From eb840eb37eb1ca457d9c2434db5465e54a33b076 Mon Sep 17 00:00:00 2001 From: Greg Beeley Date: Tue, 14 Jun 2022 15:45:36 -0600 Subject: [PATCH 01/16] Credentials db: update to use newmalloc for memory management. --- centrallix/cxss/cxss_credentials_db.c | 55 ++++++++++++++------------- centrallix/cxss/cxss_util.c | 5 ++- 2 files changed, 31 insertions(+), 29 deletions(-) diff --git a/centrallix/cxss/cxss_credentials_db.c b/centrallix/cxss/cxss_credentials_db.c index 5963d5d48..4aad0afcb 100644 --- a/centrallix/cxss/cxss_credentials_db.c +++ b/centrallix/cxss/cxss_credentials_db.c @@ -4,6 +4,7 @@ #include #include #include +#include #include "cxss/credentials_db.h" #include "cxss/util.h" @@ -24,7 +25,7 @@ CXSS_DB_Context_t cxssCredentialsDatabaseInit(const char *db_path) { /* Allocate context struct */ - CXSS_DB_Context_t dbcontext = malloc(sizeof(struct _CXSS_DB_Context_t)); + CXSS_DB_Context_t dbcontext = (CXSS_DB_Context_t)nmMalloc(sizeof(struct _CXSS_DB_Context_t)); if (!dbcontext) { mssError(0, "CXSS", "Memory allocation error\n"); goto error; @@ -42,7 +43,7 @@ cxssCredentialsDatabaseInit(const char *db_path) return dbcontext; error: - free(dbcontext); + nmFree(dbcontext, sizeof(struct _CXSS_DB_Context_t)); return NULL; } @@ -60,7 +61,7 @@ cxssCredentialsDatabaseClose(CXSS_DB_Context_t dbcontext) { cxss_i_FinalizeSqliteStatements(dbcontext); sqlite3_close(dbcontext->db); - free(dbcontext); + nmFree(dbcontext, sizeof(struct _CXSS_DB_Context_t)); } /** @brief Setup database tables/statements @@ -489,14 +490,14 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, } /* Allocate head (dummy node) */ - head = malloc(sizeof(CXSS_UserAuth_LLNode)); + head = (CXSS_UserAuth_LLNode*)nmMalloc(sizeof(CXSS_UserAuth_LLNode)); prev = head; /* Execute query */ while (sqlite3_step(dbcontext->retrieve_user_auths_stmt) == SQLITE_ROW) { /* Allocate and chain new node */ - current = malloc(sizeof(CXSS_UserAuth_LLNode)); + current = (CXSS_UserAuth_LLNode*)nmMalloc(sizeof(CXSS_UserAuth_LLNode)); prev->next = current; /* Retrieve results */ @@ -845,13 +846,13 @@ cxssFreeUserAuthLL(CXSS_UserAuth_LLNode *start) { /* Free head (dummy node) */ CXSS_UserAuth_LLNode *next = start->next; - free(start); + nmFree(start, sizeof(CXSS_UserAuth_LLNode)); start = next; while (start != NULL) { next = start->next; cxssFreeUserAuth(&start->UserAuth); - free(start); + nmFree(start, sizeof(CXSS_UserAuth_LLNode)); start = next; } } @@ -968,10 +969,10 @@ cxssDbContainsResc(CXSS_DB_Context_t dbcontext, const char *resource_id) void cxssFreeUserData(CXSS_UserData *UserData) { - free((void*)UserData->CXSS_UserID); - free((void*)UserData->PublicKey); - free((void*)UserData->DateCreated); - free((void*)UserData->DateLastUpdated); + nmSysFree((void*)UserData->CXSS_UserID); + nmSysFree((void*)UserData->PublicKey); + nmSysFree((void*)UserData->DateCreated); + nmSysFree((void*)UserData->DateLastUpdated); } /** @brief Free dynamic CXSS_UserAuth struct members @@ -985,12 +986,12 @@ cxssFreeUserData(CXSS_UserData *UserData) void cxssFreeUserAuth(CXSS_UserAuth *UserAuth) { - free((void*)UserAuth->CXSS_UserID); - free((void*)UserAuth->PrivateKey); - free((void*)UserAuth->Salt); - free((void*)UserAuth->PrivateKeyIV); - free((void*)UserAuth->DateCreated); - free((void*)UserAuth->DateLastUpdated); + nmSysFree((void*)UserAuth->CXSS_UserID); + nmSysFree((void*)UserAuth->PrivateKey); + nmSysFree((void*)UserAuth->Salt); + nmSysFree((void*)UserAuth->PrivateKeyIV); + nmSysFree((void*)UserAuth->DateCreated); + nmSysFree((void*)UserAuth->DateLastUpdated); } /** @brief Free dynamic CXSS_UserResc struct members @@ -1004,16 +1005,16 @@ cxssFreeUserAuth(CXSS_UserAuth *UserAuth) void cxssFreeUserResc(CXSS_UserResc *UserResc) { - free((void*)UserResc->CXSS_UserID); - free((void*)UserResc->ResourceID); - free((void*)UserResc->AuthClass); - free((void*)UserResc->AESKey); - free((void*)UserResc->ResourceUsername); - free((void*)UserResc->ResourceAuthData); - free((void*)UserResc->UsernameIV); - free((void*)UserResc->AuthDataIV); - free((void*)UserResc->DateCreated); - free((void*)UserResc->DateLastUpdated); + nmSysFree((void*)UserResc->CXSS_UserID); + nmSysFree((void*)UserResc->ResourceID); + nmSysFree((void*)UserResc->AuthClass); + nmSysFree((void*)UserResc->AESKey); + nmSysFree((void*)UserResc->ResourceUsername); + nmSysFree((void*)UserResc->ResourceAuthData); + nmSysFree((void*)UserResc->UsernameIV); + nmSysFree((void*)UserResc->AuthDataIV); + nmSysFree((void*)UserResc->DateCreated); + nmSysFree((void*)UserResc->DateLastUpdated); } /** @brief Cleanup sqlite3 statements diff --git a/centrallix/cxss/cxss_util.c b/centrallix/cxss/cxss_util.c index c32ef3adb..060a86e6f 100644 --- a/centrallix/cxss/cxss_util.c +++ b/centrallix/cxss/cxss_util.c @@ -4,6 +4,7 @@ #include #include #include "cxss/util.h" +#include "cxlib/newmalloc.h" /** @brief Duplicate a string * @@ -18,7 +19,7 @@ cxssStrdup(const char *str) { if (!str) return NULL; - return strdup(str); + return nmSysStrdup(str); } /** @brief Duplicate an array of bytes @@ -39,7 +40,7 @@ cxssBlobdup(const char *blob, size_t len) if (!blob) return NULL; - copy = malloc(sizeof(char) * len); + copy = nmSysMalloc(sizeof(char) * len); if (!copy) { mssError(0, "CXSS", "Memory allocation error\n"); exit(EXIT_FAILURE); From d2f4c304ebd71c7d100889d414d7c7ef53419263 Mon Sep 17 00:00:00 2001 From: Greg Beeley Date: Tue, 14 Jun 2022 16:07:48 -0600 Subject: [PATCH 02/16] Credentials db: memory management switch to newmalloc, continued. --- centrallix/cxss/cxss_credentials_mgr.c | 20 ++++++++++---------- centrallix/cxss/cxss_crypto.c | 15 ++++++++------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/centrallix/cxss/cxss_credentials_mgr.c b/centrallix/cxss/cxss_credentials_mgr.c index 806069d63..69ab16f24 100644 --- a/centrallix/cxss/cxss_credentials_mgr.c +++ b/centrallix/cxss/cxss_credentials_mgr.c @@ -127,13 +127,13 @@ cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_l goto error; } - free(encrypted_privatekey); + nmSysFree(encrypted_privatekey); cxssDestroyKey(privatekey, privatekey_len); cxssShred(pb_userkey, pb_userkey_len); return CXSS_MGR_SUCCESS; error: - free(encrypted_privatekey); + nmSysFree(encrypted_privatekey); cxssDestroyKey(privatekey, privatekey_len); cxssShred(pb_userkey, pb_userkey_len); return CXSS_MGR_INSERT_ERROR; @@ -173,7 +173,7 @@ cxssRetrieveUserPrivateKey(const char *cxss_userid, const char *pb_userkey, size return CXSS_MGR_SUCCESS; error: - free(*privatekey); + nmSysFree(*privatekey); cxssFreeUserAuth(&UserAuth); cxssShred(pb_userkey, pb_userkey_len); return CXSS_MGR_RETRIEVE_ERROR; @@ -198,7 +198,7 @@ cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *public } /* Allocate buffer for public key */ - *publickey = malloc(UserData.KeyLength); + *publickey = nmSysMalloc(UserData.KeyLength); if (!(*publickey)) { mssError(0, "CXSS", "Memory allocation error\n"); goto error; @@ -310,17 +310,17 @@ cxssAddResource(const char *cxss_userid, const char *resource_id, const char *au goto error; } - free(publickey); - free(encrypted_username); - free(encrypted_password); + nmSysFree(publickey); + nmSysFree(encrypted_username); + nmSysFree(encrypted_password); cxssShred(resource_username, username_len); cxssShred(resource_authdata, authdata_len); return CXSS_MGR_SUCCESS; error: - free(publickey); - free(encrypted_username); - free(encrypted_password); + nmSysFree(publickey); + nmSysFree(encrypted_username); + nmSysFree(encrypted_password); cxssShred(resource_username, username_len); cxssShred(resource_authdata, authdata_len); return CXSS_MGR_INSERT_ERROR; diff --git a/centrallix/cxss/cxss_crypto.c b/centrallix/cxss/cxss_crypto.c index b1c11bb27..e5b23c9bf 100644 --- a/centrallix/cxss/cxss_crypto.c +++ b/centrallix/cxss/cxss_crypto.c @@ -10,6 +10,7 @@ #include #include "cxss/crypto.h" #include "cxss/credentials_db.h" +#include "cxlib/newmalloc.h" static bool CSPRNG_Initialized = false; @@ -73,7 +74,7 @@ cxssEncryptAES256(const char *plaintext, int plaintext_len, int len; /* Allocate buffer to store ciphertext */ - *ciphertext = malloc(cxssAES256CiphertextLength(plaintext_len)); + *ciphertext = (char*)nmSysMalloc(cxssAES256CiphertextLength(plaintext_len)); if (!(*ciphertext)) { mssError(0, "CXSS", "Memory allocation error\n"); goto error; @@ -112,7 +113,7 @@ cxssEncryptAES256(const char *plaintext, int plaintext_len, error: EVP_CIPHER_CTX_free(ctx); - free(*ciphertext); + nmSysFree(*ciphertext); return CXSS_CRYPTO_ENCR_ERROR; } @@ -140,7 +141,7 @@ cxssDecryptAES256(const char *ciphertext, int ciphertext_len, int len; /* Allocate buffer to store plaintext */ - *plaintext = malloc(cxssAES256CiphertextLength(ciphertext_len)); + *plaintext = (char*)nmSysMalloc(cxssAES256CiphertextLength(ciphertext_len)); if (!(*plaintext)) { mssError(0, "CXSS", "Memory allocation error\n"); goto error; @@ -180,7 +181,7 @@ cxssDecryptAES256(const char *ciphertext, int ciphertext_len, error: EVP_CIPHER_CTX_free(ctx); - free(*plaintext); + nmSysFree(*plaintext); return CXSS_CRYPTO_DECR_ERROR; } @@ -346,8 +347,8 @@ cxssGenerateRSA4096bitKeypair(char **privatekey, int *privatekey_len, goto error; } - *privatekey = malloc(pri_len + 1); - *publickey = malloc(pub_len + 1); + *privatekey = nmSysMalloc(pri_len + 1); + *publickey = nmSysMalloc(pub_len + 1); if (!(*publickey) || !(*privatekey)) { mssError(0, "CXSS", "Memory allocation error\n"); goto error; @@ -496,7 +497,7 @@ cxssDestroyKey(char *key, size_t keylength) { if (key && keylength >= 0) { memset(key, 0, keylength); - free(key); + nmSysFree(key); } } From beb717e7634f3461aa67ff4603cf49a3fa6314b8 Mon Sep 17 00:00:00 2001 From: Developer - Kardia Date: Thu, 30 Jun 2022 15:33:06 -0600 Subject: [PATCH 03/16] Added tests for IV, salt, and key random generation. RSA key pair generation is tested as well --- centrallix/tests/test_cxss-crypto_00.c | 16 ++++++ centrallix/tests/test_cxss-crypto_01.c | 76 ++++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_02.c | 76 ++++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_03.c | 76 ++++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_04.c | 74 +++++++++++++++++++++++++ 5 files changed, 318 insertions(+) create mode 100644 centrallix/tests/test_cxss-crypto_00.c create mode 100644 centrallix/tests/test_cxss-crypto_01.c create mode 100644 centrallix/tests/test_cxss-crypto_02.c create mode 100644 centrallix/tests/test_cxss-crypto_03.c create mode 100644 centrallix/tests/test_cxss-crypto_04.c diff --git a/centrallix/tests/test_cxss-crypto_00.c b/centrallix/tests/test_cxss-crypto_00.c new file mode 100644 index 000000000..63e568478 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_00.c @@ -0,0 +1,16 @@ +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 00: Basic Init"; + + /** Basic test of init and release */ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_01.c b/centrallix/tests/test_cxss-crypto_01.c new file mode 100644 index 000000000..2ba4738ea --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_01.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 01: Gen IV randomness"; + + + const int n = 10000; + const int b = 16; + unsigned char salts [n][b]; + unsigned char bytes [n*b]; + int freq [256]; + + /** init byte freq **/ + for(int i = 0 ; i < 256 ; i++) + { + freq[i] = 0; + } + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** get n values **/ + for(int i = 0 ; i < n ; i++) + { + int result = cxssGenerate128bitIV(&salts[i][0]); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** update byte freq and store bytes **/ + for(int j = 0 ; j < b ; j++) + { + bytes[i*b + j] = salts[i][j]; + freq[salts[i][j]]++; + } + + + /** Test for duplicates**/ + for(int j = 0 ; j < i ; j++) + { + int isMatch = 1; + for(int k = 0 ; k < b ; k++) + { + isMatch &= salts[i][k] == salts[j][k]; + } + assert(!isMatch); + } + } + + /** Calculate standard dev for frequency **/ + double mean = ((double) (n*b))/256.0; + long double avgDev = 0; + for(int i = 0 ; i < 256 ; i++) + { + long double cur = (freq[i] - mean)*(freq[i] - mean); + avgDev += cur; + } + avgDev /= 256; + double stdDev = sqrt(avgDev); + + printf("Mean : %f\n", mean); + printf("Std Dev : %f\n", stdDev); + printf("Dev/Mean: %f%%\n", stdDev/mean*100); + + /** Make sure standard Deviation is good **/ + assert(stdDev/mean <= 0.1); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_02.c b/centrallix/tests/test_cxss-crypto_02.c new file mode 100644 index 000000000..8c339c86f --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_02.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 02: Gen salt randomness"; + + + const int n = 10000; + const int b = 8; + unsigned char salts [n][b]; + unsigned char bytes [n*b]; + int freq [256]; + + /** init byte freq **/ + for(int i = 0 ; i < 256 ; i++) + { + freq[i] = 0; + } + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** get n values **/ + for(int i = 0 ; i < n ; i++) + { + int result = cxssGenerate64bitSalt(&salts[i][0]); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** update byte freq and store bytes **/ + for(int j = 0 ; j < b ; j++) + { + bytes[i*b + j] = salts[i][j]; + freq[salts[i][j]]++; + } + + + /** Test for duplicates**/ + for(int j = 0 ; j < i ; j++) + { + int isMatch = 1; + for(int k = 0 ; k < b ; k++) + { + isMatch &= salts[i][k] == salts[j][k]; + } + assert(!isMatch); + } + } + + /** Calculate standard dev for frequency **/ + double mean = ((double) (n*b))/256.0; + long double avgDev = 0; + for(int i = 0 ; i < 256 ; i++) + { + long double cur = (freq[i] - mean)*(freq[i] - mean); + avgDev += cur; + } + avgDev /= 256; + double stdDev = sqrt(avgDev); + + printf("Mean : %f\n", mean); + printf("Std Dev : %f\n", stdDev); + printf("Dev/mean: %f%%\n", stdDev/mean*100); + + /** Make sure standard Deviation is good **/ + assert(stdDev/mean <= 0.1); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_03.c b/centrallix/tests/test_cxss-crypto_03.c new file mode 100644 index 000000000..e12dc48d4 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_03.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 03: Gen random key randomness"; + + + const int n = 5000; + const int b = 32; + unsigned char salts [n][b]; + unsigned char bytes [n*b]; + int freq [256]; + + /** init byte freq **/ + for(int i = 0 ; i < 256 ; i++) + { + freq[i] = 0; + } + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** get n values **/ + for(int i = 0 ; i < n ; i++) + { + int result = cxssGenerate256bitRandomKey(&salts[i][0]); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** update byte freq and store bytes **/ + for(int j = 0 ; j < b ; j++) + { + bytes[i*b + j] = salts[i][j]; + freq[salts[i][j]]++; + } + + + /** Test for duplicates**/ + for(int j = 0 ; j < i ; j++) + { + int isMatch = 1; + for(int k = 0 ; k < b ; k++) + { + isMatch &= salts[i][k] == salts[j][k]; + } + assert(!isMatch); + } + } + + /** Calculate standard dev for frequency **/ + double mean = ((double) (n*b))/256.0; + long double avgDev = 0; + for(int i = 0 ; i < 256 ; i++) + { + long double cur = (freq[i] - mean)*(freq[i] - mean); + avgDev += cur; + } + avgDev /= 256; + double stdDev = sqrt(avgDev); + + printf("Mean : %f\n", mean); + printf("Std Dev : %f\n", stdDev); + printf("Dev/mean: %f%%\n", stdDev/mean*100); + + /** Make sure standard Deviation is good **/ + assert(stdDev/mean <= 0.1); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_04.c b/centrallix/tests/test_cxss-crypto_04.c new file mode 100644 index 000000000..f0671f694 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_04.c @@ -0,0 +1,74 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 04: RSA Key Generaion"; + + int pubSize1 = 0; + int priSize1 = 0; + char* pubKey1 = NULL; + char* priKey1 = NULL; + int pubSize2 = 0; + int priSize2 = 0; + char* pubKey2 = NULL; + char* priKey2 = NULL; + + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + int result = cxssGenerateRSA4096bitKeypair(&priKey1, &priSize1, &pubKey1, &pubSize1); + assert(result == CXSS_CRYPTO_SUCCESS); + + assert(pubSize1 > 0); + assert(priSize1 > 0); + assert(pubKey1 != 0); + assert(priKey1 != 0); + + result = cxssGenerateRSA4096bitKeypair(&priKey2, &priSize2, &pubKey2, &pubSize2); + assert(result == CXSS_CRYPTO_SUCCESS); + + assert(pubSize2 > 0); + assert(priSize2 > 0); + assert(pubKey2 != 0); + assert(priKey2 != 0); + + /** make sure keys are not the same **/ + int minLen = (pubSize1 < pubSize2)? pubSize1 : pubSize2; + int isMatch = 1; + for(int i = 0 ; i < minLen ; i++) + { + isMatch &= pubKey1[i] == pubKey2[i]; + } + assert(!isMatch); + + /** now check private key **/ + minLen = (priSize1 < priSize2)? priSize1 : priSize2; + isMatch = 1; + for(int i = 0 ; i < minLen ; i++) + { + isMatch &= priKey1[i] == priKey2[i]; + } + assert(!isMatch); + + /** check for header text **/ + assert(strstr(pubKey1, "BEGIN RSA PUBLIC KEY") > 0); + assert(strstr(pubKey2, "BEGIN RSA PUBLIC KEY") > 0); + assert(strstr(priKey1, "BEGIN RSA PRIVATE KEY") > 0); + assert(strstr(priKey2, "BEGIN RSA PRIVATE KEY") > 0); + + /** now footer **/ + assert(strstr(pubKey1, "END RSA PUBLIC KEY") > 0); + assert(strstr(pubKey2, "END RSA PUBLIC KEY") > 0); + assert(strstr(priKey1, "END RSA PRIVATE KEY") > 0); + assert(strstr(priKey2, "END RSA PRIVATE KEY") > 0); + + cxssCryptoCleanup(); + + return 0; + } From 7160b07eadef99a5245f4bb23e174268c9f7f039 Mon Sep 17 00:00:00 2001 From: "nboard@cedarville.edu" Date: Thu, 30 Jun 2022 15:38:44 -0600 Subject: [PATCH 04/16] Added tests for IV, salt, and key random generation. RSA key pair generation is tested as well --- centrallix/tests/test_cxss-crypto_00.c | 16 ++++++ centrallix/tests/test_cxss-crypto_01.c | 76 ++++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_02.c | 76 ++++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_03.c | 76 ++++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_04.c | 74 +++++++++++++++++++++++++ 5 files changed, 318 insertions(+) create mode 100644 centrallix/tests/test_cxss-crypto_00.c create mode 100644 centrallix/tests/test_cxss-crypto_01.c create mode 100644 centrallix/tests/test_cxss-crypto_02.c create mode 100644 centrallix/tests/test_cxss-crypto_03.c create mode 100644 centrallix/tests/test_cxss-crypto_04.c diff --git a/centrallix/tests/test_cxss-crypto_00.c b/centrallix/tests/test_cxss-crypto_00.c new file mode 100644 index 000000000..63e568478 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_00.c @@ -0,0 +1,16 @@ +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 00: Basic Init"; + + /** Basic test of init and release */ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_01.c b/centrallix/tests/test_cxss-crypto_01.c new file mode 100644 index 000000000..2ba4738ea --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_01.