1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
|
/* Copyright (C) 2017 Mike Fleetwood
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* Test PasswordRAMStore
*
* NOTE:
* As well as calling the public API of PasswordRAMStore this unit testing also accesses
* the private members of PasswordRAMStore and uses knowledge of the implementation,
* making this white box testing. This is so that the hidden behaviour of zeroing
* password storing memory before and after use can be tested.
*
* WARNING:
* Each test fixture would normally initialise separate resources to make the tests
* independent of each other. However the password store is a single long lived shared
* resource. Therefore, so that each test fixture is independent of all the others, the
* password store must be returned to it's original state of being empty before each
* fixture completes.
*
* Reference:
* Google Test, Advanced Guide, Sharing Resources Between Tests in the Same Test Case
* https://github.com/google/googletest/blob/master/googletest/docs/AdvancedGuide.md#sharing-resources-between-tests-in-the-same-test-case
*/
#include "PasswordRAMStore.h"
#include "gtest/gtest.h"
#include <stdio.h>
#include <stddef.h>
#include <string.h>
#include <string>
#include <glibmm/ustring.h>
namespace GParted
{
// Generate repeatable unique keys
static const char * gen_key( unsigned int i )
{
static char buf[14];
snprintf( buf, sizeof( buf ), "key%u", i );
return buf;
}
// Generate repeatable "passwords" exactly 20 characters long
static const char * gen_passwd( unsigned int i )
{
static char buf[21];
snprintf(buf, sizeof(buf), "password%03u ", i%1000);
return buf;
}
static bool mem_is_zero( const char * mem, size_t len )
{
while ( len-- > 0 )
{
if ( *mem++ != '\0' )
{
return false;
}
}
return true;
}
// Explicit test fixture class for common setup and sharing of the underlying password
// store address.
class PasswordRAMStoreTest : public ::testing::Test
{
protected:
PasswordRAMStoreTest() : looked_up_pw(nullptr) {};
static void SetUpTestCase();
static void erase_all() { PasswordRAMStore::erase_all(); };
static const char * protected_mem;
std::string pw;
const char * looked_up_pw;
size_t looked_up_len;
};
// Initialise test case class static member.
const char * PasswordRAMStoreTest::protected_mem = nullptr;
const size_t ProtectedMemSize = 4096; // [Implementation knowledge: size]
// Common test case initialisation recording the underlying password store address.
void PasswordRAMStoreTest::SetUpTestCase()
{
protected_mem = PasswordRAMStore::get_protected_mem();
ASSERT_TRUE(protected_mem != nullptr) << __func__ << "(): No locked virtual memory for password RAM store";
}
TEST_F( PasswordRAMStoreTest, Initialisation )
{
// Test locked memory is initialised with all zeros.
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, UnknownPasswordLookup )
{
// Test lookup of non-existent password fails.
looked_up_pw = PasswordRAMStore::lookup( "key-unknown" );
EXPECT_TRUE(looked_up_pw == nullptr);
}
TEST_F( PasswordRAMStoreTest, UnknownPasswordErasure )
{
// Test erase non-existent password fails.
EXPECT_FALSE( PasswordRAMStore::erase( "key-unknown" ) );
}
TEST_F( PasswordRAMStoreTest, SinglePassword )
{
// Test a single password can be stored, looked up and erased (and zeroed).
pw = "password";
EXPECT_TRUE( PasswordRAMStore::store( "key-single", pw.c_str() ) );
looked_up_pw = PasswordRAMStore::lookup( "key-single" );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
looked_up_len = strlen( looked_up_pw );
EXPECT_TRUE( PasswordRAMStore::erase( "key-single" ) );
EXPECT_TRUE( mem_is_zero( looked_up_pw, looked_up_len ) );
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, IdenticalPassword )
{
// Test a password can be saved twice with the same key and looked up (and the
// single password can be erased and zeroed).
pw = "password";
EXPECT_TRUE( PasswordRAMStore::store( "key-single", pw.c_str() ) );
EXPECT_TRUE( PasswordRAMStore::store( "key-single", pw.c_str() ) );
looked_up_pw = PasswordRAMStore::lookup( "key-single" );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
looked_up_len = strlen( looked_up_pw );
EXPECT_TRUE( PasswordRAMStore::erase( "key-single" ) );
EXPECT_TRUE( mem_is_zero( looked_up_pw, looked_up_len ) );
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, ReplacePassword )
{
// Test a password can be saved and looked up, then saved again with a different
// password using the same key and looked up (and the single replaced password
// is erased and zeroed).
