File: passwordbasedauthentication_tests.c

package info (click to toggle)
gvm-libs 22.34.2-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,968 kB
  • sloc: ansic: 39,015; makefile: 26
file content (145 lines) | stat: -rw-r--r-- 4,704 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
/* SPDX-FileCopyrightText: 2019-2023 Greenbone AG
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#include "authutils.h"
#include "passwordbasedauthentication.c"

#include <cgreen/cgreen.h>
#include <cgreen/mocks.h>
#include <string.h>
Describe (PBA);
BeforeEach (PBA)
{
}
AfterEach (PBA)
{
}

Ensure (PBA, returns_false_on_not_phc_compliant_setting)
{
  assert_false (pba_is_phc_compliant ("$"));
  assert_false (pba_is_phc_compliant ("password"));
}
Ensure (PBA, returns_true_on_phc_compliant_setting)
{
  assert_true (pba_is_phc_compliant ("$password"));
}
Ensure (PBA, returns_NULL_on_unsupport_settings)
{
  struct PBASettings setting = {"0000", 20000, "$6$"};
  assert_false (pba_hash (NULL, "*password"));
  assert_false (pba_hash (&setting, NULL));
  setting.prefix = "$1$";
  assert_false (pba_hash (&setting, "*password"));
}
Ensure (PBA, unique_hash_without_adding_used_pepper)
{
  struct PBASettings setting = {"4242", 20000, "$6$"};
  char *cmp_hash, *hash;
  hash = pba_hash (&setting, "*password");
  assert_not_equal (hash, NULL);
  assert_false (string_contains (hash, setting.pepper));
  cmp_hash = pba_hash (&setting, "*password");
  assert_string_not_equal (hash, cmp_hash);
  free (hash);
  free (cmp_hash);
}
Ensure (PBA, verify_hash)
{
  struct PBASettings setting = {"4242", 20000, "$6$"};
  char *hash;
  hash = pba_hash (&setting, "*password");
  assert_not_equal (hash, NULL);
  assert_equal (pba_verify_hash (&setting, hash, "*password"), VALID);
  assert_equal (pba_verify_hash (&setting, hash, "*password1"), INVALID);
  free (hash);
  struct PBASettings setting_wo_pepper = {"\0\0\0\0", 20000, "$6$"};
  hash = pba_hash (&setting_wo_pepper, "*password");
  assert_equal (pba_verify_hash (&setting_wo_pepper, hash, "*password"), VALID);
  free (hash);
}

Ensure (PBA, verify_hash_returns_invalid_on_np_hash_np_password)
{
  struct PBASettings setting = {"4242", 20000, "$6$"};
  char *hash;
  hash = pba_hash (&setting, "*password");
  assert_not_equal (hash, NULL);
  assert_equal (pba_verify_hash (&setting, NULL, "*password"), INVALID);
  assert_equal (pba_verify_hash (&setting, hash, NULL), INVALID);
  free (hash);
}

Ensure (PBA, defaults)
{
  int i;
  struct PBASettings *settings = pba_init (NULL, 0, 0, NULL);
  assert_equal (settings->count, 20000);
  for (i = 0; i < MAX_PEPPER_SIZE; i++)
    assert_equal_with_message (settings->pepper[i], 0,
                               "init_without_pepper_should_not_have_pepper");
  assert_string_equal (settings->prefix, "$6$");
  pba_finalize (settings);
}
Ensure (PBA, initialization)
{
  int i;
  struct PBASettings *settings = pba_init ("444", 3, 1, "$6$");
  assert_equal (settings->count, 1);
  for (i = 0; i < MAX_PEPPER_SIZE - 1; i++)
    assert_equal_with_message (settings->pepper[i], '4',
                               "init_with_pepper_should_be_set");
  assert_equal_with_message (settings->pepper[MAX_PEPPER_SIZE - 1], '\0',
                             "last_pepper_should_be_unset_by_pepper_3");
  assert_string_equal (settings->prefix, "$6$");
  pba_finalize (settings);
  settings = pba_init ("444", MAX_PEPPER_SIZE + 1, 1, "$6$");
  assert_equal_with_message (settings, NULL,
                             "should_fail_due_to_too_much_pepper");
  settings = pba_init ("444", MAX_PEPPER_SIZE, 1, "$WALDFEE$");
  assert_equal_with_message (settings, NULL,
                             "should_fail_due_to_unknown_prefix");
}

Ensure (PBA, handle_md5_hash)
{
  struct PBASettings *settings = pba_init (NULL, 0, 0, NULL);
  char *hash;
  assert_equal (gvm_auth_init (), 0);
  hash = get_password_hashes ("admin");
  assert_equal (pba_verify_hash (settings, hash, "admin"), UPDATE_RECOMMENDED);
  pba_finalize (settings);
  g_free (hash);
}

int
main (int argc, char **argv)
{
  int ret;
  TestSuite *suite;

  suite = create_test_suite ();

  add_test_with_context (suite, PBA,
                         returns_false_on_not_phc_compliant_setting);
  add_test_with_context (suite, PBA, returns_true_on_phc_compliant_setting);
  add_test_with_context (suite, PBA, returns_NULL_on_unsupport_settings);
  add_test_with_context (suite, PBA, unique_hash_without_adding_used_pepper);
  add_test_with_context (suite, PBA, verify_hash);
  add_test_with_context (suite, PBA,
                         verify_hash_returns_invalid_on_np_hash_np_password);
  add_test_with_context (suite, PBA, handle_md5_hash);
  add_test_with_context (suite, PBA, defaults);
  add_test_with_context (suite, PBA, initialization);

  if (argc > 1)
    ret = run_single_test (suite, argv[1], create_text_reporter ());
  else
    ret = run_test_suite (suite, create_text_reporter ());

  destroy_test_suite (suite);

  return ret;
}