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 01: Gen IV randomness"; + + + const int n = 10000; + const int b = 16; + unsigned char salts [n][b]; + unsigned char bytes [n*b]; + int freq [256]; + + /** init byte freq **/ + for(int i = 0 ; i < 256 ; i++) + { + freq[i] = 0; + } + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** get n values **/ + for(int i = 0 ; i < n ; i++) + { + int result = cxssGenerate128bitIV(&salts[i][0]); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** update byte freq and store bytes **/ + for(int j = 0 ; j < b ; j++) + { + bytes[i*b + j] = salts[i][j]; + freq[salts[i][j]]++; + } + + + /** Test for duplicates**/ + for(int j = 0 ; j < i ; j++) + { + int isMatch = 1; + for(int k = 0 ; k < b ; k++) + { + isMatch &= salts[i][k] == salts[j][k]; + } + assert(!isMatch); + } + } + + /** Calculate standard dev for frequency **/ + double mean = ((double) (n*b))/256.0; + long double avgDev = 0; + for(int i = 0 ; i < 256 ; i++) + { + long double cur = (freq[i] - mean)*(freq[i] - mean); + avgDev += cur; + } + avgDev /= 256; + double stdDev = sqrt(avgDev); + + printf("Mean : %f\n", mean); + printf("Std Dev : %f\n", stdDev); + printf("Dev/Mean: %f%%\n", stdDev/mean*100); + + /** Make sure standard Deviation is good **/ + assert(stdDev/mean <= 0.1); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_02.c b/centrallix/tests/test_cxss-crypto_02.c new file mode 100644 index 000000000..8c339c86f --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_02.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 02: Gen salt randomness"; + + + const int n = 10000; + const int b = 8; + unsigned char salts [n][b]; + unsigned char bytes [n*b]; + int freq [256]; + + /** init byte freq **/ + for(int i = 0 ; i < 256 ; i++) + { + freq[i] = 0; + } + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** get n values **/ + for(int i = 0 ; i < n ; i++) + { + int result = cxssGenerate64bitSalt(&salts[i][0]); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** update byte freq and store bytes **/ + for(int j = 0 ; j < b ; j++) + { + bytes[i*b + j] = salts[i][j]; + freq[salts[i][j]]++; + } + + + /** Test for duplicates**/ + for(int j = 0 ; j < i ; j++) + { + int isMatch = 1; + for(int k = 0 ; k < b ; k++) + { + isMatch &= salts[i][k] == salts[j][k]; + } + assert(!isMatch); + } + } + + /** Calculate standard dev for frequency **/ + double mean = ((double) (n*b))/256.0; + long double avgDev = 0; + for(int i = 0 ; i < 256 ; i++) + { + long double cur = (freq[i] - mean)*(freq[i] - mean); + avgDev += cur; + } + avgDev /= 256; + double stdDev = sqrt(avgDev); + + printf("Mean : %f\n", mean); + printf("Std Dev : %f\n", stdDev); + printf("Dev/mean: %f%%\n", stdDev/mean*100); + + /** Make sure standard Deviation is good **/ + assert(stdDev/mean <= 0.1); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_03.c b/centrallix/tests/test_cxss-crypto_03.c new file mode 100644 index 000000000..e12dc48d4 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_03.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 03: Gen random key randomness"; + + + const int n = 5000; + const int b = 32; + unsigned char salts [n][b]; + unsigned char bytes [n*b]; + int freq [256]; + + /** init byte freq **/ + for(int i = 0 ; i < 256 ; i++) + { + freq[i] = 0; + } + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** get n values **/ + for(int i = 0 ; i < n ; i++) + { + int result = cxssGenerate256bitRandomKey(&salts[i][0]); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** update byte freq and store bytes **/ + for(int j = 0 ; j < b ; j++) + { + bytes[i*b + j] = salts[i][j]; + freq[salts[i][j]]++; + } + + + /** Test for duplicates**/ + for(int j = 0 ; j < i ; j++) + { + int isMatch = 1; + for(int k = 0 ; k < b ; k++) + { + isMatch &= salts[i][k] == salts[j][k]; + } + assert(!isMatch); + } + } + + /** Calculate standard dev for frequency **/ + double mean = ((double) (n*b))/256.0; + long double avgDev = 0; + for(int i = 0 ; i < 256 ; i++) + { + long double cur = (freq[i] - mean)*(freq[i] - mean); + avgDev += cur; + } + avgDev /= 256; + double stdDev = sqrt(avgDev); + + printf("Mean : %f\n", mean); + printf("Std Dev : %f\n", stdDev); + printf("Dev/mean: %f%%\n", stdDev/mean*100); + + /** Make sure standard Deviation is good **/ + assert(stdDev/mean <= 0.1); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_04.c b/centrallix/tests/test_cxss-crypto_04.c new file mode 100644 index 000000000..f0671f694 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_04.c @@ -0,0 +1,74 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 04: RSA Key Generaion"; + + int pubSize1 = 0; + int priSize1 = 0; + char* pubKey1 = NULL; + char* priKey1 = NULL; + int pubSize2 = 0; + int priSize2 = 0; + char* pubKey2 = NULL; + char* priKey2 = NULL; + + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + int result = cxssGenerateRSA4096bitKeypair(&priKey1, &priSize1, &pubKey1, &pubSize1); + assert(result == CXSS_CRYPTO_SUCCESS); + + assert(pubSize1 > 0); + assert(priSize1 > 0); + assert(pubKey1 != 0); + assert(priKey1 != 0); + + result = cxssGenerateRSA4096bitKeypair(&priKey2, &priSize2, &pubKey2, &pubSize2); + assert(result == CXSS_CRYPTO_SUCCESS); + + assert(pubSize2 > 0); + assert(priSize2 > 0); + assert(pubKey2 != 0); + assert(priKey2 != 0); + + /** make sure keys are not the same **/ + int minLen = (pubSize1 < pubSize2)? pubSize1 : pubSize2; + int isMatch = 1; + for(int i = 0 ; i < minLen ; i++) + { + isMatch &= pubKey1[i] == pubKey2[i]; + } + assert(!isMatch); + + /** now check private key **/ + minLen = (priSize1 < priSize2)? priSize1 : priSize2; + isMatch = 1; + for(int i = 0 ; i < minLen ; i++) + { + isMatch &= priKey1[i] == priKey2[i]; + } + assert(!isMatch); + + /** check for header text **/ + assert(strstr(pubKey1, "BEGIN RSA PUBLIC KEY") > 0); + assert(strstr(pubKey2, "BEGIN RSA PUBLIC KEY") > 0); + assert(strstr(priKey1, "BEGIN RSA PRIVATE KEY") > 0); + assert(strstr(priKey2, "BEGIN RSA PRIVATE KEY") > 0); + + /** now footer **/ + assert(strstr(pubKey1, "END RSA PUBLIC KEY") > 0); + assert(strstr(pubKey2, "END RSA PUBLIC KEY") > 0); + assert(strstr(priKey1, "END RSA PRIVATE KEY") > 0); + assert(strstr(priKey2, "END RSA PRIVATE KEY") > 0); + + cxssCryptoCleanup(); + + return 0; + } From 03349273948a59a0e81a2d00b04c02a7d5fe9710 Mon Sep 17 00:00:00 2001 From: nboard Date: Tue, 5 Jul 2022 16:21:01 -0600 Subject: [PATCH 05/16] Added tests for encrypting and decrypting with RSA and AES, as well as key destruction and keys generated from passwords. --- centrallix/tests/test_cxss-credDB_00.c | 14 ++++ centrallix/tests/test_cxss-crypto_02.c | 2 +- centrallix/tests/test_cxss-crypto_04.c | 2 +- centrallix/tests/test_cxss-crypto_05.c | 103 +++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_06.c | 79 +++++++++++++++++++ centrallix/tests/test_cxss-crypto_07.c | 59 ++++++++++++++ centrallix/tests/test_cxss-crypto_08.c | 66 ++++++++++++++++ 7 files changed, 323 insertions(+), 2 deletions(-) create mode 100644 centrallix/tests/test_cxss-credDB_00.c create mode 100644 centrallix/tests/test_cxss-crypto_05.c create mode 100644 centrallix/tests/test_cxss-crypto_06.c create mode 100644 centrallix/tests/test_cxss-crypto_07.c create mode 100644 centrallix/tests/test_cxss-crypto_08.c diff --git a/centrallix/tests/test_cxss-credDB_00.c b/centrallix/tests/test_cxss-credDB_00.c new file mode 100644 index 000000000..d6172cea5 --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_00.c @@ -0,0 +1,14 @@ +#include +#include +#include "cxss/credentials_db.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 00: Basic Init"; + + /** Basic test of init and release */ + + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_02.c b/centrallix/tests/test_cxss-crypto_02.c index 8c339c86f..10b0f246a 100644 --- a/centrallix/tests/test_cxss-crypto_02.c +++ b/centrallix/tests/test_cxss-crypto_02.c @@ -28,7 +28,7 @@ test(char** name) /** get n values **/ for(int i = 0 ; i < n ; i++) { - int result = cxssGenerate64bitSalt(&salts[i][0]); + int result = cxssGenerate64bitSalt(salts[i]); assert(result == CXSS_CRYPTO_SUCCESS); /** update byte freq and store bytes **/ diff --git a/centrallix/tests/test_cxss-crypto_04.c b/centrallix/tests/test_cxss-crypto_04.c index f0671f694..acde55a53 100644 --- a/centrallix/tests/test_cxss-crypto_04.c +++ b/centrallix/tests/test_cxss-crypto_04.c @@ -6,7 +6,7 @@ long long test(char** name) { - *name = "CXSS Crypto 04: RSA Key Generaion"; + *name = "CXSS Crypto 04: RSA Key Generation"; int pubSize1 = 0; int priSize1 = 0; diff --git a/centrallix/tests/test_cxss-crypto_05.c b/centrallix/tests/test_cxss-crypto_05.c new file mode 100644 index 000000000..a01d33abc --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_05.c @@ -0,0 +1,103 @@ +#include +#include +#include +#include "cxss/crypto.h" + + +long long +test(char** name) + { + *name = "CXSS Crypto 05: RSA Encyrpt and Decrypt"; + + char * short1 = "a quick test"; + char * short2 = "a diff test."; + char * data = "For God so loved the world that he gave his only begoten son, that whoever belives in him shall not perish but have everlasting life"; + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + /** Generate keys for use **/ + int pubSize1 = 0; + int privSize1 = 0; + char* pubKey1 = NULL; + char* privKey1 = NULL; + + int result = cxssGenerateRSA4096bitKeypair(&privKey1, &privSize1, &pubKey1, &pubSize1); + assert(result == CXSS_CRYPTO_SUCCESS); + + int pubSize2 = 0; + int privSize2 = 0; + char* pubKey2 = NULL; + char* privKey2 = NULL; + + result = cxssGenerateRSA4096bitKeypair(&privKey2, &privSize2, &pubKey2, &pubSize2); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** Test encryption for key 1**/ + size_t dataLen = strlen(data); + int cipherLen = 4096; + char ciphertext[4096]; + + result = cxssEncryptRSA(data, dataLen, pubKey1, pubSize1, ciphertext, &cipherLen); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(ciphertext != NULL); + assert(cipherLen > 0); + assert(strcmp(data, ciphertext) != 0); + + /** test decryption for key 1 **/ + char plaintext[4096]; + int plainLen = 0; + + result = cxssDecryptRSA(ciphertext, cipherLen, privKey1, privSize1, plaintext, &plainLen); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(plaintext != NULL); + assert(plainLen > 0); + assert(strcmp(data, plaintext) == 0); + + /** make sure different messages with same key are not the same **/ + int cipherLen2 = 4096; + char ciphertext2[4096]; + + result = cxssEncryptRSA(short1, strlen(short1), pubKey1, pubSize1, ciphertext, &cipherLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssEncryptRSA(short2, strlen(short2), pubKey1, pubSize1, ciphertext2, &cipherLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext, ciphertext2) != 0); + + /** make sure same data and same key do not match (padding) but decrypt correctly **/ + result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext, &cipherLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext2, &cipherLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext, ciphertext2) != 0); + + int plainLen2 = 4096; + char plaintext2[4096]; + + result = cxssDecryptRSA(ciphertext, cipherLen, privKey1, privSize1, plaintext, &plainLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssDecryptRSA(ciphertext2, cipherLen2, privKey1, privSize1, plaintext2, &plainLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(plaintext, plaintext2) == 0); + + + /** make sure same data and different key are not the same, but match on decrypt **/ + result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext, &cipherLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey2, pubSize2, ciphertext2, &cipherLen2);; + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext, ciphertext2) != 0); + + result = cxssDecryptRSA(ciphertext, cipherLen, privKey1, privSize1, plaintext, &plainLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssDecryptRSA(ciphertext2, cipherLen2, privKey2, privSize2, plaintext2, &plainLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(plaintext, plaintext2) == 0); + assert(strcmp(plaintext, short1) == 0); + + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_06.c b/centrallix/tests/test_cxss-crypto_06.c new file mode 100644 index 000000000..84aca69a4 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_06.c @@ -0,0 +1,79 @@ +#include +#include +#include +#include "cxss/crypto.h" + + +long long +test(char** name) + { + *name = "CXSS Crypto 06: AES Encyrpt and Decrypt"; + + char * short1 = "a quick test"; + char * short2 = "a diff test."; + char * data = "For God so loved the world that he gave his only begotten son, that whoever belives in him shall not perish but have everlasting life"; + + /** Setup **/ + cxss_internal_InitEntropy(1280); + cxssCryptoInit(); + + /** test encrypt changes data **/ + char key1 [32]; + char iv1 [16]; + char* ciphertext1 = NULL; + int cipherLen1 = 0; + + int result = cxssGenerate256bitRandomKey(&key1); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate128bitIV(&iv1); + assert(result == CXSS_CRYPTO_SUCCESS); + + result = cxssEncryptAES256(data, strlen(data)+1, key1, iv1, &ciphertext1, &cipherLen1); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(data, ciphertext1) != 0); + + /** test decrpty restores data **/ + char* plaintext1 = NULL; + int plainLen1 = 0; + + result = cxssDecryptAES256(ciphertext1, cipherLen1, key1, iv1, &plaintext1, &plainLen1); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(data, plaintext1) == 0); + assert(cxssAES256CiphertextLength(plainLen1) == cipherLen1); /* check length prediction */ + + /** make sure same key, iv, and text comes out the same **/ + char* ciphertext2 = NULL; + int cipherLen2 = 0; + + result = cxssEncryptAES256(data, strlen(data)+1, key1, iv1, &ciphertext2, &cipherLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext2, ciphertext1) == 0); + assert(cipherLen1 == cipherLen2); + + /** make sure same key, iv with idfferent text is different. **/ + result = cxssEncryptAES256(short1, strlen(short1)+1, key1, iv1, &ciphertext1, &cipherLen1); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssEncryptAES256(short2, strlen(short2)+1, key1, iv1, &ciphertext2, &cipherLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext2, ciphertext1) != 0); + + /** make sure changing the IV changes it **/ + char iv2 [16]; + result = cxssGenerate128bitIV(&iv2); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssEncryptAES256(short1, strlen(short1)+1, key1, iv2, &ciphertext2, &cipherLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext2, ciphertext1) != 0); + + /** make sure key changes it **/ + char key2 [32]; + result = cxssGenerate256bitRandomKey(&key2); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssEncryptAES256(short1, strlen(short1)+1, key2, iv1, &ciphertext2, &cipherLen2); + assert(result == CXSS_CRYPTO_SUCCESS); + assert(strcmp(ciphertext2, ciphertext1) != 0); + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_07.c b/centrallix/tests/test_cxss-crypto_07.c new file mode 100644 index 000000000..d5a676968 --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_07.c @@ -0,0 +1,59 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Crypto 07: RSA Key Destruction"; + + int pubSize = 0; + int priSize = 0; + char* pubKey = NULL; + char* priKey = NULL; + + + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + int result = cxssGenerateRSA4096bitKeypair(&priKey, &priSize, &pubKey, &pubSize); + assert(result == CXSS_CRYPTO_SUCCESS); + + + /** Make sure it is able to destroy the public key **/ + char* backup; + backup = nmSysMalloc(pubSize); + strcpy(backup, pubKey); + + cxssDestroyKey(pubKey, pubSize); + int match = 0; + for(int i = 0 ; i < pubSize ; i++) + { + if(pubKey[i] == backup[i]) match++; + } + /** Data is deallocated so may have new data in it. Assert no more than twice the + ** number of matches expected from random chance + **/ + assert(match < (((pubSize/256)+1))*2); + nmFree(backup, pubSize); + + /** now test on private key **/ + backup = nmSysMalloc(priSize); + strcpy(backup, priKey); + + cxssDestroyKey(priKey, priSize); + match = 0; + for(int i = 0 ; i < priSize ; i++) + { + if(priKey[i] == backup[i]) match++; + } + + assert(match < (((priSize/256)+1))*2); + nmFree(backup, priSize); + + cxssCryptoCleanup(); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_08.c b/centrallix/tests/test_cxss-crypto_08.c new file mode 100644 index 000000000..c29cd71ff --- /dev/null +++ b/centrallix/tests/test_cxss-crypto_08.c @@ -0,0 +1,66 @@ +#include +#include +#include +#include "cxss/crypto.h" + +long long +test(char** name) + { + /** Setup **/ + cxss_internal_InitEntropy(1280); /* must be into first */ + cxssCryptoInit(); + + *name = "CXSS Crypto 08: Gen key from password"; + + char key1[32]; + char