/* * QEMU Crypto secret handling * * Copyright (c) 2015 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, see <http://www.gnu.org/licenses/>. * */ #include "qemu/osdep.h" #include "crypto/init.h" #include "crypto/secret.h" #include "qapi/error.h" #include "qemu/module.h" #ifdef CONFIG_KEYUTILS #include "crypto/secret_keyring.h" #include <keyutils.h> #endif static void test_secret_direct(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "123456", NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, "123456"); object_unparent(sec); g_free(pw); } static void test_secret_indirect_good(void) { Object *sec; char *fname = NULL; int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX", &fname, NULL); g_assert(fd >= 0); g_assert_nonnull(fname); g_assert(write(fd, "123456", 6) == 6); sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "file", fname, NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, "123456"); object_unparent(sec); g_free(pw); close(fd); unlink(fname); g_free(fname); } static void test_secret_indirect_badfile(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", NULL, "file", "does-not-exist", NULL); g_assert(sec == NULL); } static void test_secret_indirect_emptyfile(void) { Object *sec; char *fname = NULL; int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX", &fname, NULL); g_assert(fd >= 0); g_assert_nonnull(fname); sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "file", fname, NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, ""); object_unparent(sec); g_free(pw); close(fd); unlink(fname); g_free(fname); } #ifdef CONFIG_KEYUTILS #define DESCRIPTION "qemu_test_secret" #define PAYLOAD "Test Payload" static void test_secret_keyring_good(void) { char key_str[16]; Object *sec; int32_t key = add_key("user", DESCRIPTION, PAYLOAD, strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING); g_assert(key >= 0); snprintf(key_str, sizeof(key_str), "0x%08x", key); sec = object_new_with_props( TYPE_QCRYPTO_SECRET_KEYRING, object_get_objects_root(), "sec0", &error_abort, "serial", key_str, NULL); assert(0 <= keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING)); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, PAYLOAD); object_unparent(sec); g_free(pw); } static void test_secret_keyring_revoked_key(void) { char key_str[16]; Object *sec; int32_t key = add_key("user", DESCRIPTION, PAYLOAD, strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING); g_assert(key >= 0); g_assert_false(keyctl_revoke(key)); snprintf(key_str, sizeof(key_str), "0x%08x", key); sec = object_new_with_props( TYPE_QCRYPTO_SECRET_KEYRING, object_get_objects_root(), "sec0", NULL, "serial", key_str, NULL); g_assert(errno == EKEYREVOKED); g_assert(sec == NULL); keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING); } static void test_secret_keyring_expired_key(void) { char key_str[16]; Object *sec; int32_t key = add_key("user", DESCRIPTION, PAYLOAD, strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING); g_assert(key >= 0); g_assert_false(keyctl_set_timeout(key, 1)); sleep(1); snprintf(key_str, sizeof(key_str), "0x%08x", key); sec = object_new_with_props( TYPE_QCRYPTO_SECRET_KEYRING, object_get_objects_root(), "sec0", NULL, "serial", key_str, NULL); g_assert(errno == EKEYEXPIRED); g_assert(sec == NULL); keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING); } static void test_secret_keyring_bad_serial_key(void) { Object *sec; sec = object_new_with_props( TYPE_QCRYPTO_SECRET_KEYRING, object_get_objects_root(), "sec0", NULL, "serial", "1", NULL); g_assert(errno == ENOKEY); g_assert(sec == NULL); } /* * TODO * test_secret_keyring_bad_key_access_right() is not working yet. * We don't know yet if this due a bug in the Linux kernel or * whether it's normal syscall behavior. * We've requested information from kernel maintainers. * See: <https://www.spinics.net/lists/keyrings/index.html> * Thread: 'security/keys: remove possessor verify after key permission check' */ static void test_secret_keyring_bad_key_access_right(void) { char key_str[16]; Object *sec; g_test_skip("TODO: Need responce from Linux kernel maintainers"); return; int32_t key = add_key("user", DESCRIPTION, PAYLOAD, strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING); g_assert(key >= 0); g_assert_false(keyctl_setperm(key, KEY_POS_ALL & (~KEY_POS_READ))); snprintf(key_str, sizeof(key_str), "0x%08x", key); sec = object_new_with_props( TYPE_QCRYPTO_SECRET_KEYRING, object_get_objects_root(), "sec0", NULL, "serial", key_str, NULL); g_assert(errno == EACCES); g_assert(sec == NULL); keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING); } #endif /* CONFIG_KEYUTILS */ static void test_secret_noconv_base64_good(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "MTIzNDU2", "format", "base64", NULL); char *pw = qcrypto_secret_lookup_as_base64("sec0", &error_abort); g_assert_cmpstr(pw, ==, "MTIzNDU2"); object_unparent(sec); g_free(pw); } static void test_secret_noconv_base64_bad(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", NULL, "data", "MTI$NDU2", "format", "base64", NULL); g_assert(sec == NULL); } static void test_secret_noconv_utf8(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "123456", "format", "raw", NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, "123456"); object_unparent(sec); g_free(pw); } static void