Mercurial > dovecot > core-2.2
diff src/lib-dcrypt/test-crypto.c @ 20871:536d185e3794
lib-dcrypt: enc_key and pw must be NULL on storing unencrypted private key
Add tests for password and key encryption, and get_info on them. Also
give examples of valid cipher values for password and key encryption in
dcrypt.h comment.
author | Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi> |
---|---|
date | Thu, 13 Oct 2016 23:38:36 +0300 |
parents | 90d375d8878e |
children | 4c571ff37f8f |
line wrap: on
line diff
--- a/src/lib-dcrypt/test-crypto.c Wed Oct 12 21:29:51 2016 +0300 +++ b/src/lib-dcrypt/test-crypto.c Thu Oct 13 23:38:36 2016 +0300 @@ -592,6 +592,81 @@ } static +void test_get_info_key_encrypted(void) { + test_begin("test_get_info_key_encrypted"); + + struct dcrypt_keypair p1, p2; + const char *error = NULL; + bool ret = dcrypt_keypair_generate(&p1, DCRYPT_KEY_EC, 0, "sect571k1", &error); + test_assert(ret == TRUE); + ret = dcrypt_keypair_generate(&p2, DCRYPT_KEY_EC, 0, "sect571k1", &error); + test_assert(ret == TRUE); + + string_t* buf = str_new(default_pool, 4096); + + buffer_set_used_size(buf, 0); + ret = dcrypt_key_store_private(p1.priv, DCRYPT_FORMAT_DOVECOT, "ecdh-aes-256-ctr", buf, NULL, p2.pub, &error); + test_assert(ret == TRUE); + + enum dcrypt_key_format format; + enum dcrypt_key_version version; + enum dcrypt_key_kind kind; + enum dcrypt_key_encryption_type enc_type; + const char *enc_hash; + const char *key_hash; + + ret = dcrypt_key_string_get_info(str_c(buf), &format, &version, + &kind, &enc_type, &enc_hash, &key_hash, &error); + test_assert(ret == TRUE); + test_assert(format == DCRYPT_FORMAT_DOVECOT); + test_assert(version == DCRYPT_KEY_VERSION_2); + test_assert(kind == DCRYPT_KEY_KIND_PRIVATE); + test_assert(enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_KEY); + test_assert(enc_hash != NULL); + test_assert(key_hash != NULL); + + dcrypt_keypair_unref(&p1); + dcrypt_keypair_unref(&p2); + + test_end(); +} + +static +void test_get_info_pw_encrypted(void) { + test_begin("test_get_info_pw_encrypted"); + + struct dcrypt_keypair p1; + const char *error; + bool ret = dcrypt_keypair_generate(&p1, DCRYPT_KEY_EC, 0, "sect571k1", &error); + test_assert(ret == TRUE); + + string_t* buf = str_new(default_pool, 4096); + ret = dcrypt_key_store_private(p1.priv, DCRYPT_FORMAT_DOVECOT, "aes-256-ctr", buf, "pw", NULL, &error); + test_assert(ret == TRUE); + + enum dcrypt_key_format format; + enum dcrypt_key_version version; + enum dcrypt_key_kind kind; + enum dcrypt_key_encryption_type enc_type; + const char *enc_hash; + const char *key_hash; + + ret = dcrypt_key_string_get_info(str_c(buf), &format, &version, + &kind, &enc_type, &enc_hash, &key_hash, &error); + test_assert(ret == TRUE); + test_assert(format == DCRYPT_FORMAT_DOVECOT); + test_assert(version == DCRYPT_KEY_VERSION_2); + test_assert(kind == DCRYPT_KEY_KIND_PRIVATE); + test_assert(enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_PASSWORD); + test_assert(enc_hash == NULL); + test_assert(key_hash != NULL); + + dcrypt_keypair_unref(&p1); + + test_end(); +} + +static void test_load_invalid_keys(void) { test_begin("test_load_invalid_keys"); @@ -634,6 +709,8 @@ test_gen_and_get_info_rsa_pem, test_get_info_rsa_private_key, test_get_info_invalid_keys, + test_get_info_key_encrypted, + test_get_info_pw_encrypted, test_load_invalid_keys, NULL };