key2[32]; + unsigned char salt1[12]; + unsigned char salt2[8]; + char * test = salt1; + + int result = cxssGenerate64bitSalt(test); + assert(result == CXSS_CRYPTO_SUCCESS); + + /** check consistency **/ + result = cxssGenerate256bitPasswordBasedKey("password", salt1, key1); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate256bitPasswordBasedKey("password", salt1, key2); + assert(result == CXSS_CRYPTO_SUCCESS); + + for(int i = 0 ; i < 32 ; i++) + { + assert(key1[i] == key2[i]); + } + + /** check that salts change result **/ + result = cxssGenerate64bitSalt(salt2); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate256bitPasswordBasedKey("password", salt1, key1); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate256bitPasswordBasedKey("password", salt2, key2); + assert(result == CXSS_CRYPTO_SUCCESS); + + int isMatch = 1; + for(int i = 0 ; i < 32 ; i++) + { + isMatch &= (key1[i] == key2[i]); + } + assert(!isMatch); + + /** check that passfrase matters **/ + result = cxssGenerate256bitPasswordBasedKey("password", salt1, key1); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate256bitPasswordBasedKey("newFraze", salt1, key2); + assert(result == CXSS_CRYPTO_SUCCESS); + + isMatch = 1; + for(int i = 0 ; i < 32 ; i++) + { + isMatch &= (key1[i] == key2[i]); + } + assert(!isMatch); + + cxssCryptoCleanup(); + + return 0; + } From cfde138af89fa248dce90ecba48a16d0f0806f00 Mon Sep 17 00:00:00 2001 From: nboard Date: Wed, 6 Jul 2022 14:18:53 -0600 Subject: [PATCH 06/16] Added tests for database auth and user tables. Updated typos in Crypto tests. --- centrallix/tests/test_cxss-credDB_00.c | 8 +- centrallix/tests/test_cxss-credDB_01.c | 139 ++++++++++++++++++++++++ centrallix/tests/test_cxss-credDB_02.c | 144 +++++++++++++++++++++++++ centrallix/tests/test_cxss-crypto_01.c | 10 +- centrallix/tests/test_cxss-crypto_03.c | 10 +- 5 files changed, 300 insertions(+), 11 deletions(-) create mode 100644 centrallix/tests/test_cxss-credDB_01.c create mode 100644 centrallix/tests/test_cxss-credDB_02.c diff --git a/centrallix/tests/test_cxss-credDB_00.c b/centrallix/tests/test_cxss-credDB_00.c index d6172cea5..b5b2a5142 100644 --- a/centrallix/tests/test_cxss-credDB_00.c +++ b/centrallix/tests/test_cxss-credDB_00.c @@ -7,8 +7,14 @@ test(char** name) { *name = "CXSS Cred DB 00: Basic Init"; - /** Basic test of init and release */ + /** Basic test of init and release */ + char * PATH = "/home/devel/test.db"; + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + + assert(dbCon != NULL); + + cxssCredentialsDatabaseClose(dbCon); return 0; } diff --git a/centrallix/tests/test_cxss-credDB_01.c b/centrallix/tests/test_cxss-credDB_01.c new file mode 100644 index 000000000..bc68277c2 --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_01.c @@ -0,0 +1,139 @@ +#include +#include +#include "cxss/credentials_db.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 01: Test user table"; + + /** Set up DB. **/ + char * PATH = "/home/devel/test.db"; + + /** Reset DB file if needed **/ + if(access(PATH, 0) == 0) + { + assert(remove(PATH) == 0); + } + assert(access(PATH, 0) != 0); + + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + assert(dbCon != NULL); + + + /*** Insert ***/ + + /** insert one entry **/ + CXSS_UserData data; + data.CXSS_UserID = "1"; + data.PublicKey = "not a real public key"; + data.DateCreated = "7/5/2022"; + data.DateLastUpdated = "7/4/2022"; + data.KeyLength = strlen(data.PublicKey); + int result = cxssInsertUserData(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + + /*** Retrieve ***/ + + /** retrieve: **/ + CXSS_UserData retData; + result = cxssRetrieveUserData(dbCon, data.CXSS_UserID, &retData); + assert(result == CXSS_DB_SUCCESS); + + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.PublicKey, retData.PublicKey) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.KeyLength == retData.KeyLength); + + /** retrive item not in DB **/ + CXSS_UserData noData; + result = cxssRetrieveUserData(dbCon, "2", &noData); + assert(result == CXSS_DB_QUERY_ERROR); + + + /*** Update ***/ + + /** update one field **/ + data.PublicKey = "yet another fake key."; + result = cxssUpdateUserData(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserData(dbCon, data.CXSS_UserID, &retData); + assert(result == CXSS_DB_SUCCESS); + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); /* only this field changed */ + assert(strcmp(data.PublicKey, retData.PublicKey) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.KeyLength == retData.KeyLength); + + /** update all fields **/ + data.PublicKey = "-----BEGIN RSA PUBLIC KEY-----\n\ + MIICCgKCAgEAw4/Eqoi/sBB/O+gFne66/UAnico6oVncS1kn42iQ4aV/2zHha0ML\n\ + EozmpD97v6TPumdqQNdudkL2FATHouaegGLuz2Mj+njVcNLtaNcXmDsgw7Nzn8HV\n\ + k+XiPk3T2tq/LuqdrYjC9tgl0RAWsqIpx3k6MNhNGR63n5WpvTLPLF1m3upGWcx8\n\ + jUflMuy3fmw+Jd0nr0gbrENYDcqy9AayouCWtC7MVXSghISXYRqNQ6M1tSACMGjY\n\ + f1lsBQ/gieI7GZseitI5DP4uHzDWgPu8+nqIbLS/Ugf90H5cf16IB1GUIA77TjO4\n\ + J/c51xi9uDlCofPX2BkRxrehSt+nBUxKMR5qdbDA3+SsUUJfk4RLi4rdJOauBvNL\n\ + S0N4P+K4H45yLMe4mtFeBNxiaGgKmv2R6YTRrQmGVrqyve/9Bg99xM7xcVVCjCME\n\ + SbNMdr/bc0Pc0yJTdyY04cH0SbLs46/sQ4j22zc6bggdzKZQ9HchdJoSx+VbOf8G\n\ + ZlhzqJ9JEsH/+MRi9iGikMtCcZY4tFVC7iHVhJzCQ5lRB0MECtGVEPEcx2Oldfh9\n\ + 3L3wuhMx+mNoeMJYXjdK9/qQSgcqGsJZEgJHG3uMfEKrHyJaNHfnlDCEsgUpHD6l\n\ + ITs60TTQbDAdLipygnF3MRPk0WMlx74HxbKRbJDzZc2v936KiFxqVh0CAwEAAQ==\n\ + -----END RSA PUBLIC KEY-----"; + data.DateCreated = "1/2/2034"; + data.DateLastUpdated = "4/3/2010"; + data.KeyLength = strlen(data.PublicKey); + + result = cxssUpdateUserData(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserData(dbCon, data.CXSS_UserID, &retData); + assert(result == CXSS_DB_SUCCESS); + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.PublicKey, retData.PublicKey) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) != 0); /* the date created cannot be updted. */ + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.KeyLength == retData.KeyLength); + + /** update item not in db **/ + data.CXSS_UserID = "2"; + data.PublicKey = "back to fake"; + data.DateCreated = "not a date"; + data.DateLastUpdated = "this isn't either"; + data.KeyLength = strlen(data.PublicKey); + result = cxssUpdateUserData(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserData(dbCon, data.CXSS_UserID, &noData); + assert(result == CXSS_DB_QUERY_ERROR); /* Should not have created anything new*/ + + result = cxssRetrieveUserData(dbCon, "1", &retData); + assert(result == CXSS_DB_SUCCESS); + /* these should not match */ + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) != 0); + assert(strcmp(data.PublicKey, retData.PublicKey) != 0); + assert(strcmp(data.DateCreated, retData.DateCreated) != 0); /* the date created cannot be updated. */ + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) != 0); + assert(data.KeyLength != retData.KeyLength); + + + /** Delete **/ + + /** delete entry **/ + result = cxssDeleteUserData(dbCon, "1"); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserData(dbCon, "1", &noData); /* attempt to retrieve */ + assert(result == CXSS_DB_QUERY_ERROR); + + /** attempt to delete item not there **/ + result = cxssDeleteUserData(dbCon, "2"); + assert(result == CXSS_DB_SUCCESS); /* deleting always works; does not check for change */ + + + cxssCredentialsDatabaseClose(dbCon); + + return 0; + } diff --git a/centrallix/tests/test_cxss-credDB_02.c b/centrallix/tests/test_cxss-credDB_02.c new file mode 100644 index 000000000..435c72bc2 --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_02.c @@ -0,0 +1,144 @@ +#include +#include +#include "cxss/credentials_db.h" +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 02: Test auth table"; + + /** Set up DB. **/ + char * PATH = "/home/devel/test.db"; + + /** Reset DB file if needed **/ + if(access(PATH, 0) == 0) + { + assert(remove(PATH) == 0); + } + assert(access(PATH, 0) != 0); + + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + assert(dbCon != NULL); + + + /*** Insert ***/ + + /** insert one entry **/ + char* pubKey; + size_t pubLen; + char saltBuf[8]; + char ivBuf[16]; + + CXSS_UserAuth data; + data.PrivateKeyIV = &ivBuf; + data.Salt = &saltBuf; + + /** generate valid inputs for key, salt, iv, and their lengths **/ + cxss_internal_InitEntropy(1280); + cxssCryptoInit(); + int result = cxssGenerateRSA4096bitKeypair(&data.PrivateKey, &data.KeyLength, &pubKey, &pubLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate64bitSalt(saltBuf); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate128bitIV(ivBuf); + assert(result == CXSS_CRYPTO_SUCCESS); + cxssCryptoCleanup(); + + data.CXSS_UserID = "1"; + data.DateCreated = "01/02/2003"; + data.DateLastUpdated = "7/4/2022"; + data.RemovalFlag = 0; + data.SaltLength = 8; + data.IVLength = 16; + + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + + /*** Retrieve ***/ + + /** retrieve: **/ + CXSS_UserAuth retData; + result = cxssRetrieveUserAuth(dbCon, data.CXSS_UserID, &retData); + assert(result == CXSS_DB_SUCCESS); + + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(memcmp(data.Salt, retData.Salt, 8) == 0); + assert(memcmp(data.PrivateKey, retData.PrivateKey, data.KeyLength) == 0); + assert(memcmp(data.PrivateKeyIV, retData.PrivateKeyIV, 16) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.RemovalFlag == retData.RemovalFlag); + assert(data.KeyLength == retData.KeyLength); + assert(data.SaltLength == retData.SaltLength); + assert(data.IVLength == retData.IVLength); + + /** retrive item not in DB **/ + CXSS_UserAuth noData; + result = cxssRetrieveUserAuth(dbCon, "2", &noData); + assert(result == CXSS_DB_QUERY_ERROR); + + + /** NOTE: cannot perform updates on the auth table **/ + + + /*** Delete ***/ + + /** delete entry (only way to do it is to delete all of the user's records) **/ + result = cxssDeleteAllUserAuth(dbCon, "1"); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserAuth(dbCon, "1", &noData); /* attempt to retrieve */ + assert(result == CXSS_DB_QUERY_ERROR); + + /** attempt to delete item not there **/ + result = cxssDeleteAllUserAuth(dbCon, "2"); + assert(result == CXSS_DB_SUCCESS); /* deleting always works; does not check for change */ + + /** create multiple entries for deleting **/ + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + /** steal values from data **/ + CXSS_UserAuth data2; + data2.PrivateKeyIV = &ivBuf; + data2.Salt = &saltBuf; + data2.PrivateKey = data.PrivateKey; + data2.KeyLength = data.KeyLength; + data2.CXSS_UserID = "1"; + data2.DateCreated = "a diff value"; + data2.DateLastUpdated = "a diff value"; + data2.RemovalFlag = 1; + data2.SaltLength = 8; + data2.IVLength = 16; + + result = cxssInsertUserAuth(dbCon, &data2); + assert(result == CXSS_DB_SUCCESS); + + /** check retreival (should just be data again) **/ + result = cxssRetrieveUserAuth(dbCon, data.CXSS_UserID, &retData); + assert(result == CXSS_DB_SUCCESS); + + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(memcmp(data.Salt, retData.Salt, 8) == 0); + assert(memcmp(data.PrivateKey, retData.PrivateKey, data.KeyLength) == 0); + assert(memcmp(data.PrivateKeyIV, retData.PrivateKeyIV, 16) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.RemovalFlag == retData.RemovalFlag); + assert(data.KeyLength == retData.KeyLength); + assert(data.SaltLength == retData.SaltLength); + assert(data.IVLength == retData.IVLength); + + /** now delete both **/ + result = cxssDeleteAllUserAuth(dbCon, "1"); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserAuth(dbCon, "1", &noData); /* attempt to retrieve */ + assert(result == CXSS_DB_QUERY_ERROR); + + cxssCredentialsDatabaseClose(dbCon); + + return 0; + } diff --git a/centrallix/tests/test_cxss-crypto_01.c b/centrallix/tests/test_cxss-crypto_01.c index 2ba4738ea..6b5ea9a23 100644 --- a/centrallix/tests/test_cxss-crypto_01.c +++ b/centrallix/tests/test_cxss-crypto_01.c @@ -11,7 +11,7 @@ test(char** name) const int n = 10000; const int b = 16; - unsigned char salts [n][b]; + unsigned char ivs [n][b]; unsigned char bytes [n*b]; int freq [256]; @@ -28,14 +28,14 @@ test(char** name) /** get n values **/ for(int i = 0 ; i < n ; i++) { - int result = cxssGenerate128bitIV(&salts[i][0]); + int result = cxssGenerate128bitIV(&ivs[i][0]); assert(result == CXSS_CRYPTO_SUCCESS); /** update byte freq and store bytes **/ for(int j = 0 ; j < b ; j++) { - bytes[i*b + j] = salts[i][j]; - freq[salts[i][j]]++; + bytes[i*b + j] = ivs[i][j]; + freq[ivs[i][j]]++; } @@ -45,7 +45,7 @@ test(char** name) int isMatch = 1; for(int k = 0 ; k < b ; k++) { - isMatch &= salts[i][k] == salts[j][k]; + isMatch &= ivs[i][k] == ivs[j][k]; } assert(!isMatch); } diff --git a/centrallix/tests/test_cxss-crypto_03.c b/centrallix/tests/test_cxss-crypto_03.c index e12dc48d4..837448200 100644 --- a/centrallix/tests/test_cxss-crypto_03.c +++ b/centrallix/tests/test_cxss-crypto_03.c @@ -11,7 +11,7 @@ test(char** name) const int n = 5000; const int b = 32; - unsigned char salts [n][b]; + unsigned char keys [n][b]; unsigned char bytes [n*b]; int freq [256]; @@ -28,14 +28,14 @@ test(char** name) /** get n values **/ for(int i = 0 ; i < n ; i++) { - int result = cxssGenerate256bitRandomKey(&salts[i][0]); + int result = cxssGenerate256bitRandomKey(&keys[i][0]); assert(result == CXSS_CRYPTO_SUCCESS); /** update byte freq and store bytes **/ for(int j = 0 ; j < b ; j++) { - bytes[i*b + j] = salts[i][j]; - freq[salts[i][j]]++; + bytes[i*b + j] = keys[i][j]; + freq[keys[i][j]]++; } @@ -45,7 +45,7 @@ test(char** name) int isMatch = 1; for(int k = 0 ; k < b ; k++) { - isMatch &= salts[i][k] == salts[j][k]; + isMatch &= keys[i][k] == keys[j][k]; } assert(!isMatch); } From 507e233862a3769c07b081bbe8d5f1372e335c4a Mon Sep 17 00:00:00 2001 From: nboard Date: Thu, 7 Jul 2022 11:41:41 -0600 Subject: [PATCH 07/16] Added error for updates and deletes that do not affect any rows --- centrallix/cxss/cxss_credentials_db.c | 30 ++++++++++++++++++++++-- centrallix/include/cxss/credentials_db.h | 2 ++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/centrallix/cxss/cxss_credentials_db.c b/centrallix/cxss/cxss_credentials_db.c index 4aad0afcb..4f582f332 100644 --- a/centrallix/cxss/cxss_credentials_db.c +++ b/centrallix/cxss/cxss_credentials_db.c @@ -643,6 +643,11 @@ cxssUpdateUserData(CXSS_DB_Context_t dbcontext, CXSS_UserData *UserData) mssError(0, "CXSS", "Failed to update user\n"); return CXSS_DB_QUERY_ERROR; } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No user found to update\n"); + return CXSS_DB_NOENT_ERROR; + } + return CXSS_DB_SUCCESS; bind_error: @@ -697,10 +702,15 @@ cxssUpdateUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc) } /* Execute query */ - if (sqlite3_step(dbcontext->update_user_stmt) != SQLITE_DONE) { + if (sqlite3_step(dbcontext->update_resc_stmt) != SQLITE_DONE) { mssError(0, "CXSS", "Failed to update resource\n"); return CXSS_DB_QUERY_ERROR; } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No resource found to update\n"); + return CXSS_DB_NOENT_ERROR; + } + return CXSS_DB_SUCCESS; bind_error: @@ -731,6 +741,10 @@ cxssDeleteUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid) mssError(0, "CXSS", "Failed to delete user\n"); return CXSS_DB_QUERY_ERROR; } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No user found to delete\n"); + return CXSS_DB_NOENT_ERROR; + } return CXSS_DB_SUCCESS; bind_error: @@ -767,6 +781,10 @@ cxssDeleteUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, mssError(0, "CXSS", "Failed to delete resource\n"); return CXSS_DB_QUERY_ERROR; } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No resource found to delete\n"); + return CXSS_DB_NOENT_ERROR; + } return CXSS_DB_SUCCESS; bind_error: @@ -794,9 +812,13 @@ cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid) /* Execute query */ if (sqlite3_step(dbcontext->delete_user_auths_stmt) != SQLITE_DONE) { - mssError(0, "CXSS", "Failed to delete resource\n"); + mssError(0, "CXSS", "Failed to delete user auths\n"); return CXSS_DB_QUERY_ERROR; } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No user auths found to delete\n"); + return CXSS_DB_NOENT_ERROR; + } return CXSS_DB_SUCCESS; bind_error: @@ -827,6 +849,10 @@ cxssDeleteAllUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid) mssError(0, "CXSS", "Failed to delete resource\n"); return CXSS_DB_QUERY_ERROR; } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No resources found to delete\n"); + return CXSS_DB_NOENT_ERROR; + } return CXSS_DB_SUCCESS; bind_error: diff --git a/centrallix/include/cxss/credentials_db.h b/centrallix/include/cxss/credentials_db.h index 67461843b..1acb191a8 100644 --- a/centrallix/include/cxss/credentials_db.h +++ b/centrallix/include/cxss/credentials_db.h @@ -3,6 +3,7 @@ #include #include +#include /* DB Context struct */ typedef struct _CXSS_DB_Context_t { @@ -71,6 +72,7 @@ typedef struct _CXSS_LLNode { } CXSS_UserAuth_LLNode; typedef enum { + CXSS_DB_NOENT_ERROR = -ENOENT, CXSS_DB_SETUP_ERROR = -3, CXSS_DB_BIND_ERROR = -2, CXSS_DB_QUERY_ERROR = -1, From 6e8dd74ca2bf196252c1cdb2c1ee59cbd6e92886 Mon Sep 17 00:00:00 2001 From: nboard Date: Thu, 7 Jul 2022 11:44:08 -0600 Subject: [PATCH 08/16] added tests for user resource, and updated tests to expect updates and deletes that affect no rows to fail --- centrallix/tests/test_cxss-credDB_01.c | 4 +- centrallix/tests/test_cxss-credDB_02.c | 2 +- centrallix/tests/test_cxss-credDB_03.c | 223 +++++++++++++++++++++++++ 3 files changed, 226 insertions(+), 3 deletions(-) create mode 100644 centrallix/tests/test_cxss-credDB_03.c diff --git a/centrallix/tests/test_cxss-credDB_01.c b/centrallix/tests/test_cxss-credDB_01.c index bc68277c2..92d538678 100644 --- a/centrallix/tests/test_cxss-credDB_01.c +++ b/centrallix/tests/test_cxss-credDB_01.c @@ -104,7 +104,7 @@ test(char** name) data.DateLastUpdated = "this isn't either"; data.KeyLength = strlen(data.PublicKey); result = cxssUpdateUserData(dbCon, &data); - assert(result == CXSS_DB_SUCCESS); + assert(result == CXSS_DB_NOENT_ERROR); result = cxssRetrieveUserData(dbCon, data.CXSS_UserID, &noData); assert(result == CXSS_DB_QUERY_ERROR); /* Should not have created anything new*/ @@ -130,7 +130,7 @@ test(char** name) /** attempt to delete item not there **/ result = cxssDeleteUserData(dbCon, "2"); - assert(result == CXSS_DB_SUCCESS); /* deleting always works; does not check for change */ + assert(result == CXSS_DB_NOENT_ERROR); /* deleting always works; does not check for change */ cxssCredentialsDatabaseClose(dbCon); diff --git a/centrallix/tests/test_cxss-credDB_02.c b/centrallix/tests/test_cxss-credDB_02.c index 435c72bc2..39aeeed50 100644 --- a/centrallix/tests/test_cxss-credDB_02.c +++ b/centrallix/tests/test_cxss-credDB_02.c @@ -94,7 +94,7 @@ test(char** name) /** attempt to delete item not there **/ result = cxssDeleteAllUserAuth(dbCon, "2"); - assert(result == CXSS_DB_SUCCESS); /* deleting always works; does not check for change */ + assert(result == CXSS_DB_NOENT_ERROR); /** create multiple entries for deleting **/ result = cxssInsertUserAuth(dbCon, &data); diff --git a/centrallix/tests/test_cxss-credDB_03.c b/centrallix/tests/test_cxss-credDB_03.c new file mode 100644 index 000000000..f36a2d41f --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_03.c @@ -0,0 +1,223 @@ +#include +#include +#include "cxss/credentials_db.h" +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 03: resource table basic tests "; + + /** Set up DB. **/ + char * PATH = "/home/devel/test.db"; + + /** Reset DB file if needed **/ + if(access(PATH, 0) == 0) + { + assert(remove(PATH) == 0); + } + assert(access(PATH, 0) != 0); + + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + assert(dbCon != NULL); + + + /*** Insert ***/ + + /** generate valid inputs for key, salt, iv, and their lengths **/ + char key[32]; + char uNameIV[16]; + char aDataIV[16]; + cxss_internal_InitEntropy(1280); + cxssCryptoInit(); + int result = cxssGenerate256bitRandomKey(&key); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate64bitSalt(uNameIV); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate128bitIV(aDataIV); + assert(result == CXSS_CRYPTO_SUCCESS); + cxssCryptoCleanup(); + + + /** insert one entry **/ + CXSS_UserResc data; + data.CXSS_UserID = "1"; + data.ResourceID = "1"; + data.AuthClass = "something"; + data.AESKey = key; + data.UsernameIV = uNameIV; + data.AuthDataIV = aDataIV; + data.ResourceUsername = "aUsername"; + data.ResourceAuthData = "some auth data"; + data.DateCreated = "7/5/2022"; + data.DateLastUpdated = "7/4/2022"; + data.AESKeyLength = 32; + data.UsernameIVLength = 16; + data.AuthDataIVLength = 16; + data.UsernameLength = strlen(data.ResourceUsername); + data.AuthDataLength = strlen(data.ResourceAuthData); + + result = cxssInsertUserResc(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + + /*** Retrieve ***/ + + /** retrieve: **/ + CXSS_UserResc retData; + result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &retData); + assert(result == CXSS_DB_SUCCESS); + + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.ResourceID, retData.ResourceID) == 0); + assert(strcmp(data.AuthClass, retData.AuthClass) == 0); + assert(memcmp(data.AESKey, retData.AESKey, 32) == 0); + assert(memcmp(data.UsernameIV, retData.UsernameIV, 16) == 0); + assert(memcmp(data.AuthDataIV, retData.AuthDataIV, 16) == 0); + assert(strcmp(data.ResourceUsername, retData.ResourceUsername) == 0); + assert(strcmp(data.ResourceAuthData, retData.ResourceAuthData) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.AESKeyLength == retData.AESKeyLength); + assert(data.UsernameIVLength == retData.UsernameIVLength); + assert(data.AuthDataIVLength == retData.AuthDataIVLength); + assert(data.UsernameLength == retData.UsernameLength); + assert(data.AuthDataLength == retData.AuthDataLength); + + /** retrive item not in DB **/ + CXSS_UserResc noData; + result = cxssRetrieveUserResc(dbCon, "2", "1", &noData); + assert(result == CXSS_DB_QUERY_ERROR); + + + /*** Update ***/ + + /** update one field **/ + data.DateLastUpdated = "2/2/22"; + result = cxssUpdateUserResc(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &retData); + assert(result == CXSS_DB_SUCCESS); + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.ResourceID, retData.ResourceID) == 0); + assert(strcmp(data.AuthClass, retData.AuthClass) == 0); + assert(memcmp(data.AESKey, retData.AESKey, 32) == 0); + assert(memcmp(data.UsernameIV, retData.UsernameIV, 16) == 0); + assert(memcmp(data.AuthDataIV, retData.AuthDataIV, 16) == 0); + assert(strcmp(data.ResourceUsername, retData.ResourceUsername) == 0); + assert(strcmp(data.ResourceAuthData, retData.ResourceAuthData) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.AESKeyLength == retData.AESKeyLength); + assert(data.UsernameIVLength == retData.UsernameIVLength); + assert(data.AuthDataIVLength == retData.AuthDataIVLength); + assert(data.UsernameLength == retData.UsernameLength); + assert(data.AuthDataLength == retData.AuthDataLength); + + /** update all fields **/ + data.CXSS_UserID = "1"; + data.ResourceID = "1"; + data.AuthClass = "not something"; + key[0] = -key[0]; /* just chaninging one piece is enough */ + uNameIV[0] = -uNameIV[0]; + aDataIV[0] = -aDataIV[0]; + data.ResourceUsername = "another name"; + data.ResourceAuthData = "more, different, auth data"; + data.DateCreated = "02/02/2020"; + data.DateLastUpdated = "01/02/2010"; + data.AESKeyLength = 32; + data.UsernameIVLength = 16; + data.AuthDataIVLength = 16; + data.UsernameLength = strlen(data.ResourceUsername); + data.AuthDataLength = strlen(data.ResourceAuthData); + + result = cxssUpdateUserResc(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &retData); + assert(result == CXSS_DB_SUCCESS); + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.ResourceID, retData.ResourceID) == 0); + assert(strcmp(data.AuthClass, retData.AuthClass) != 0); /* cannot update auth class */ + assert(memcmp(data.AESKey, retData.AESKey, 32) == 0); + assert(memcmp(data.UsernameIV, retData.UsernameIV, 16) == 0); + assert(memcmp(data.AuthDataIV, retData.AuthDataIV, 16) == 0); + assert(strcmp(data.ResourceUsername, retData.ResourceUsername) == 0); + assert(strcmp(data.ResourceAuthData, retData.ResourceAuthData) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) != 0); /* cannot update date created class */ + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); + assert(data.AESKeyLength == retData.AESKeyLength); + assert(data.UsernameIVLength == retData.UsernameIVLength); + assert(data.AuthDataIVLength == retData.AuthDataIVLength); + assert(data.UsernameLength == retData.UsernameLength); + assert(data.AuthDataLength == retData.AuthDataLength); + + /** update item not in db **/ + data.CXSS_UserID = "2"; + data.DateLastUpdated = "notADate"; + result = cxssUpdateUserResc(dbCon, &data); + assert(result == CXSS_DB_NOENT_ERROR); + + result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &noData); + assert(result == CXSS_DB_QUERY_ERROR); /* Should not have created anything new */ + + result = cxssRetrieveUserResc(dbCon, "1", data.ResourceID, &retData); + assert(result == CXSS_DB_SUCCESS); + + /* these should not match */ + assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) != 0); + assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) != 0); + data.CXSS_UserID = "1"; + + /** Delete **/ + + /** delete entry **/ + result = cxssDeleteUserResc(dbCon, data.CXSS_UserID, data.ResourceID); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &noData); /* attempt to retrieve */ + assert(result == CXSS_DB_QUERY_ERROR); + + /** attempt to delete item not there **/ + result = cxssDeleteUserResc(dbCon, data.CXSS_UserID, data.ResourceID); + assert(result == CXSS_DB_NOENT_ERROR); + + + /** test delete all **/ + + /** insert 2 entries **/ + CXSS_UserResc data2; + data2.CXSS_UserID = "1"; + data2.ResourceID = "2"; + data2.AuthClass = "something else"; + data2.AESKey = key; + data2.UsernameIV = uNameIV; + data2.AuthDataIV = aDataIV; + data2.ResourceUsername = "anotherUsername"; + data2.ResourceAuthData = "some other auth data."; + data2.DateCreated = "5/7/2022"; + data2.DateLastUpdated = "4/7/2022"; + data2.AESKeyLength = 32; + data2.UsernameIVLength = 16; + data2.AuthDataIVLength = 16; + data2.UsernameLength = strlen(data.ResourceUsername); + data2.AuthDataLength = strlen(data.ResourceAuthData); + + result = cxssInsertUserResc(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + result = cxssInsertUserResc(dbCon, &data2); + assert(result == CXSS_DB_SUCCESS); + + result = cxssDeleteAllUserResc(dbCon, data.CXSS_UserID); + assert(result == CXSS_DB_SUCCESS); + + result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &noData); /* attempt to retrieve */ + assert(result == CXSS_DB_QUERY_ERROR); + result = cxssRetrieveUserResc(dbCon, data2.CXSS_UserID, data.ResourceID, &noData); /* attempt to retrieve */ + assert(result == CXSS_DB_QUERY_ERROR); + + cxssCredentialsDatabaseClose(dbCon); + + return 0; + } From 7d6d1764f39d999b77d742b2619b3fc6663203d8 Mon Sep 17 00:00:00 2001 From: nboard Date: Thu, 7 Jul 2022 17:24:00 -0600 Subject: [PATCH 09/16] Updated cred DB tests to test new Auth insert and delete, as well as reflect table changes --- centrallix/tests/test_cxss-credDB_02.c | 108 ++++++++++++------------- centrallix/tests/test_cxss-credDB_03.c | 6 -- 2 files changed, 53 insertions(+), 61 deletions(-) diff --git a/centrallix/tests/test_cxss-credDB_02.c b/centrallix/tests/test_cxss-credDB_02.c index 39aeeed50..d4bed0a79 100644 --- a/centrallix/tests/test_cxss-credDB_02.c +++ b/centrallix/tests/test_cxss-credDB_02.c @@ -6,7 +6,7 @@ long long test(char** name) { - *name = "CXSS Cred DB 02: Test auth table"; + *name = "CXSS Cred DB 02: Basic auth table tests"; /** Set up DB. **/ char * PATH = "/home/devel/test.db"; @@ -25,19 +25,15 @@ test(char** name) /*** Insert ***/ /** insert one entry **/ - char* pubKey; - size_t pubLen; + char *pubKey, *privKey; + size_t pubLen, privLen; char saltBuf[8]; char ivBuf[16]; - - CXSS_UserAuth data; - data.PrivateKeyIV = &ivBuf; - data.Salt = &saltBuf; - - /** generate valid inputs for key, salt, iv, and their lengths **/ + + /* generate valid inputs for key, salt, iv, and their lengths */ cxss_internal_InitEntropy(1280); cxssCryptoInit(); - int result = cxssGenerateRSA4096bitKeypair(&data.PrivateKey, &data.KeyLength, &pubKey, &pubLen); + int result = cxssGenerateRSA4096bitKeypair(&privKey, &privLen, &pubKey, &pubLen); assert(result == CXSS_CRYPTO_SUCCESS); result = cxssGenerate64bitSalt(saltBuf); assert(result == CXSS_CRYPTO_SUCCESS); @@ -45,10 +41,17 @@ test(char** name) assert(result == CXSS_CRYPTO_SUCCESS); cxssCryptoCleanup(); - data.CXSS_UserID = "1"; - data.DateCreated = "01/02/2003"; - data.DateLastUpdated = "7/4/2022"; + CXSS_UserAuth data; + data.PK_UserAuth = 1; + data.CXSS_UserID = "2"; + data.AuthClass = "something"; + data.Salt = saltBuf; + data.PrivateKey = privKey; + data.PrivateKeyIV = ivBuf; + data.DateCreated = "03/02/2001"; + data.DateLastUpdated = "1/2/03"; data.RemovalFlag = 0; + data.KeyLength = 512; data.SaltLength = 8; data.IVLength = 16; @@ -60,10 +63,12 @@ test(char** name) /** retrieve: **/ CXSS_UserAuth retData; - result = cxssRetrieveUserAuth(dbCon, data.CXSS_UserID, &retData); + result = cxssRetrieveUserAuth(dbCon, data.PK_UserAuth, &retData); assert(result == CXSS_DB_SUCCESS); + assert(data.PK_UserAuth == retData.PK_UserAuth); assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.AuthClass, retData.AuthClass) == 0); assert(memcmp(data.Salt, retData.Salt, 8) == 0); assert(memcmp(data.PrivateKey, retData.PrivateKey, data.KeyLength) == 0); assert(memcmp(data.PrivateKeyIV, retData.PrivateKeyIV, 16) == 0); @@ -76,68 +81,61 @@ test(char** name) /** retrive item not in DB **/ CXSS_UserAuth noData; - result = cxssRetrieveUserAuth(dbCon, "2", &noData); + result = cxssRetrieveUserAuth(dbCon, 2, &noData); assert(result == CXSS_DB_QUERY_ERROR); - - /** NOTE: cannot perform updates on the auth table **/ - - - /*** Delete ***/ - - /** delete entry (only way to do it is to delete all of the user's records) **/ - result = cxssDeleteAllUserAuth(dbCon, "1"); - assert(result == CXSS_DB_SUCCESS); - - result = cxssRetrieveUserAuth(dbCon, "1", &noData); /* attempt to retrieve */ - assert(result == CXSS_DB_QUERY_ERROR); - - /** attempt to delete item not there **/ - result = cxssDeleteAllUserAuth(dbCon, "2"); - assert(result == CXSS_DB_NOENT_ERROR); - - /** create multiple entries for deleting **/ - result = cxssInsertUserAuth(dbCon, &data); - assert(result == CXSS_DB_SUCCESS); - /** steal values from data **/ - CXSS_UserAuth data2; - data2.PrivateKeyIV = &ivBuf; - data2.Salt = &saltBuf; - data2.PrivateKey = data.PrivateKey; - data2.KeyLength = data.KeyLength; - data2.CXSS_UserID = "1"; - data2.DateCreated = "a diff value"; - data2.DateLastUpdated = "a diff value"; - data2.RemovalFlag = 1; - data2.SaltLength = 8; - data2.IVLength = 16; - - result = cxssInsertUserAuth(dbCon, &data2); + /*** Update ***/ + + /** update the entry and test results **/ + data.CXSS_UserID = "3"; + data.AuthClass = "another thing"; + saltBuf[0] = -saltBuf[0]; /* small change is enough here. */ + privKey[0] = -privKey[0]; /* points to same mem, so this is ok */ + ivBuf[0] = -ivBuf[0]; + data.DateCreated = "02/20/2002"; + data.DateLastUpdated = "2/2/22"; + + result = cxssUpdateUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); - /** check retreival (should just be data again) **/ - result = cxssRetrieveUserAuth(dbCon, data.CXSS_UserID, &retData); + /* now retrieve and check output */ + result = cxssRetrieveUserAuth(dbCon, data.PK_UserAuth, &retData); assert(result == CXSS_DB_SUCCESS); + assert(data.PK_UserAuth == retData.PK_UserAuth); assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); + assert(strcmp(data.AuthClass, retData.AuthClass) == 0); assert(memcmp(data.Salt, retData.Salt, 8) == 0); assert(memcmp(data.PrivateKey, retData.PrivateKey, data.KeyLength) == 0); assert(memcmp(data.PrivateKeyIV, retData.PrivateKeyIV, 16) == 0); - assert(strcmp(data.DateCreated, retData.DateCreated) == 0); + assert(strcmp(data.DateCreated, retData.DateCreated) != 0); /* date created is never updated */ assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); assert(data.RemovalFlag == retData.RemovalFlag); assert(data.KeyLength == retData.KeyLength); assert(data.SaltLength == retData.SaltLength); assert(data.IVLength == retData.IVLength); - /** now delete both **/ - result = cxssDeleteAllUserAuth(dbCon, "1"); + /** attempt to update nonexistent entry **/ + data.PK_UserAuth = 2; + result = cxssUpdateUserAuth(dbCon, &data); + assert(result == CXSS_DB_NOENT_ERROR); + data.PK_UserAuth = 1; /* fix before next test*/ + + + /*** Delete ***/ + + /** delete the entry and confirm is gone **/ + result = cxssDeleteUserAuth(dbCon, data.PK_UserAuth); assert(result == CXSS_DB_SUCCESS); - result = cxssRetrieveUserAuth(dbCon, "1", &noData); /* attempt to retrieve */ + result = cxssRetrieveUserAuth(dbCon, data.PK_UserAuth, &retData); assert(result == CXSS_DB_QUERY_ERROR); + /** confirm duplicate delete fails **/ + result = cxssDeleteUserAuth(dbCon, data.PK_UserAuth); + assert(result == CXSS_DB_NOENT_ERROR); + cxssCredentialsDatabaseClose(dbCon); return 0; diff --git a/centrallix/tests/test_cxss-credDB_03.c b/centrallix/tests/test_cxss-credDB_03.c index f36a2d41f..fe3a197b8 100644 --- a/centrallix/tests/test_cxss-credDB_03.c +++ b/centrallix/tests/test_cxss-credDB_03.c @@ -43,7 +43,6 @@ test(char** name) CXSS_UserResc data; data.CXSS_UserID = "1"; data.ResourceID = "1"; - data.AuthClass = "something"; data.AESKey = key; data.UsernameIV = uNameIV; data.AuthDataIV = aDataIV; @@ -70,7 +69,6 @@ test(char** name) assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); assert(strcmp(data.ResourceID, retData.ResourceID) == 0); - assert(strcmp(data.AuthClass, retData.AuthClass) == 0); assert(memcmp(data.AESKey, retData.AESKey, 32) == 0); assert(memcmp(data.UsernameIV, retData.UsernameIV, 16) == 0); assert(memcmp(data.AuthDataIV, retData.AuthDataIV, 16) == 0); @@ -101,7 +99,6 @@ test(char** name) assert(result == CXSS_DB_SUCCESS); assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); assert(strcmp(data.ResourceID, retData.ResourceID) == 0); - assert(strcmp(data.AuthClass, retData.AuthClass) == 0); assert(memcmp(data.AESKey, retData.AESKey, 32) == 0); assert(memcmp(data.UsernameIV, retData.UsernameIV, 16) == 0); assert(memcmp(data.AuthDataIV, retData.AuthDataIV, 16) == 0); @@ -118,7 +115,6 @@ test(char** name) /** update all fields **/ data.CXSS_UserID = "1"; data.ResourceID = "1"; - data.AuthClass = "not something"; key[0] = -key[0]; /* just chaninging one piece is enough */ uNameIV[0] = -uNameIV[0]; aDataIV[0] = -aDataIV[0]; @@ -139,7 +135,6 @@ test(char** name) assert(result == CXSS_DB_SUCCESS); assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); assert(strcmp(data.ResourceID, retData.ResourceID) == 0); - assert(strcmp(data.AuthClass, retData.AuthClass) != 0); /* cannot update auth class */ assert(memcmp(data.AESKey, retData.AESKey, 32) == 0); assert(memcmp(data.UsernameIV, retData.UsernameIV, 16) == 0); assert(memcmp(data.AuthDataIV, retData.AuthDataIV, 16) == 0); @@ -190,7 +185,6 @@ test(char** name) CXSS_UserResc data2; data2.CXSS_UserID = "1"; data2.ResourceID = "2"; - data2.AuthClass = "something else"; data2.AESKey = key; data2.UsernameIV = uNameIV; data2.AuthDataIV = aDataIV; From e563de2c6603d14a5254cf3c78f986655ca3182e Mon Sep 17 00:00:00 2001 From: nboard Date: Thu, 7 Jul 2022 17:29:46 -0600 Subject: [PATCH 10/16] updated cred