTER(crypto_rsa_decrypt);
+ AST_TEST_REGISTER(crypto_sign);
+ AST_TEST_REGISTER(crypto_verify);
+ AST_TEST_REGISTER(crypto_aes_encrypt);
+ AST_TEST_REGISTER(crypto_aes_decrypt);
+ return AST_MODULE_LOAD_SUCCESS;
+}
+
+AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_DEFAULT, "Crypto test module",
+ .support_level = AST_MODULE_SUPPORT_CORE,
+ .load = load_module,
+ .unload = unload_module,
+ .requires = "res_crypto",
+);
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/19148
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 20
Gerrit-Change-Id: I0d10e7b41009c5290a4356c6480e636712d5c96d
Gerrit-Change-Number: 19148
Gerrit-PatchSet: 2
Gerrit-Owner: Philip Prindeville <philipp at redfish-solutions.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220912/ff431112/attachment-0001.html>
More information about the asterisk-code-review
mailing list