test_secret_conv_base64_utf8valid(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "MTIzNDU2", "format", "base64", NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, "123456"); object_unparent(sec); g_free(pw); } static void test_secret_conv_base64_utf8invalid(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "f0VMRgIBAQAAAA==", "format", "base64", NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", NULL); g_assert(pw == NULL); object_unparent(sec); } static void test_secret_conv_utf8_base64(void) { Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "123456", NULL); char *pw = qcrypto_secret_lookup_as_base64("sec0", &error_abort); g_assert_cmpstr(pw, ==, "MTIzNDU2"); object_unparent(sec); g_free(pw); } static void test_secret_crypt_raw(void) { Object *master = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "master", &error_abort, "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", "format", "base64", NULL); Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "\xCC\xBF\xF7\x09\x46\x19\x0B\x52\x2A\x3A\xB4\x6B\xCD\x7A\xB0\xB0", "format", "raw", "keyid", "master", "iv", "0I7Gw/TKuA+Old2W2apQ3g==", NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, "123456"); object_unparent(sec); object_unparent(master); g_free(pw); } static void test_secret_crypt_base64(void) { Object *master = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "master", &error_abort, "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", "format", "base64", NULL); Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", &error_abort, "data", "zL/3CUYZC1IqOrRrzXqwsA==", "format", "base64", "keyid", "master", "iv", "0I7Gw/TKuA+Old2W2apQ3g==", NULL); char *pw = qcrypto_secret_lookup_as_utf8("sec0", &error_abort); g_assert_cmpstr(pw, ==, "123456"); object_unparent(sec); object_unparent(master); g_free(pw); } static void test_secret_crypt_short_key(void) { Object *master = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "master", &error_abort, "data", "9miloPQCzGy+TL6aonfzVc", "format", "base64", NULL); Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", NULL, "data", "zL/3CUYZC1IqOrRrzXqwsA==", "format", "raw", "keyid", "master", "iv", "0I7Gw/TKuA+Old2W2apQ3g==", NULL); g_assert(sec == NULL); object_unparent(master); } static void test_secret_crypt_short_iv(void) { Object *master = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "master", &error_abort, "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", "format", "base64", NULL); Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", NULL, "data", "zL/3CUYZC1IqOrRrzXqwsA==", "format", "raw", "keyid", "master", "iv", "0I7Gw/TKuA+Old2W2a", NULL); g_assert(sec == NULL); object_unparent(master); } static void test_secret_crypt_missing_iv(void) { Object *master = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "master", &error_abort, "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", "format", "base64", NULL); Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", NULL, "data", "zL/3CUYZC1IqOrRrzXqwsA==", "format", "raw", "keyid", "master", NULL); g_assert(sec == NULL); object_unparent(master); } static void test_secret_crypt_bad_iv(void) { Object *master = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "master", &error_abort, "data", "9miloPQCzGy+TL6aonfzVcptibCmCIhKzrnlfwiWivk=", "format", "base64", NULL); Object *sec = object_new_with_props( TYPE_QCRYPTO_SECRET, object_get_objects_root(), "sec0", NULL, "data", "zL/3CUYZC1IqOrRrzXqwsA==", "format", "raw", "keyid", "master", "iv", "0I7Gw/TK$$uA+Old2W2a", NULL); g_assert(sec == NULL); object_unparent(master); } int main(int argc, char **argv) { module_call_init(MODULE_INIT_QOM); g_test_init(&argc, &argv, NULL); g_assert(qcrypto_init(NULL) == 0); g_test_add_func("/crypto/secret/direct", test_secret_direct); g_test_add_func("/crypto/secret/indirect/good", test_secret_indirect_good); g_test_add_func("/crypto/secret/indirect/badfile", test_secret_indirect_badfile); g_test_add_func("/crypto/secret/indirect/emptyfile", test_secret_indirect_emptyfile); #ifdef CONFIG_KEYUTILS g_test_add_func("/crypto/secret/keyring/good", test_secret_keyring_good); g_test_add_func("/crypto/secret/keyring/revoked_key", test_secret_keyring_revoked_key); g_test_add_func("/crypto/secret/keyring/expired_key", test_secret_keyring_expired_key); g_test_add_func("/crypto/secret/keyring/bad_serial_key", test_secret_keyring_bad_serial_key); g_test_add_func("/crypto/secret/keyring/bad_key_access_right", test_secret_keyring_bad_key_access_right); #endif /* CONFIG_KEYUTILS */ g_test_add_func("/crypto/secret/noconv/base64/good", test_secret_noconv_base64_good); g_test_add_func("/crypto/secret/noconv/base64/bad", test_secret_noconv_base64_bad); g_test_add_func("/crypto/secret/noconv/utf8", test_secret_noconv_utf8); g_test_add_func("/crypto/secret/conv/base64/utf8valid", test_secret_conv_base64_utf8valid); g_test_add_func("/crypto/secret/conv/base64/utf8invalid", test_secret_conv_base64_utf8invalid); g_test_add_func("/crypto/secret/conv/utf8/base64", test_secret_conv_utf8_base64); g_test_add_func("/crypto/secret/crypt/raw", test_secret_crypt_raw); g_test_add_func("/crypto/secret/crypt/base64", test_secret_crypt_base64); g_test_add_func("/crypto/secret/crypt/shortkey", test_secret_crypt_short_key); g_test_add_func("/crypto/secret/crypt/shortiv", test_secret_crypt_short_iv); g_test_add_func("/crypto/secret/crypt/missingiv", test_secret_crypt_missing_iv); g_test_add_func("/crypto/secret/crypt/badiv", test_secret_crypt_bad_iv); return g_test_run(); }