DB to allow auth to perform deletes and updates by primary key. \nMoved auth class from resc to auth table. \nEdited cred mgr to reflect change in resc table. --- centrallix/cxss/cxss_credentials_db.c | 281 +++++++++++++++------- centrallix/cxss/cxss_credentials_mgr.c | 3 +- centrallix/include/cxss/credentials_db.h | 9 +- centrallix/include/cxss/credentials_mgr.h | 2 +- 4 files changed, 207 insertions(+), 88 deletions(-) diff --git a/centrallix/cxss/cxss_credentials_db.c b/centrallix/cxss/cxss_credentials_db.c index 4f582f332..6f06c6a36 100644 --- a/centrallix/cxss/cxss_credentials_db.c +++ b/centrallix/cxss/cxss_credentials_db.c @@ -90,17 +90,17 @@ cxss_i_SetupCredentialsDatabase(CXSS_DB_Context_t dbcontext) "CREATE TABLE IF NOT EXISTS UserAuth(" "PK_UserAuth INTEGER PRIMARY KEY," "CXSS_UserID TEXT," + "AuthClass TEXT," "UserSalt BLOB," - "PrivateKeyIV BLOB," "UserPrivateKey BLOB," - "RemovalFlag INT," + "PrivateKeyIV BLOB," "DateCreated TEXT," - "DateLastUpdated TEXT);", + "DateLastUpdated TEXT," + "RemovalFlag INT);", (void*)NULL, NULL, &err_msg); sqlite3_exec(dbcontext->db, "CREATE TABLE IF NOT EXISTS UserResc(" "ResourceID TEXT PRIMARY KEY," - "AuthClass TEXT," "AESKey BLOB," "ResourceUsername BLOB," "ResourceAuthData BLOB," @@ -148,30 +148,38 @@ cxss_i_SetupCredentialsDatabase(CXSS_DB_Context_t dbcontext) "DELETE FROM UserData WHERE CXSS_UserID=?;", -1, &dbcontext->delete_user_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "INSERT INTO UserAuth (CXSS_UserID" - ", UserSalt, UserPrivateKey, PrivateKeyIV, RemovalFlag" - ", DateCreated, DateLastUpdated)" - " VALUES (?, ?, ?, ?, ?, ?, ?);", + "INSERT INTO UserAuth (PK_UserAuth, CXSS_UserID" + ", AuthClass, UserSalt, UserPrivateKey, PrivateKeyIV" + ", DateCreated, DateLastUpdated, RemovalFlag)" + " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);", -1, &dbcontext->insert_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "SELECT UserPrivateKey, UserSalt, PrivateKeyIV" - ", DateCreated, DateLastUpdated FROM UserAuth" - " WHERE CXSS_UserID=? AND RemovalFlag=0;", + "UPDATE UserAuth SET CXSS_UserID=?" + ", AuthClass=?, UserSalt=?, UserPrivateKey=?, PrivateKeyIV=?" + ", DateLastUpdated=?, RemovalFlag=? WHERE PK_UserAuth=?;", + -1, &dbcontext->update_auth_stmt, NULL); + sqlite3_prepare_v2(dbcontext->db, + "SELECT CXSS_UserID, AuthClass, UserSalt, UserPrivateKey" + ", PrivateKeyIV, DateCreated, DateLastUpdated" + " FROM UserAuth WHERE PK_UserAuth=? AND RemovalFlag=0;", -1, &dbcontext->retrieve_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "SELECT UserPrivateKey, UserSalt, PrivateKeyIV" - ", RemovalFlag, DateCreated, DateLastUpdated FROM UserAuth" - " WHERE CXSS_UserID=?;", + "SELECT PK_UserAuth, AuthClass, UserSalt, UserPrivateKey" + ", PrivateKeyIV, DateCreated, DateLastUpdated RemovalFlag," + " FROM UserAuth WHERE CXSS_UserID=?;", -1, &dbcontext->retrieve_user_auths_stmt, NULL); + sqlite3_prepare_v2(dbcontext->db, + "DELETE FROM UserAuth WHERE PK_UserAuth=?;", + -1, &dbcontext->delete_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "DELETE FROM UserAuth WHERE CXSS_UserID=?;", -1, &dbcontext->delete_user_auths_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "INSERT INTO UserResc (ResourceID, AuthClass" - ", AESKey, ResourceUsernameIV, ResourceAuthDataIV" + "INSERT INTO UserResc (ResourceID, AESKey" + ", ResourceUsernameIV, ResourceAuthDataIV" ", ResourceUsername, ResourceAuthData, CXSS_UserID" ", DateCreated, DateLastUpdated)" - " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?);", + " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);", -1, &dbcontext->insert_resc_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "UPDATE UserResc SET AESKey=?, ResourceUsername=?" @@ -181,7 +189,7 @@ cxss_i_SetupCredentialsDatabase(CXSS_DB_Context_t dbcontext) -1, &dbcontext->update_resc_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "SELECT ResourceUsernameIV, ResourceAuthDataIV" - ", AuthClass, AESKey, ResourceUsername, ResourceAuthData" + ", AESKey, ResourceUsername, ResourceAuthData" ", DateCreated, DateLastUpdated FROM UserResc" " WHERE CXSS_UserID=? AND ResourceID=?;", -1, &dbcontext->retrieve_resc_stmt, NULL); @@ -254,34 +262,42 @@ cxssInsertUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth) { /* Bind data with sqlite3 stmts */ sqlite3_reset(dbcontext->insert_user_auth_stmt); - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 1, + if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 1, + UserAuth->PK_UserAuth) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 2, UserAuth->CXSS_UserID, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 2, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 3, + UserAuth->AuthClass, -1, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 4, UserAuth->Salt, UserAuth->SaltLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 3, + if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 5, UserAuth->PrivateKey, UserAuth->KeyLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 4, + if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 6, UserAuth->PrivateKeyIV, UserAuth->IVLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 5, - UserAuth->RemovalFlag) != SQLITE_OK) { - goto bind_error; - } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 6, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 7, UserAuth->DateCreated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 7, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 8, UserAuth->DateLastUpdated, -1, NULL) != SQLITE_OK) { goto bind_error; } + if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 9, + UserAuth->RemovalFlag) != SQLITE_OK) { + goto bind_error; + } /* Execute query */ if (sqlite3_step(dbcontext->insert_user_auth_stmt) != SQLITE_DONE) { @@ -312,39 +328,35 @@ cxssInsertUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc) UserResc->ResourceID, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 2, - UserResc->AuthClass, -1, NULL) != SQLITE_OK) { - goto bind_error; - } - if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 3, + if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 2, UserResc->AESKey, UserResc->AESKeyLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 4, + if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 3, UserResc->UsernameIV, UserResc->UsernameIVLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 5, + if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 4, UserResc->AuthDataIV, UserResc->AuthDataIVLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 6, + if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 5, UserResc->ResourceUsername, UserResc->UsernameLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 7, + if (sqlite3_bind_blob(dbcontext->insert_resc_stmt, 6, UserResc->ResourceAuthData, UserResc->AuthDataLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 8, + if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 7, UserResc->CXSS_UserID, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 9, + if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 8, UserResc->DateCreated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 10, + if (sqlite3_bind_text(dbcontext->insert_resc_stmt, 9, UserResc->DateLastUpdated, -1, NULL) != SQLITE_OK) { goto bind_error; } @@ -413,20 +425,21 @@ cxssRetrieveUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid, * * @param dbcontext Database context handle * @param cxss_userid CXSS User ID - * @param UserAuth Pointer to head of a CXSS_UserAuth linked list + * @param cxss_pkUserAuth The key for the desired item * @return Status code */ int -cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, +cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int cxss_pkUserAuth, CXSS_UserAuth *UserAuth) { - const char *privatekey, *salt, *iv; - const char *date_created, *date_last_updated; + const char *cxss_userid, *auth_class, *privatekey, *salt; + const char *iv, *date_created, *date_last_updated; size_t keylength, salt_length, iv_length; + int removal_flag; /* Bind data with sqlite3 stmt */ sqlite3_reset(dbcontext->retrieve_user_auth_stmt); - if (sqlite3_bind_text(dbcontext->retrieve_user_auth_stmt, 1, cxss_userid, -1, NULL) != SQLITE_OK) { + if (sqlite3_bind_int(dbcontext->retrieve_user_auth_stmt, 1, cxss_pkUserAuth) != SQLITE_OK) { goto bind_error; } @@ -437,23 +450,28 @@ cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, } /* Retrieve results */ - privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 0); - keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 0); - salt = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 1); - salt_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 1); - iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 2); - iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 2); - date_created = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 3); - date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 4); + cxss_userid = (char*) sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 0); + auth_class = (char*) sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 1); + salt = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 2); + salt_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 2); + privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 3); + keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 3); + iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 4); + iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 4); + date_created = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 5); + date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 6); + removal_flag = (char*)sqlite3_column_int(dbcontext->retrieve_user_auth_stmt, 7); /* Populate UserAuth struct */ + UserAuth->PK_UserAuth = cxss_pkUserAuth; UserAuth->CXSS_UserID = cxssStrdup(cxss_userid); + UserAuth->AuthClass = cxssStrdup(auth_class); + UserAuth->Salt = cxssBlobdup(salt, salt_length); UserAuth->PrivateKey = cxssBlobdup(privatekey, keylength); UserAuth->PrivateKeyIV = cxssBlobdup(iv, iv_length); - UserAuth->Salt = cxssBlobdup(salt, salt_length); UserAuth->DateCreated = cxssStrdup(date_created); UserAuth->DateLastUpdated = cxssStrdup(date_last_updated); - UserAuth->RemovalFlag = false; + UserAuth->RemovalFlag = removal_flag; UserAuth->KeyLength = keylength; UserAuth->IVLength = iv_length; UserAuth->SaltLength = salt_length; @@ -473,13 +491,14 @@ cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, * @param cxss_userid CXSS User ID * @return void */ + //FIXME: skipping for now int cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserAuth_LLNode **node) { CXSS_UserAuth_LLNode *head, *prev, *current; - const char *privatekey, *salt, *iv; - const char *date_created, *date_last_updated; + const char *pk_userAuth, *auth_class, *privatekey, *salt; + const char *iv, *date_created, *date_last_updated; size_t keylength, salt_length, iv_length; bool removal_flag; @@ -501,18 +520,22 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, prev->next = current; /* Retrieve results */ - privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auths_stmt, 0); - keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 0); - salt = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 1); - salt_length = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 1); - iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auths_stmt, 2); - iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 2); - removal_flag = sqlite3_column_int(dbcontext->retrieve_user_auths_stmt, 4); + pk_userAuth = (int) sqlite3_column_int(dbcontext->retrieve_user_auths_stmt, 0); + auth_class = (char*) sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 1); + salt = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 2); + salt_length = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 2); + privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auths_stmt, 3); + keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 3); + iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auths_stmt, 4); + iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 4); date_created = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 5); date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 6); - + removal_flag = (bool) sqlite3_column_int(dbcontext->retrieve_user_auths_stmt, 7); + /* Populate node */ - current->UserAuth.CXSS_UserID = cxssStrdup(cxss_userid); + current->UserAuth.PK_UserAuth = pk_userAuth; + current->UserAuth.CXSS_UserID = cxss_userid; + current->UserAuth.AuthClass = cxssStrdup(auth_class); current->UserAuth.PrivateKey = cxssBlobdup(privatekey, keylength); current->UserAuth.Salt = cxssBlobdup(salt, salt_length); current->UserAuth.PrivateKeyIV = cxssBlobdup(iv, iv_length); @@ -551,7 +574,6 @@ int cxssRetrieveUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *resource_id, CXSS_UserResc *UserResc) { - const char *auth_class; const char *resource_username, *resource_authdata; const char *aeskey; const char *username_iv, *authdata_iv; @@ -579,19 +601,17 @@ cxssRetrieveUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, username_iv_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 0); authdata_iv = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 1); authdata_iv_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 1); - auth_class = (char*)sqlite3_column_text(dbcontext->retrieve_resc_stmt, 2); - aeskey = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 3); - aeskey_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 3); - resource_username = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 4); - username_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 4); - resource_authdata = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 5); - authdata_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 5); - date_created = (char*)sqlite3_column_text(dbcontext->retrieve_resc_stmt, 6); - date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_resc_stmt, 7); + aeskey = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 2); + aeskey_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 2); + resource_username = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 3); + username_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 3); + resource_authdata = (char*)sqlite3_column_blob(dbcontext->retrieve_resc_stmt, 4); + authdata_len = sqlite3_column_bytes(dbcontext->retrieve_resc_stmt, 4); + date_created = (char*)sqlite3_column_text(dbcontext->retrieve_resc_stmt, 5); + date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_resc_stmt, 6); /* Build struct */ UserResc->ResourceID = cxssStrdup(resource_id); - UserResc->AuthClass = cxssStrdup(auth_class); UserResc->CXSS_UserID = cxssStrdup(cxss_userid); UserResc->AESKey = cxssBlobdup(aeskey, aeskey_len); UserResc->ResourceUsername = cxssBlobdup(resource_username, username_len); @@ -653,7 +673,70 @@ cxssUpdateUserData(CXSS_DB_Context_t dbcontext, CXSS_UserData *UserData) bind_error: mssError(0, "CXSS", "Failed to bind value with SQLite statement: %s\n", sqlite3_errmsg(dbcontext->db)); return CXSS_DB_BIND_ERROR; -} +} + +/** @brief Update user authentication + * + * Update a given user's authentication in CXSS + * + * @param dbcontext Database context handle + * @param UserAuth Pointer to a CXSS_UserAuth struct + * @return Status code + */ +int +cxssUpdateUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth) +{ + /* Bind data with sqlite3 stmts */ + sqlite3_reset(dbcontext->update_auth_stmt); + if (sqlite3_bind_text(dbcontext->update_auth_stmt, 1, + UserAuth->CXSS_UserID, -1, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_text(dbcontext->update_auth_stmt, 2, + UserAuth->AuthClass, -1, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 3, + UserAuth->Salt, UserAuth->SaltLength, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 4, + UserAuth->PrivateKey, UserAuth->KeyLength, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 5, + UserAuth->PrivateKeyIV, UserAuth->IVLength, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_text(dbcontext->update_auth_stmt, 6, + UserAuth->DateLastUpdated, -1, NULL) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_int(dbcontext->update_auth_stmt, 7, + UserAuth->RemovalFlag) != SQLITE_OK) { + goto bind_error; + } + if (sqlite3_bind_int(dbcontext->update_auth_stmt, 8, + UserAuth->PK_UserAuth) != SQLITE_OK) { + goto bind_error; + } + + /* Execute query */ + if (sqlite3_step(dbcontext->update_auth_stmt) != SQLITE_DONE) { + mssError(0, "CXSS", "Failed to update resource\n"); + return CXSS_DB_QUERY_ERROR; + } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No resource found to update\n"); + return CXSS_DB_NOENT_ERROR; + } + + return CXSS_DB_SUCCESS; + +bind_error: + mssError(0, "CXSS", "Failed to bind value with SQLite statement: %s\n", sqlite3_errmsg(dbcontext->db)); + return CXSS_DB_BIND_ERROR; +} /** @brief Update user resource * @@ -752,6 +835,40 @@ cxssDeleteUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid) return CXSS_DB_BIND_ERROR; } +/** @brief Delete user auth + * + * Delete user auth from CXSS + * + * @param dbcontext Database context handle + * @param pk_userAuth primary key for auth entry + * @return Status code + */ +int +cxssDeleteUserAuth(CXSS_DB_Context_t dbcontext, int pk_userAuth) +{ + /* Bind data with sqlite3 stmt */ + sqlite3_reset(dbcontext->delete_user_auth_stmt); + if (sqlite3_bind_int(dbcontext->delete_user_auth_stmt, 1, + pk_userAuth) != SQLITE_OK) { + goto bind_error; + } + + /* Execute query */ + if (sqlite3_step(dbcontext->delete_user_auth_stmt) != SQLITE_DONE) { + mssError(0, "CXSS", "Failed to delete user\n"); + return CXSS_DB_QUERY_ERROR; + } + if(sqlite3_changes(dbcontext->db) < 1) { /* Make sure an update occured */ + mssError(0, "CXSS", "No