pw = "password";
EXPECT_TRUE( PasswordRAMStore::store( "key-single", pw.c_str() ) );
looked_up_pw = PasswordRAMStore::lookup( "key-single" );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
pw = "password2";
EXPECT_TRUE( PasswordRAMStore::store( "key-single", pw.c_str() ) );
looked_up_pw = PasswordRAMStore::lookup( "key-single" );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
looked_up_len = strlen( looked_up_pw );
EXPECT_TRUE( PasswordRAMStore::erase( "key-single" ) );
EXPECT_TRUE( mem_is_zero( looked_up_pw, looked_up_len ) );
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, OneHundredPasswordsForwards )
{
// Test 100, 20 character passwords can be stored, looked up and erased (and
// zeroed). Passwords are erased forwards (first stored to last stored).
unsigned int i;
for ( i = 0 ; i < 100 ; i ++ )
{
pw = gen_passwd( i );
EXPECT_TRUE( PasswordRAMStore::store( gen_key(i), pw.c_str() ) );
}
for ( i = 0 ; i < 100 ; i ++ )
{
pw = gen_passwd( i );
looked_up_pw = PasswordRAMStore::lookup( gen_key(i) );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
}
for ( i = 0 ; i < 100 ; i ++ )
{
pw = gen_passwd( i );
looked_up_pw = PasswordRAMStore::lookup( gen_key(i) );
looked_up_len = strlen( looked_up_pw );
EXPECT_TRUE( PasswordRAMStore::erase( gen_key(i) ) );
EXPECT_TRUE( mem_is_zero( looked_up_pw, looked_up_len ) );
}
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, OneHundredPasswordsBackwards )
{
// Test 100, 20 character passwords can be stored, looked up and erased (and
// zeroed). Passwords are erased backwards (last stored to first stored).
unsigned int i;
for ( i = 0 ; i < 100 ; i ++ )
{
pw = gen_passwd( i );
EXPECT_TRUE( PasswordRAMStore::store( gen_key(i), pw.c_str() ) );
}
for ( i = 0 ; i < 100 ; i ++ )
{
pw = gen_passwd( i );
looked_up_pw = PasswordRAMStore::lookup( gen_key(i) );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
}
for ( i = 100; i-- > 0 ; )
{
pw = gen_passwd( i );
looked_up_pw = PasswordRAMStore::lookup( gen_key(i) );
looked_up_len = strlen( looked_up_pw );
EXPECT_TRUE( PasswordRAMStore::erase( gen_key(i) ) );
EXPECT_TRUE( mem_is_zero( looked_up_pw, looked_up_len ) );
}
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, LongPassword )
{
// Test a 4095 byte password can be stored and looked up (and erased and zeroed).
// [Implementation knowledge: size]
pw = std::string( ProtectedMemSize-1, 'X' );
EXPECT_TRUE( PasswordRAMStore::store( "key-long", pw.c_str() ) );
looked_up_pw = PasswordRAMStore::lookup( "key-long" );
EXPECT_STREQ( pw.c_str(), looked_up_pw );
looked_up_len = strlen( looked_up_pw );
EXPECT_TRUE( PasswordRAMStore::erase( "key-long" ) );
EXPECT_TRUE( mem_is_zero( looked_up_pw, looked_up_len ) );
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, TooLongPassword )
{
// Test a 4096 byte password can't be stored nor looked up or erased.
// [Implementation knowledge: size]
std::string pw = std::string( ProtectedMemSize, 'X' );
EXPECT_FALSE( PasswordRAMStore::store( "key-too-long", pw.c_str() ) );
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
looked_up_pw = PasswordRAMStore::lookup( "key-too-long" );
EXPECT_TRUE(looked_up_pw == nullptr);
EXPECT_FALSE(PasswordRAMStore::erase("key-too-long"));
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
TEST_F( PasswordRAMStoreTest, TotalErasure )
{
// Test all passwords are erased (and zeroed using the same code called during
// password cache destruction).
unsigned int i;
for ( i = 0 ; i < 100 ; i ++ )
{
pw = gen_passwd( i );
EXPECT_TRUE( PasswordRAMStore::store( gen_key(i), pw.c_str() ) );
}
EXPECT_FALSE( mem_is_zero( protected_mem, ProtectedMemSize ) );
PasswordRAMStoreTest::erase_all();
EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
}
} // namespace GParted
|