user found to delete\n"); + return CXSS_DB_NOENT_ERROR; + } + return CXSS_DB_SUCCESS; + +bind_error: + mssError(0, "CXSS", "Failed to bind value with SQLite statement: %s\n", sqlite3_errmsg(dbcontext->db)); + return CXSS_DB_BIND_ERROR; +} + /** @brief Delete user resource * * Delete a given user's resource from CXSS @@ -801,12 +918,12 @@ cxssDeleteUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, * @return Status code */ int -cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid) +cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_pkUserAuth) { /* Bind data with sqlite3 stmts */ sqlite3_reset(dbcontext->delete_user_auths_stmt); if (sqlite3_bind_text(dbcontext->delete_user_auths_stmt, 1, - cxss_userid, -1, NULL) != SQLITE_OK) { + cxss_pkUserAuth, -1, NULL) != SQLITE_OK) { goto bind_error; } @@ -1033,7 +1150,6 @@ cxssFreeUserResc(CXSS_UserResc *UserResc) { nmSysFree((void*)UserResc->CXSS_UserID); nmSysFree((void*)UserResc->ResourceID); - nmSysFree((void*)UserResc->AuthClass); nmSysFree((void*)UserResc->AESKey); nmSysFree((void*)UserResc->ResourceUsername); nmSysFree((void*)UserResc->ResourceAuthData); @@ -1069,5 +1185,4 @@ cxss_i_FinalizeSqliteStatements(CXSS_DB_Context_t dbcontext) sqlite3_finalize(dbcontext->retrieve_resc_stmt); sqlite3_finalize(dbcontext->update_resc_stmt); sqlite3_finalize(dbcontext->delete_resc_stmt); -} - +} \ No newline at end of file diff --git a/centrallix/cxss/cxss_credentials_mgr.c b/centrallix/cxss/cxss_credentials_mgr.c index 69ab16f24..33f87b5da 100644 --- a/centrallix/cxss/cxss_credentials_mgr.c +++ b/centrallix/cxss/cxss_credentials_mgr.c @@ -227,7 +227,7 @@ cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *public * @return Status code */ int -cxssAddResource(const char *cxss_userid, const char *resource_id, const char *auth_class, +cxssAddResource(const char *cxss_userid, const char *resource_id, const char *resource_username, size_t username_len, const char *resource_authdata, size_t authdata_len) { @@ -290,7 +290,6 @@ cxssAddResource(const char *cxss_userid, const char *resource_id, const char *au /* Build struct */ UserResc.CXSS_UserID = cxss_userid; UserResc.ResourceID = resource_id; - UserResc.AuthClass = auth_class; UserResc.AESKey = encrypted_rand_key; UserResc.ResourceUsername = encrypted_username; UserResc.ResourceAuthData = encrypted_password; diff --git a/centrallix/include/cxss/credentials_db.h b/centrallix/include/cxss/credentials_db.h index 1acb191a8..123e3eb71 100644 --- a/centrallix/include/cxss/credentials_db.h +++ b/centrallix/include/cxss/credentials_db.h @@ -17,8 +17,10 @@ typedef struct _CXSS_DB_Context_t { sqlite3_stmt *update_user_stmt; sqlite3_stmt *delete_user_stmt; sqlite3_stmt *insert_user_auth_stmt; + sqlite3_stmt *update_auth_stmt; sqlite3_stmt *retrieve_user_auth_stmt; sqlite3_stmt *retrieve_user_auths_stmt; + sqlite3_stmt *delete_user_auth_stmt; sqlite3_stmt *delete_user_auths_stmt; sqlite3_stmt *insert_resc_stmt; sqlite3_stmt *retrieve_resc_stmt; @@ -36,7 +38,9 @@ typedef struct { } CXSS_UserData; typedef struct { + int PK_UserAuth; const char *CXSS_UserID; + const char *AuthClass; const char *Salt; const char *PrivateKey; const char *PrivateKeyIV; @@ -51,7 +55,6 @@ typedef struct { typedef struct { const char *CXSS_UserID; const char *ResourceID; - const char *AuthClass; const char *AESKey; const char *UsernameIV; const char *AuthDataIV; @@ -85,11 +88,13 @@ int cxssInsertUserData(CXSS_DB_Context_t dbcontext, CXSS_UserData *UserData); int cxssInsertUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth); int cxssInsertUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc); int cxssRetrieveUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserData *UserData); -int cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserAuth *UserAuth); +int cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int pk_userAuth, CXSS_UserAuth *UserAuth); int cxssRetrieveUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *resource_id, CXSS_UserResc *UserResc); int cxssUpdateUserData(CXSS_DB_Context_t dbcontext, CXSS_UserData *UserData); +int cxssUpdateUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth); int cxssUpdateUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc); int cxssDeleteUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid); +int cxssDeleteUserAuth(CXSS_DB_Context_t dbcontext, int pk_userAuth); int cxssDeleteUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *resource_id); int cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid); int cxssDeleteAllUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid); diff --git a/centrallix/include/cxss/credentials_mgr.h b/centrallix/include/cxss/credentials_mgr.h index 778081905..9be8cdae2 100644 --- a/centrallix/include/cxss/credentials_mgr.h +++ b/centrallix/include/cxss/credentials_mgr.h @@ -17,7 +17,7 @@ int cxssAddUser(const char *cxss_userid, const char *encryption_key, size_t encr int cxssRetrieveUserPrivateKey(const char *cxss_userid, const char *user_key, size_t user_key_len, char **privatekey, int *privatekey_len); int cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *publickey_len); int cxssDeleteUser(const char *cxss_userid); -int cxssAddResource(const char *cxss_userid, const char *resource_id, const char *auth_class, const char *resource_username, size_t username_len, const char *resource_password, size_t password_len); +int cxssAddResource(const char *cxss_userid, const char *resource_id, const char *resource_username, size_t username_len, const char *resource_password, size_t password_len); int cxssGetResource(const char *cxss_userid, const char *resource_id, const char *user_key, size_t user_key_len, char **resource_username, char **resource_data); int cxssDeleteResource(const char *cxss_userid, const char *resource_id); From 063aedfe32bbd0b2ac94c69b904c1d5ff436310a Mon Sep 17 00:00:00 2001 From: nboard Date: Fri, 8 Jul 2022 13:57:43 -0600 Subject: [PATCH 11/16] Removed salt from auth table. Updated auth tables's delete all and retrieve all to use auth class --- centrallix/cxss/cxss_credentials_db.c | 135 ++++++++++++---------- centrallix/cxss/cxss_credentials_mgr.c | 9 +- centrallix/include/cxss/credentials_db.h | 8 +- centrallix/include/cxss/credentials_mgr.h | 2 +- 4 files changed, 81 insertions(+), 73 deletions(-) diff --git a/centrallix/cxss/cxss_credentials_db.c b/centrallix/cxss/cxss_credentials_db.c index 6f06c6a36..7c4911525 100644 --- a/centrallix/cxss/cxss_credentials_db.c +++ b/centrallix/cxss/cxss_credentials_db.c @@ -91,7 +91,6 @@ cxss_i_SetupCredentialsDatabase(CXSS_DB_Context_t dbcontext) "PK_UserAuth INTEGER PRIMARY KEY," "CXSS_UserID TEXT," "AuthClass TEXT," - "UserSalt BLOB," "UserPrivateKey BLOB," "PrivateKeyIV BLOB," "DateCreated TEXT," @@ -149,31 +148,39 @@ cxss_i_SetupCredentialsDatabase(CXSS_DB_Context_t dbcontext) -1, &dbcontext->delete_user_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "INSERT INTO UserAuth (PK_UserAuth, CXSS_UserID" - ", AuthClass, UserSalt, UserPrivateKey, PrivateKeyIV" + ", AuthClass, UserPrivateKey, PrivateKeyIV" ", DateCreated, DateLastUpdated, RemovalFlag)" - " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);", + " VALUES (?, ?, ?, ?, ?, ?, ?, ?);", -1, &dbcontext->insert_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "UPDATE UserAuth SET CXSS_UserID=?" - ", AuthClass=?, UserSalt=?, UserPrivateKey=?, PrivateKeyIV=?" + ", AuthClass=?, UserPrivateKey=?, PrivateKeyIV=?" ", DateLastUpdated=?, RemovalFlag=? WHERE PK_UserAuth=?;", -1, &dbcontext->update_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "SELECT CXSS_UserID, AuthClass, UserSalt, UserPrivateKey" + "SELECT CXSS_UserID, AuthClass, UserPrivateKey" ", PrivateKeyIV, DateCreated, DateLastUpdated" " FROM UserAuth WHERE PK_UserAuth=? AND RemovalFlag=0;", -1, &dbcontext->retrieve_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "SELECT PK_UserAuth, AuthClass, UserSalt, UserPrivateKey" - ", PrivateKeyIV, DateCreated, DateLastUpdated RemovalFlag," + "SELECT PK_UserAuth, AuthClass, UserPrivateKey" + ", PrivateKeyIV, DateCreated, DateLastUpdated RemovalFlag" " FROM UserAuth WHERE CXSS_UserID=?;", -1, &dbcontext->retrieve_user_auths_stmt, NULL); + sqlite3_prepare_v2(dbcontext->db, + "SELECT PK_UserAuth, AuthClass, UserPrivateKey" + ", PrivateKeyIV, DateCreated, DateLastUpdated, RemovalFlag" + " FROM UserAuth WHERE CXSS_UserID=? AND AuthClass=?;", + -1, &dbcontext->retrieve_user_auths_class_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "DELETE FROM UserAuth WHERE PK_UserAuth=?;", -1, &dbcontext->delete_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "DELETE FROM UserAuth WHERE CXSS_UserID=?;", -1, &dbcontext->delete_user_auths_stmt, NULL); + sqlite3_prepare_v2(dbcontext->db, + "DELETE FROM UserAuth WHERE CXSS_UserID=? AND AuthClass=?;", + -1, &dbcontext->delete_user_auths_class_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "INSERT INTO UserResc (ResourceID, AESKey" ", ResourceUsernameIV, ResourceAuthDataIV" @@ -275,26 +282,22 @@ cxssInsertUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth) goto bind_error; } if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 4, - UserAuth->Salt, UserAuth->SaltLength, NULL) != SQLITE_OK) { - goto bind_error; - } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 5, UserAuth->PrivateKey, UserAuth->KeyLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 6, + if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 5, UserAuth->PrivateKeyIV, UserAuth->IVLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 7, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 6, UserAuth->DateCreated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 8, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 7, UserAuth->DateLastUpdated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 9, + if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 8, UserAuth->RemovalFlag) != SQLITE_OK) { goto bind_error; } @@ -432,9 +435,9 @@ int cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int cxss_pkUserAuth, CXSS_UserAuth *UserAuth) { - const char *cxss_userid, *auth_class, *privatekey, *salt; + const char *cxss_userid, *auth_class, *privatekey; const char *iv, *date_created, *date_last_updated; - size_t keylength, salt_length, iv_length; + size_t keylength, iv_length; int removal_flag; /* Bind data with sqlite3 stmt */ @@ -452,21 +455,18 @@ cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int cxss_pkUserAuth, /* Retrieve results */ cxss_userid = (char*) sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 0); auth_class = (char*) sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 1); - salt = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 2); - salt_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 2); - privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 3); - keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 3); - iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 4); - iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 4); - date_created = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 5); - date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 6); - removal_flag = (char*)sqlite3_column_int(dbcontext->retrieve_user_auth_stmt, 7); + privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 2); + keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 2); + iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auth_stmt, 3); + iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auth_stmt, 3); + date_created = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 4); + date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_user_auth_stmt, 5); + removal_flag = (char*)sqlite3_column_int(dbcontext->retrieve_user_auth_stmt, 6); /* Populate UserAuth struct */ UserAuth->PK_UserAuth = cxss_pkUserAuth; UserAuth->CXSS_UserID = cxssStrdup(cxss_userid); UserAuth->AuthClass = cxssStrdup(auth_class); - UserAuth->Salt = cxssBlobdup(salt, salt_length); UserAuth->PrivateKey = cxssBlobdup(privatekey, keylength); UserAuth->PrivateKeyIV = cxssBlobdup(iv, iv_length); UserAuth->DateCreated = cxssStrdup(date_created); @@ -474,7 +474,6 @@ cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int cxss_pkUserAuth, UserAuth->RemovalFlag = removal_flag; UserAuth->KeyLength = keylength; UserAuth->IVLength = iv_length; - UserAuth->SaltLength = salt_length; return CXSS_DB_SUCCESS; bind_error: @@ -493,18 +492,30 @@ cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int cxss_pkUserAuth, */ //FIXME: skipping for now int -cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, +cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char* auth_class, CXSS_UserAuth_LLNode **node) { CXSS_UserAuth_LLNode *head, *prev, *current; - const char *pk_userAuth, *auth_class, *privatekey, *salt; + const char *pk_userAuth, *privatekey; const char *iv, *date_created, *date_last_updated; - size_t keylength, salt_length, iv_length; + size_t keylength, iv_length; bool removal_flag; /* Bind data with sqlite3 stmt */ - sqlite3_reset(dbcontext->retrieve_user_auths_stmt); - if (sqlite3_bind_text(dbcontext->retrieve_user_auths_stmt, 1, cxss_userid, -1, NULL) != SQLITE_OK) { + /*determine if need auth_class or not */ + sqlite3_stmt *stmt; + + if(auth_class != NULL){ + stmt = dbcontext->retrieve_user_auths_class_stmt; + sqlite3_reset(stmt); + if (sqlite3_bind_text(stmt, 2, auth_class, -1, NULL) != SQLITE_OK) { + goto bind_error; + } + } else { + stmt = dbcontext->retrieve_user_auths_stmt; + sqlite3_reset(stmt); + } + if (sqlite3_bind_text(stmt, 1, cxss_userid, -1, NULL) != SQLITE_OK) { goto bind_error; } @@ -513,37 +524,33 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, prev = head; /* Execute query */ - while (sqlite3_step(dbcontext->retrieve_user_auths_stmt) == SQLITE_ROW) { + while (sqlite3_step(stmt) == SQLITE_ROW) { /* Allocate and chain new node */ current = (CXSS_UserAuth_LLNode*)nmMalloc(sizeof(CXSS_UserAuth_LLNode)); prev->next = current; /* Retrieve results */ - pk_userAuth = (int) sqlite3_column_int(dbcontext->retrieve_user_auths_stmt, 0); - auth_class = (char*) sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 1); - salt = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 2); - salt_length = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 2); - privatekey = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auths_stmt, 3); - keylength = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 3); - iv = (char*)sqlite3_column_blob(dbcontext->retrieve_user_auths_stmt, 4); - iv_length = sqlite3_column_bytes(dbcontext->retrieve_user_auths_stmt, 4); - date_created = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 5); - date_last_updated = (char*)sqlite3_column_text(dbcontext->retrieve_user_auths_stmt, 6); - removal_flag = (bool) sqlite3_column_int(dbcontext->retrieve_user_auths_stmt, 7); + pk_userAuth = (int) sqlite3_column_int(stmt, 0); + auth_class = (char*) sqlite3_column_text(stmt, 1); + privatekey = (char*)sqlite3_column_blob(stmt, 2); + keylength = sqlite3_column_bytes(stmt, 2); + iv = (char*)sqlite3_column_blob(stmt, 3); + iv_length = sqlite3_column_bytes(stmt, 3); + date_created = (char*)sqlite3_column_text(stmt, 4); + date_last_updated = (char*)sqlite3_column_text(stmt, 5); + removal_flag = (bool) sqlite3_column_int(stmt, 6); /* Populate node */ current->UserAuth.PK_UserAuth = pk_userAuth; current->UserAuth.CXSS_UserID = cxss_userid; current->UserAuth.AuthClass = cxssStrdup(auth_class); current->UserAuth.PrivateKey = cxssBlobdup(privatekey, keylength); - current->UserAuth.Salt = cxssBlobdup(salt, salt_length); current->UserAuth.PrivateKeyIV = cxssBlobdup(iv, iv_length); current->UserAuth.DateCreated = cxssStrdup(date_created); current->UserAuth.DateLastUpdated = cxssStrdup(date_last_updated); current->UserAuth.RemovalFlag = removal_flag; current->UserAuth.KeyLength = keylength; - current->UserAuth.SaltLength = salt_length; current->UserAuth.IVLength = iv_length; /* Advance */ @@ -697,26 +704,22 @@ cxssUpdateUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth) goto bind_error; } if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 3, - UserAuth->Salt, UserAuth->SaltLength, NULL) != SQLITE_OK) { - goto bind_error; - } - if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 4, UserAuth->PrivateKey, UserAuth->KeyLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 5, + if (sqlite3_bind_blob(dbcontext->update_auth_stmt, 4, UserAuth->PrivateKeyIV, UserAuth->IVLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->update_auth_stmt, 6, + if (sqlite3_bind_text(dbcontext->update_auth_stmt, 5, UserAuth->DateLastUpdated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_int(dbcontext->update_auth_stmt, 7, + if (sqlite3_bind_int(dbcontext->update_auth_stmt, 6, UserAuth->RemovalFlag) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_int(dbcontext->update_auth_stmt, 8, + if (sqlite3_bind_int(dbcontext->update_auth_stmt, 7, UserAuth->PK_UserAuth) != SQLITE_OK) { goto bind_error; } @@ -918,17 +921,28 @@ cxssDeleteUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, * @return Status code */ int -cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_pkUserAuth) +cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *auth_class) { + /* base off of auth class as well as user, if inlcuded */ /* Bind data with sqlite3 stmts */ - sqlite3_reset(dbcontext->delete_user_auths_stmt); - if (sqlite3_bind_text(dbcontext->delete_user_auths_stmt, 1, - cxss_pkUserAuth, -1, NULL) != SQLITE_OK) { + sqlite3_stmt *stmt; + if(auth_class != NULL){ + stmt = dbcontext->delete_user_auths_class_stmt; + sqlite3_reset(stmt); + + if (sqlite3_bind_text(stmt, 2, auth_class, -1, NULL) != SQLITE_OK) { + goto bind_error; + } + }else { + stmt = dbcontext->delete_user_auths_stmt; + sqlite3_reset(stmt); + } + if (sqlite3_bind_text(stmt, 1, cxss_userid, -1, NULL) != SQLITE_OK) { goto bind_error; } /* Execute query */ - if (sqlite3_step(dbcontext->delete_user_auths_stmt) != SQLITE_DONE) { + if (sqlite3_step(stmt) != SQLITE_DONE) { mssError(0, "CXSS", "Failed to delete user auths\n"); return CXSS_DB_QUERY_ERROR; } @@ -1131,7 +1145,6 @@ cxssFreeUserAuth(CXSS_UserAuth *UserAuth) { nmSysFree((void*)UserAuth->CXSS_UserID); nmSysFree((void*)UserAuth->PrivateKey); - nmSysFree((void*)UserAuth->Salt); nmSysFree((void*)UserAuth->PrivateKeyIV); nmSysFree((void*)UserAuth->DateCreated); nmSysFree((void*)UserAuth->DateLastUpdated); diff --git a/centrallix/cxss/cxss_credentials_mgr.c b/centrallix/cxss/cxss_credentials_mgr.c index 33f87b5da..d3c37b12d 100644 --- a/centrallix/cxss/cxss_credentials_mgr.c +++ b/centrallix/cxss/cxss_credentials_mgr.c @@ -62,13 +62,10 @@ cxssCredentialsManagerClose(void) * @param cxss_userid Centrallix User ID * @param pb_userk ey Password-based user encryption key (used to encrypt private key) * @param keylength Length of password-based user encryption key - * @param salt User salt - * @param salt_len Length of user salt * @return Status code */ int -cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_len, - const char *salt, size_t salt_len) +cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_len) { CXSS_UserData UserData = {}; CXSS_UserAuth UserAuth = {}; @@ -110,11 +107,9 @@ cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_l UserAuth.CXSS_UserID = cxss_userid; UserAuth.PrivateKey = encrypted_privatekey; UserAuth.PrivateKeyIV = iv; - UserAuth.Salt = salt; UserAuth.DateCreated = current_timestamp; UserAuth.DateLastUpdated = current_timestamp; UserAuth.RemovalFlag = false; - UserAuth.SaltLength = salt_len; UserAuth.KeyLength = encr_privatekey_len; UserAuth.IVLength = sizeof(iv); @@ -415,7 +410,7 @@ cxss_deleteUser(const char *cxss_userid) mssError(0, "CXSS", "Failed to delete user data\n"); return CXSS_MGR_DELETE_ERROR; } - if (cxssDeleteAllUserAuth(dbcontext, cxss_userid) < 0) { + if (cxssDeleteAllUserAuth(dbcontext, cxss_userid, NULL) < 0) { mssError(0, "CXSS", "Failed to delete user auth data\n"); return CXSS_MGR_DELETE_ERROR; } diff --git a/centrallix/include/cxss/credentials_db.h b/centrallix/include/cxss/credentials_db.h index 123e3eb71..f831ed9f8 100644 --- a/centrallix/include/cxss/credentials_db.h +++ b/centrallix/include/cxss/credentials_db.h @@ -20,8 +20,10 @@ typedef struct _CXSS_DB_Context_t { sqlite3_stmt *update_auth_stmt; sqlite3_stmt *retrieve_user_auth_stmt; sqlite3_stmt *retrieve_user_auths_stmt; + sqlite3_stmt *retrieve_user_auths_class_stmt; sqlite3_stmt *delete_user_auth_stmt; sqlite3_stmt *delete_user_auths_stmt; + sqlite3_stmt *delete_user_auths_class_stmt; sqlite3_stmt *insert_resc_stmt; sqlite3_stmt *retrieve_resc_stmt; sqlite3_stmt *update_resc_stmt; @@ -41,14 +43,12 @@ typedef struct { int PK_UserAuth; const char *CXSS_UserID; const char *AuthClass; - const char *Salt; const char *PrivateKey; const char *PrivateKeyIV; const char *DateCreated; const char *DateLastUpdated; bool RemovalFlag; size_t KeyLength; - size_t SaltLength; size_t IVLength; } CXSS_UserAuth; @@ -96,12 +96,12 @@ int cxssUpdateUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc); int cxssDeleteUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid); int cxssDeleteUserAuth(CXSS_DB_Context_t dbcontext, int pk_userAuth); int cxssDeleteUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *resource_id); -int cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid); +int cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char*auth_class); int cxssDeleteAllUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid); void cxssFreeUserData(CXSS_UserData *UserData); void cxssFreeUserAuth(CXSS_UserAuth *UserAuth); void cxssFreeUserResc(CXSS_UserResc *UserResc); -int cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserAuth_LLNode **node); +int cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *auth_class, CXSS_UserAuth_LLNode **node); void cxssFreeUserAuthLL(CXSS_UserAuth_LLNode *start); int cxssGetUserCount(CXSS_DB_Context_t dbcontext); int cxssGetUserRescCount(CXSS_DB_Context_t dbcontext, const char *cxss_userid); diff --git a/centrallix/include/cxss/credentials_mgr.h b/centrallix/include/cxss/credentials_mgr.h index 9be8cdae2..34b46630d 100644 --- a/centrallix/include/cxss/credentials_mgr.h +++ b/centrallix/include/cxss/credentials_mgr.h @@ -13,7 +13,7 @@ typedef enum { int cxssCredentialsManagerInit(void); void cxssCredentialsManagerClose(void); -int cxssAddUser(const char *cxss_userid, const char *encryption_key, size_t encryption_key_length, const char *salt, size_t salt_len); +int cxssAddUser(const char *cxss_userid, const char *encryption_key, size_t encryption_key_length); int cxssRetrieveUserPrivateKey(const char *cxss_userid, const char *user_key, size_t user_key_len, char **privatekey, int *privatekey_len); int cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *publickey_len); int cxssDeleteUser(const char *cxss_userid); From 3ea522bac66ed16dd1c8675133803caa3efc027a Mon Sep 17 00:00:00 2001 From: nboard Date: Fri, 8 Jul 2022 13:59:06 -0600 Subject: [PATCH 12/16] updated tests to account for salt no longer being in auth table. Added tests for auth table's delete all and retrieve all functions. --- centrallix/tests/test_cxss-credDB_02.c | 14 +- centrallix/tests/test_cxss-credDB_04.c | 114 ++++++++++++++++ centrallix/tests/test_cxss-credDB_05.c | 172 +++++++++++++++++++++++++ 3 files changed, 288 insertions(+), 12 deletions(-) create mode 100644 centrallix/tests/test_cxss-credDB_04.c create mode 100644 centrallix/tests/test_cxss-credDB_05.c diff --git a/centrallix/tests/test_cxss-credDB_02.c b/centrallix/tests/test_cxss-credDB_02.c index d4bed0a79..2d75efe8b 100644 --- a/centrallix/tests/test_cxss-credDB_02.c +++ b/centrallix/tests/test_cxss-credDB_02.c @@ -27,16 +27,13 @@ test(char** name) /** insert one entry **/ char *pubKey, *privKey; size_t pubLen, privLen; - char saltBuf[8]; char ivBuf[16]; - /* generate valid inputs for key, salt, iv, and their lengths */ + /* generate valid inputs for key, iv, and their lengths */ cxss_internal_InitEntropy(1280); cxssCryptoInit(); int result = cxssGenerateRSA4096bitKeypair(&privKey, &privLen, &pubKey, &pubLen); assert(result == CXSS_CRYPTO_SUCCESS); - result = cxssGenerate64bitSalt(saltBuf); - assert(result == CXSS_CRYPTO_SUCCESS); result = cxssGenerate128bitIV(ivBuf); assert(result == CXSS_CRYPTO_SUCCESS); cxssCryptoCleanup(); @@ -45,14 +42,12 @@ test(char** name) data.PK_UserAuth = 1; data.CXSS_UserID = "2"; data.AuthClass = "something"; - data.Salt = saltBuf; data.PrivateKey = privKey; data.PrivateKeyIV = ivBuf; data.DateCreated = "03/02/2001"; data.DateLastUpdated = "1/2/03"; data.RemovalFlag = 0; - data.KeyLength = 512; - data.SaltLength = 8; + data.KeyLength = strlen(data.PrivateKey); data.IVLength = 16; result = cxssInsertUserAuth(dbCon, &data); @@ -69,14 +64,12 @@ test(char** name) assert(data.PK_UserAuth == retData.PK_UserAuth); assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); assert(strcmp(data.AuthClass, retData.AuthClass) == 0); - assert(memcmp(data.Salt, retData.Salt, 8) == 0); assert(memcmp(data.PrivateKey, retData.PrivateKey, data.KeyLength) == 0); assert(memcmp(data.PrivateKeyIV, retData.PrivateKeyIV, 16) == 0); assert(strcmp(data.DateCreated, retData.DateCreated) == 0); assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); assert(data.RemovalFlag == retData.RemovalFlag); assert(data.KeyLength == retData.KeyLength); - assert(data.SaltLength == retData.SaltLength); assert(data.IVLength == retData.IVLength); /** retrive item not in DB **/ @@ -90,7 +83,6 @@ test(char** name) /** update the entry and test results **/ data.CXSS_UserID = "3"; data.AuthClass = "another thing"; - saltBuf[0] = -saltBuf[0]; /* small change is enough here. */ privKey[0] = -privKey[0]; /* points to same mem, so this is ok */ ivBuf[0] = -ivBuf[0]; data.DateCreated = "02/20/2002"; @@ -106,14 +98,12 @@ test(char** name) assert(data.PK_UserAuth == retData.PK_UserAuth); assert(strcmp(data.CXSS_UserID, retData.CXSS_UserID) == 0); assert(strcmp(data.AuthClass, retData.AuthClass) == 0); - assert(memcmp(data.Salt, retData.Salt, 8) == 0); assert(memcmp(data.PrivateKey, retData.PrivateKey, data.KeyLength) == 0); assert(memcmp(data.PrivateKeyIV, retData.PrivateKeyIV, 16) == 0); assert(strcmp(data.DateCreated, retData.DateCreated) != 0); /* date created is never updated */ assert(strcmp(data.DateLastUpdated, retData.DateLastUpdated) == 0); assert(data.RemovalFlag == retData.RemovalFlag); assert(data.KeyLength == retData.KeyLength); - assert(data.SaltLength == retData.SaltLength); assert(data.IVLength == retData.IVLength); /** attempt to update nonexistent entry **/ diff --git a/centrallix/tests/test_cxss-credDB_04.c b/centrallix/tests/test_cxss-credDB_04.c new file mode 100644 index 000000000..45f0eba06 --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_04.c @@ -0,0 +1,114 @@ +#include +#include +#include "cxss/credentials_db.h" +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 04: Delete All Auth"; + + int n = 100; + + /** Set up DB. **/ + char * PATH = "/home/devel/test.db"; + /* Reset DB file if needed */ + if(access(PATH, 0) == 0) + { + assert(remove(PATH) == 0); + } + assert(access(PATH, 0) != 0); + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + assert(dbCon != NULL); + + /* generate valid inputs for key, iv, and their lengths */ + char *pubKey, *privKey; + size_t pubLen, privLen; + char ivBuf[16]; + + cxss_internal_InitEntropy(1280); + cxssCryptoInit(); + int result = cxssGenerateRSA4096bitKeypair(&privKey, &privLen, &pubKey, &pubLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate128bitIV(ivBuf); + assert(result == CXSS_CRYPTO_SUCCESS); + cxssCryptoCleanup(); + + CXSS_UserAuth data, temp; + data.PK_UserAuth = 1; + data.CXSS_UserID = "1"; + data.AuthClass = "something"; + data.PrivateKey = privKey; + data.PrivateKeyIV = ivBuf; + data.DateCreated = "03/02/2001"; + data.DateLastUpdated = "1/2/03"; + data.RemovalFlag = 0; + data.KeyLength = strlen(data.PrivateKey); + data.IVLength = 16; + + for(int i = 0 ; i < n ; i++) + { + data.PK_UserAuth = i; + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + + /* delete all and confirm all were deleted */ + result = cxssDeleteAllUserAuth(dbCon, "1", NULL); + assert(result == CXSS_DB_SUCCESS); + + for(int i = 0 ; i < n ; i++) + { + result = cxssRetrieveUserAuth(dbCon, i, &temp); + assert(result == CXSS_DB_QUERY_ERROR); + } + /* test deleting nothing */ + result = cxssDeleteAllUserAuth(dbCon, "1", NULL); + assert(result == CXSS_DB_NOENT_ERROR); + + /** Delete by user **/ + for(int i = 0 ; i < n ; i++) + { + data.PK_UserAuth = i; + data.CXSS_UserID = (i < n/2)? "1":"2"; + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + + /* delete all from user and confirm */ + result = cxssDeleteAllUserAuth(dbCon, "1", NULL); + assert(result == CXSS_DB_SUCCESS); + + for(int i = 0 ; i < n ; i++) + { + result = cxssRetrieveUserAuth(dbCon, i, &temp); + assert(result == ((i < n/2)? CXSS_DB_QUERY_ERROR : CXSS_DB_SUCCESS)); + } + /* test deleting nothing */ + result = cxssDeleteAllUserAuth(dbCon, "1", NULL); + assert(result == CXSS_DB_NOENT_ERROR); + + /** test delete by user and auth class **/ + for(int i = 0 ; i < n ; i++) + { + data.PK_UserAuth = i+n; + /* split users into 4 groups */ + data.CXSS_UserID = (i < n/2)? "1":"2"; + data.AuthClass = (i < n/4 || i > n*3/4)? "1":"2"; + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + result = cxssDeleteAllUserAuth(dbCon, "1", "1"); /* deletes first 4th */ + assert(result == CXSS_DB_SUCCESS); + for(int i = 0 ; i < n ; i++) + { + result = cxssRetrieveUserAuth(dbCon, i+n, &temp); + assert(result == ((i < n/4)? CXSS_DB_QUERY_ERROR : CXSS_DB_SUCCESS)); + } + /* test deleting nothing */ + result = cxssDeleteAllUserAuth(dbCon, "1", "1"); + assert(result == CXSS_DB_NOENT_ERROR); + + cxssCredentialsDatabaseClose(dbCon); + return 0; + } diff --git a/centrallix/tests/test_cxss-credDB_05.c b/centrallix/tests/test_cxss-credDB_05.c new file mode 100644 index 000000000..c4b1c8a72 --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_05.c @@ -0,0 +1,172 @@ +#include +#include +#include "cxss/credentials_db.h" +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 05: Retrieve All Auth"; + + int n = 100; + + /** Set up DB. **/ + char * PATH = "/home/devel/test.db"; + /* Reset DB file if needed */ + if(access(PATH, 0) == 0) + { + assert(remove(PATH) == 0); + } + assert(access(PATH, 0) != 0); + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + assert(dbCon != NULL); + + /* generate valid inputs for key, iv, and their lengths */ + char *pubKey, *privKey; + size_t pubLen, privLen; + char ivBuf[16]; + + cxss_internal_InitEntropy(1280); + cxssCryptoInit(); + int result = cxssGenerateRSA4096bitKeypair(&privKey, &privLen, &pubKey, &pubLen); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate128bitIV(ivBuf); + assert(result == CXSS_CRYPTO_SUCCESS); + cxssCryptoCleanup(); + + char class[16], create[16], update[16], test[16]; + CXSS_UserAuth data, temp; + data.PK_UserAuth = 1; + data.CXSS_UserID = "1"; + data.AuthClass = class; + data.PrivateKey = privKey; + data.PrivateKeyIV = ivBuf; + data.DateCreated = create; + data.DateLastUpdated = update; + data.RemovalFlag = 0; + data.KeyLength = strlen(data.PrivateKey); + data.IVLength = 16; + + for(int i = 0 ; i < n ; i++) + { + /* provide unique, repeatable values */ + data.PK_UserAuth = i; + sprintf(class, "something%d",i); + sprintf(create, "1/%d/2022",i); + sprintf(update, "1/2/20%d",i); + + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + + CXSS_UserAuth_LLNode *head, *cur; + result = cxssRetrieveUserAuthLL(dbCon, "1", NULL, &head); + assert(result == CXSS_DB_SUCCESS); + cur = head->next; /* get past sentinel */ + + /* iterate through nodes and check results */ + int count = 0; + while(cur != NULL) + { + /* generate old values again */ + sprintf(class, "something%d", count); + sprintf(create, "1/%d/2022", count); + sprintf(update, "1/2/20%d", count); + + assert(count == cur->UserAuth.PK_UserAuth); + assert(strcmp(data.CXSS_UserID, cur->UserAuth.CXSS_UserID) == 0); + assert(strcmp(class, cur->UserAuth.AuthClass) == 0); + assert(memcmp(data.PrivateKey, cur->UserAuth.PrivateKey, data.KeyLength) == 0); + assert(memcmp(data.PrivateKeyIV, cur->UserAuth.PrivateKeyIV, data.IVLength) == 0); + assert(strcmp(create, cur->UserAuth.DateCreated) == 0); + assert(strcmp(update, cur->UserAuth.DateLastUpdated) == 0); + assert(data.RemovalFlag == cur->UserAuth.RemovalFlag); + assert(data.KeyLength == cur->UserAuth.KeyLength); + assert(data.IVLength == cur->UserAuth.IVLength); + count++; + cur = cur->next; + } + assert(count == n); + + /** test with user id **/ + data.CXSS_UserID = "2"; + for(int i = n ; i < 2*n ; i++) + { + data.PK_UserAuth = i; + sprintf(class, "something%d", i); + sprintf(create, "1/%d/2022", i); + sprintf(update, "1/2/20%d", i); + + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + + result = cxssRetrieveUserAuthLL(dbCon, "2", NULL, &head); + assert(result == CXSS_DB_SUCCESS); + cur = head->next; /* get past sentinel */ + + /* iterate through nodes and check results */ + count = n; + while(cur != NULL) + { + sprintf(class, "something%d", count); + sprintf(create, "1/%d/2022", count); + sprintf(update, "1/2/20%d", count); + + assert(count == cur->UserAuth.PK_UserAuth); + assert(strcmp(data.CXSS_UserID, cur->UserAuth.CXSS_UserID) == 0); + assert(strcmp(class, cur->UserAuth.AuthClass) == 0); + assert(memcmp(data.PrivateKey, cur->UserAuth.PrivateKey, data.KeyLength) == 0); + assert(memcmp(data.PrivateKeyIV, cur->UserAuth.PrivateKeyIV, data.IVLength) == 0); + assert(strcmp(create, cur->UserAuth.DateCreated) == 0); + assert(strcmp(update, cur->UserAuth.DateLastUpdated) == 0); + assert(data.RemovalFlag == cur->UserAuth.RemovalFlag); + assert(data.KeyLength == cur->UserAuth.KeyLength); + assert(data.IVLength == cur->UserAuth.IVLength); + count++; + cur = cur->next; + } + assert(count == 2*n); + + /** test with user id and class **/ + data.CXSS_UserID = "2"; + data.AuthClass = "something else"; + for(int i = 2*n ; i < 3*n ; i++) + { + data.PK_UserAuth = i; + sprintf(create, "1/%d/2022", i); + sprintf(update, "1/2/20%d", i); + + result = cxssInsertUserAuth(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + + result = cxssRetrieveUserAuthLL(dbCon, "2", "something else", &head); + assert(result == CXSS_DB_SUCCESS); + cur = head->next; /* get past sentinel */ + + /* iterate through nodes and check results */ + count = 2*n; + while(cur != NULL) + { + sprintf(create, "1/%d/2022", count); + sprintf(update, "1/2/20%d", count); + + assert(count == cur->UserAuth.PK_UserAuth); + assert(strcmp(data.CXSS_UserID, cur->UserAuth.CXSS_UserID) == 0); + assert(strcmp(data.AuthClass, cur->UserAuth.AuthClass) == 0); + assert(memcmp(data.PrivateKey, cur->UserAuth.PrivateKey, data.KeyLength) == 0); + assert(memcmp(data.PrivateKeyIV, cur->UserAuth.PrivateKeyIV, data.IVLength) == 0); + assert(strcmp(create, cur->UserAuth.DateCreated) == 0); + assert(strcmp(update, cur->UserAuth.DateLastUpdated) == 0); + assert(data.RemovalFlag == cur->UserAuth.RemovalFlag); + assert(data.KeyLength == cur->UserAuth.KeyLength); + assert(data.IVLength == cur->UserAuth.IVLength); + count++; + cur = cur->next; + } + assert(count == 3*n); + + cxssCredentialsDatabaseClose(dbCon); + return 0; + } From a23ff1236d2d7bd1033cae21ebfa8fc233d1b0ab Mon Sep 17 00:00:00 2001 From: nboard Date: Fri, 8 Jul 2022 17:16:28 -0600 Subject: [PATCH 13/16] Made Auth table's PK autoinc. made auth retrieve function assign the generated PK value to the struct. --- centrallix/cxss/cxss_credentials_db.c | 43 +++++++++++++++++---------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/centrallix/cxss/cxss_credentials_db.c b/centrallix/cxss/cxss_credentials_db.c index 7c4911525..4f6c68c34 100644 --- a/centrallix/cxss/cxss_credentials_db.c +++ b/centrallix/cxss/cxss_credentials_db.c @@ -147,10 +147,10 @@ cxss_i_SetupCredentialsDatabase(CXSS_DB_Context_t dbcontext) "DELETE FROM UserData WHERE CXSS_UserID=?;", -1, &dbcontext->delete_user_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, - "INSERT INTO UserAuth (PK_UserAuth, CXSS_UserID" + "INSERT INTO UserAuth (CXSS_UserID" ", AuthClass, UserPrivateKey, PrivateKeyIV" ", DateCreated, DateLastUpdated, RemovalFlag)" - " VALUES (?, ?, ?, ?, ?, ?, ?, ?);", + " VALUES ( ?, ?, ?, ?, ?, ?, ?);", -1, &dbcontext->insert_user_auth_stmt, NULL); sqlite3_prepare_v2(dbcontext->db, "UPDATE UserAuth SET CXSS_UserID=?" @@ -269,35 +269,31 @@ cxssInsertUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth) { /* Bind data with sqlite3 stmts */ sqlite3_reset(dbcontext->insert_user_auth_stmt); - if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 1, - UserAuth->PK_UserAuth) != SQLITE_OK) { - goto bind_error; - } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 2, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 1, UserAuth->CXSS_UserID, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 3, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 2, UserAuth->AuthClass, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 4, + if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 3, UserAuth->PrivateKey, UserAuth->KeyLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 5, + if (sqlite3_bind_blob(dbcontext->insert_user_auth_stmt, 4, UserAuth->PrivateKeyIV, UserAuth->IVLength, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 6, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 5, UserAuth->DateCreated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 7, + if (sqlite3_bind_text(dbcontext->insert_user_auth_stmt, 6, UserAuth->DateLastUpdated, -1, NULL) != SQLITE_OK) { goto bind_error; } - if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 8, + if (sqlite3_bind_int(dbcontext->insert_user_auth_stmt, 7, UserAuth->RemovalFlag) != SQLITE_OK) { goto bind_error; } @@ -307,6 +303,10 @@ cxssInsertUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth) mssError(0, "CXSS", "Failed to insert user auth\n"); return CXSS_DB_QUERY_ERROR; } + + /* set id to assigned value */ + UserAuth->PK_UserAuth = sqlite3_last_insert_rowid(dbcontext->db); + return CXSS_DB_SUCCESS; bind_error: @@ -522,15 +522,19 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, con /* Allocate head (dummy node) */ head = (CXSS_UserAuth_LLNode*)nmMalloc(sizeof(CXSS_UserAuth_LLNode)); prev = head; + head->next = NULL; /* need to detect if failed */ /* Execute query */ - while (sqlite3_step(stmt) == SQLITE_ROW) { + int code = sqlite3_step(stmt); + while (code == SQLITE_ROW) { /* Allocate and chain new node */ current = (CXSS_UserAuth_LLNode*)nmMalloc(sizeof(CXSS_UserAuth_LLNode)); prev->next = current; /* Retrieve results */ + char *tempUserid = nmSysMalloc(strlen(cxss_userid)); + strcpy(tempUserid, cxss_userid); pk_userAuth = (int) sqlite3_column_int(stmt, 0); auth_class = (char*) sqlite3_column_text(stmt, 1); privatekey = (char*)sqlite3_column_blob(stmt, 2); @@ -543,7 +547,7 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, con /* Populate node */ current->UserAuth.PK_UserAuth = pk_userAuth; - current->UserAuth.CXSS_UserID = cxss_userid; + current->UserAuth.CXSS_UserID = tempUserid; current->UserAuth.AuthClass = cxssStrdup(auth_class); current->UserAuth.PrivateKey = cxssBlobdup(privatekey, keylength); current->UserAuth.PrivateKeyIV = cxssBlobdup(iv, iv_length); @@ -555,6 +559,12 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, con /* Advance */ prev = current; + code = sqlite3_step(stmt); + } + + if(code != SQLITE_DONE || head->next == NULL){ + return CXSS_DB_QUERY_ERROR; + nmFree(head, sizeof(CXSS_UserAuth_LLNode)); } current->next = NULL; @@ -563,6 +573,7 @@ cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, con bind_error: mssError(0, "CXSS", "Failed to bind value with SQLite statement: %s\n", sqlite3_errmsg(dbcontext->db)); + if(head != NULL) nmFree(head, sizeof(CXSS_UserAuth_LLNode)); return CXSS_DB_BIND_ERROR; } @@ -1008,7 +1019,7 @@ cxssFreeUserAuthLL(CXSS_UserAuth_LLNode *start) while (start != NULL) { next = start->next; - cxssFreeUserAuth(&start->UserAuth); + cxssFreeUserAuth(&start->UserAuth); nmFree(start, sizeof(CXSS_UserAuth_LLNode)); start = next; } From f79d06494bea98036357bb7069f72888ba0c4540 Mon Sep 17 00:00:00 2001 From: nboard Date: Fri, 8 Jul 2022 17:18:20 -0600 Subject: [PATCH 14/16] Added delete all test for resc table. Updated small errors in tests, including how auth's PK was handled. --- centrallix/tests/test_cxss-credDB_01.c | 4 +- centrallix/tests/test_cxss-credDB_02.c | 3 +- centrallix/tests/test_cxss-credDB_03.c | 33 -------- centrallix/tests/test_cxss-credDB_04.c | 7 +- centrallix/tests/test_cxss-credDB_05.c | 29 +++++-- centrallix/tests/test_cxss-credDB_06.c | 112 +++++++++++++++++++++++++ 6 files changed, 138 insertions(+), 50 deletions(-) create mode 100644 centrallix/tests/test_cxss-credDB_06.c diff --git a/centrallix/tests/test_cxss-credDB_01.c b/centrallix/tests/test_cxss-credDB_01.c index 92d538678..6e21996ce 100644 --- a/centrallix/tests/test_cxss-credDB_01.c +++ b/centrallix/tests/test_cxss-credDB_01.c @@ -130,10 +130,8 @@ test(char** name) /** attempt to delete item not there **/ result = cxssDeleteUserData(dbCon, "2"); - assert(result == CXSS_DB_NOENT_ERROR); /* deleting always works; does not check for change */ - + assert(result == CXSS_DB_NOENT_ERROR); cxssCredentialsDatabaseClose(dbCon); - return 0; } diff --git a/centrallix/tests/test_cxss-credDB_02.c b/centrallix/tests/test_cxss-credDB_02.c index 2d75efe8b..efd208362 100644 --- a/centrallix/tests/test_cxss-credDB_02.c +++ b/centrallix/tests/test_cxss-credDB_02.c @@ -39,7 +39,6 @@ test(char** name) cxssCryptoCleanup(); CXSS_UserAuth data; - data.PK_UserAuth = 1; data.CXSS_UserID = "2"; data.AuthClass = "something"; data.PrivateKey = privKey; @@ -52,7 +51,7 @@ test(char** name) result = cxssInsertUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); - + assert(data.PK_UserAuth == 1); /* should have been set by call */ /*** Retrieve ***/ diff --git a/centrallix/tests/test_cxss-credDB_03.c b/centrallix/tests/test_cxss-credDB_03.c index fe3a197b8..380fc3aca 100644 --- a/centrallix/tests/test_cxss-credDB_03.c +++ b/centrallix/tests/test_cxss-credDB_03.c @@ -179,39 +179,6 @@ test(char** name) assert(result == CXSS_DB_NOENT_ERROR); - /** test delete all **/ - - /** insert 2 entries **/ - CXSS_UserResc data2; - data2.CXSS_UserID = "1"; - data2.ResourceID = "2"; - data2.AESKey = key; - data2.UsernameIV = uNameIV; - data2.AuthDataIV = aDataIV; - data2.ResourceUsername = "anotherUsername"; - data2.ResourceAuthData = "some other auth data."; - data2.DateCreated = "5/7/2022"; - data2.DateLastUpdated = "4/7/2022"; - data2.AESKeyLength = 32; - data2.UsernameIVLength = 16; - data2.AuthDataIVLength = 16; - data2.UsernameLength = strlen(data.ResourceUsername); - data2.AuthDataLength = strlen(data.ResourceAuthData); - - result = cxssInsertUserResc(dbCon, &data); - assert(result == CXSS_DB_SUCCESS); - result = cxssInsertUserResc(dbCon, &data2); - assert(result == CXSS_DB_SUCCESS); - - result = cxssDeleteAllUserResc(dbCon, data.CXSS_UserID); - assert(result == CXSS_DB_SUCCESS); - - result = cxssRetrieveUserResc(dbCon, data.CXSS_UserID, data.ResourceID, &noData); /* attempt to retrieve */ - assert(result == CXSS_DB_QUERY_ERROR); - result = cxssRetrieveUserResc(dbCon, data2.CXSS_UserID, data.ResourceID, &noData); /* attempt to retrieve */ - assert(result == CXSS_DB_QUERY_ERROR); - cxssCredentialsDatabaseClose(dbCon); - return 0; } diff --git a/centrallix/tests/test_cxss-credDB_04.c b/centrallix/tests/test_cxss-credDB_04.c index 45f0eba06..ad25e494c 100644 --- a/centrallix/tests/test_cxss-credDB_04.c +++ b/centrallix/tests/test_cxss-credDB_04.c @@ -48,7 +48,6 @@ test(char** name) for(int i = 0 ; i < n ; i++) { - data.PK_UserAuth = i; result = cxssInsertUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); } @@ -69,7 +68,6 @@ test(char** name) /** Delete by user **/ for(int i = 0 ; i < n ; i++) { - data.PK_UserAuth = i; data.CXSS_UserID = (i < n/2)? "1":"2"; result = cxssInsertUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); @@ -81,7 +79,7 @@ test(char** name) for(int i = 0 ; i < n ; i++) { - result = cxssRetrieveUserAuth(dbCon, i, &temp); + result = cxssRetrieveUserAuth(dbCon, i+1, &temp); assert(result == ((i < n/2)? CXSS_DB_QUERY_ERROR : CXSS_DB_SUCCESS)); } /* test deleting nothing */ @@ -91,7 +89,6 @@ test(char** name) /** test delete by user and auth class **/ for(int i = 0 ; i < n ; i++) { - data.PK_UserAuth = i+n; /* split users into 4 groups */ data.CXSS_UserID = (i < n/2)? "1":"2"; data.AuthClass = (i < n/4 || i > n*3/4)? "1":"2"; @@ -102,7 +99,7 @@ test(char** name) assert(result == CXSS_DB_SUCCESS); for(int i = 0 ; i < n ; i++) { - result = cxssRetrieveUserAuth(dbCon, i+n, &temp); + result = cxssRetrieveUserAuth(dbCon, i+n+1, &temp); assert(result == ((i < n/4)? CXSS_DB_QUERY_ERROR : CXSS_DB_SUCCESS)); } /* test deleting nothing */ diff --git a/centrallix/tests/test_cxss-credDB_05.c b/centrallix/tests/test_cxss-credDB_05.c index c4b1c8a72..bccfb8595 100644 --- a/centrallix/tests/test_cxss-credDB_05.c +++ b/centrallix/tests/test_cxss-credDB_05.c @@ -36,7 +36,6 @@ test(char** name) char class[16], create[16], update[16], test[16]; CXSS_UserAuth data, temp; - data.PK_UserAuth = 1; data.CXSS_UserID = "1"; data.AuthClass = class; data.PrivateKey = privKey; @@ -50,13 +49,13 @@ test(char** name) for(int i = 0 ; i < n ; i++) { /* provide unique, repeatable values */ - data.PK_UserAuth = i; sprintf(class, "something%d",i); sprintf(create, "1/%d/2022",i); sprintf(update, "1/2/20%d",i); result = cxssInsertUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); + assert(data.PK_UserAuth == i+1); } CXSS_UserAuth_LLNode *head, *cur; @@ -73,7 +72,7 @@ test(char** name) sprintf(create, "1/%d/2022", count); sprintf(update, "1/2/20%d", count); - assert(count == cur->UserAuth.PK_UserAuth); + assert(count+1 == cur->UserAuth.PK_UserAuth); assert(strcmp(data.CXSS_UserID, cur->UserAuth.CXSS_UserID) == 0); assert(strcmp(class, cur->UserAuth.AuthClass) == 0); assert(memcmp(data.PrivateKey, cur->UserAuth.PrivateKey, data.KeyLength) == 0); @@ -87,18 +86,20 @@ test(char** name) cur = cur->next; } assert(count == n); + /* clean up */ + cxssFreeUserAuthLL(head); /** test with user id **/ data.CXSS_UserID = "2"; for(int i = n ; i < 2*n ; i++) { - data.PK_UserAuth = i; sprintf(class, "something%d", i); sprintf(create, "1/%d/2022", i); sprintf(update, "1/2/20%d", i); result = cxssInsertUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); + assert(data.PK_UserAuth == i+1); } result = cxssRetrieveUserAuthLL(dbCon, "2", NULL, &head); @@ -113,7 +114,7 @@ test(char** name) sprintf(create, "1/%d/2022", count); sprintf(update, "1/2/20%d", count); - assert(count == cur->UserAuth.PK_UserAuth); + assert(count+1 == cur->UserAuth.PK_UserAuth); assert(strcmp(data.CXSS_UserID, cur->UserAuth.CXSS_UserID) == 0); assert(strcmp(class, cur->UserAuth.AuthClass) == 0); assert(memcmp(data.PrivateKey, cur->UserAuth.PrivateKey, data.KeyLength) == 0); @@ -127,18 +128,20 @@ test(char** name) cur = cur->next; } assert(count == 2*n); + /* clean up */ + cxssFreeUserAuthLL(head); /** test with user id and class **/ data.CXSS_UserID = "2"; data.AuthClass = "something else"; for(int i = 2*n ; i < 3*n ; i++) { - data.PK_UserAuth = i; sprintf(create, "1/%d/2022", i); sprintf(update, "1/2/20%d", i); result = cxssInsertUserAuth(dbCon, &data); assert(result == CXSS_DB_SUCCESS); + assert(data.PK_UserAuth == i+1); } result = cxssRetrieveUserAuthLL(dbCon, "2", "something else", &head); @@ -152,7 +155,7 @@ test(char** name) sprintf(create, "1/%d/2022", count); sprintf(update, "1/2/20%d", count); - assert(count == cur->UserAuth.PK_UserAuth); + assert(count+1 == cur->UserAuth.PK_UserAuth); assert(strcmp(data.CXSS_UserID, cur->UserAuth.CXSS_UserID) == 0); assert(strcmp(data.AuthClass, cur->UserAuth.AuthClass) == 0); assert(memcmp(data.PrivateKey, cur->UserAuth.PrivateKey, data.KeyLength) == 0); @@ -166,6 +169,18 @@ test(char** name) cur = cur->next; } assert(count == 3*n); + /* clean up */ + cxssFreeUserAuthLL(head); + + /** test sets with no results **/ + result = cxssRetrieveUserAuthLL(dbCon, "3", NULL, &head); + assert(result == CXSS_DB_QUERY_ERROR); + + result = cxssRetrieveUserAuthLL(dbCon, "1", "nothing", &head); + assert(result == CXSS_DB_QUERY_ERROR); + + result = cxssRetrieveUserAuthLL(dbCon, "2", "something", &head); + assert(result == CXSS_DB_QUERY_ERROR); cxssCredentialsDatabaseClose(dbCon); return 0; diff --git a/centrallix/tests/test_cxss-credDB_06.c b/centrallix/tests/test_cxss-credDB_06.c new file mode 100644 index 000000000..329630e2e --- /dev/null +++ b/centrallix/tests/test_cxss-credDB_06.c @@ -0,0 +1,112 @@ +#include +#include +#include +#include +#include "cxss/credentials_db.h" +#include "cxss/crypto.h" + +long long +test(char** name) + { + *name = "CXSS Cred DB 06: Delete All Resc"; + + int n = 100; /* WARNING: if set to higher than 255, things will break */ + + /** Set up DB. **/ + char * PATH = "/home/devel/test.db"; + /* Reset DB file if needed */ + if(access(PATH, 0) == 0) + { + assert(remove(PATH) == 0); + } + assert(access(PATH, 0) != 0); + CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); + assert(dbCon != NULL); + + + /* generate valid inputs for key, salt, iv, and their lengths */ + char resc[2]; + resc[1] = '\0'; + char key[32]; + char uNameIV[16]; + char aDataIV[16]; + cxss_internal_InitEntropy(1280); + cxssCryptoInit(); + int result = cxssGenerate256bitRandomKey(&key); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate64bitSalt(uNameIV); + assert(result == CXSS_CRYPTO_SUCCESS); + result = cxssGenerate128bitIV(aDataIV); + assert(result == CXSS_CRYPTO_SUCCESS); + cxssCryptoCleanup(); + + + /** insert n entries **/ + CXSS_UserResc data, temp; + data.CXSS_UserID = "1"; + data.ResourceID = resc; + data.AESKey = key; + data.UsernameIV = uNameIV; + data.AuthDataIV = aDataIV; + data.ResourceUsername = "aUsername"; + data.ResourceAuthData = "some auth data"; + data.DateCreated = "7/5/2022"; + data.DateLastUpdated = "7/4/2022"; + data.AESKeyLength = 32; + data.UsernameIVLength = 16; + data.AuthDataIVLength = 16; + data.UsernameLength = strlen(data.ResourceUsername); + data.AuthDataLength = strlen(data.ResourceAuthData); + + assert(result == CXSS_DB_SUCCESS); + for(int i = 0 ; i < n ; i++) + { + resc[0] = (char) i; + result = cxssInsertUserResc(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + /* test deleting nothing */ + result = cxssDeleteAllUserResc(dbCon, "2"); + assert(result == CXSS_DB_NOENT_ERROR); + + /* delete all and confirm all were deleted */ + result = cxssDeleteAllUserResc(dbCon, "1"); + assert(result == CXSS_DB_SUCCESS); + + for(int i = 0 ; i < n ; i++) + { + resc[0] = (char) i; + result = cxssRetrieveUserResc(dbCon, "1", resc, &temp); + assert(result == CXSS_DB_QUERY_ERROR); + } + /* test deleting nothing */ + result = cxssDeleteAllUserResc(dbCon, "1"); + assert(result == CXSS_DB_NOENT_ERROR); + + /** Delete by user **/ + for(int i = 0 ; i < n ; i++) + { + resc[0] = (char) i; + data.CXSS_UserID = (i < n/2)? "1":"2"; + result = cxssInsertUserResc(dbCon, &data); + assert(result == CXSS_DB_SUCCESS); + } + + /* delete all from user and confirm */ + result = cxssDeleteAllUserResc(dbCon, "1"); + assert(result == CXSS_DB_SUCCESS); + + for(int i = 0 ; i < n ; i++) + { + char* id = (i < n/2)? "1":"2"; + resc[0] = (char) i; + result = cxssRetrieveUserResc(dbCon, id, resc, &temp); + assert(result == ((i < n/2)? CXSS_DB_QUERY_ERROR : CXSS_DB_SUCCESS)); + } + /* test deleting nothing */ + result = cxssDeleteAllUserResc(dbCon, "1"); + assert(result == CXSS_DB_NOENT_ERROR); + + cxssCredentialsDatabaseClose(dbCon); + return 0; + } From 2d6634a62284fbcee4b791245e173c508e52f0a1 Mon Sep 17 00:00:00 2001 From: nboard Date: Wed, 13 Jul 2022 10:58:34 -0600 Subject: [PATCH 15/16] Changed some poor uses of strcmp to memcmp. Changed the filepath for the DB to be within the local testing dir. --- centrallix/tests/tempFiles/README.md | 2 ++ centrallix/tests/test_cxss-credDB_00.c | 2 +- centrallix/tests/test_cxss-credDB_01.c | 2 +- centrallix/tests/test_cxss-credDB_02.c | 2 +- centrallix/tests/test_cxss-credDB_03.c | 2 +- centrallix/tests/test_cxss-credDB_04.c | 2 +- centrallix/tests/test_cxss-credDB_05.c | 2 +- centrallix/tests/test_cxss-credDB_06.c | 2 +- centrallix/tests/test_cxss-crypto_00.c | 2 +- centrallix/tests/test_cxss-crypto_05.c | 22 ++++++++++++++++++---- centrallix/tests/test_cxss-crypto_06.c | 14 +++++++++----- 11 files changed, 37 insertions(+), 17 deletions(-) create mode 100644 centrallix/tests/tempFiles/README.md diff --git a/centrallix/tests/tempFiles/README.md b/centrallix/tests/tempFiles/README.md new file mode 100644 index 000000000..518f206b5 --- /dev/null +++ b/centrallix/tests/tempFiles/README.md @@ -0,0 +1,2 @@ +# Temporary Files +This folder is intended for storing temp files generated by tests. One example of this is the database created by the cxss-credDB tests. Files within this folder, besides this readme, should not be added to the git. \ No newline at end of file diff --git a/centrallix/tests/test_cxss-credDB_00.c b/centrallix/tests/test_cxss-credDB_00.c index b5b2a5142..539d6a6d7 100644 --- a/centrallix/tests/test_cxss-credDB_00.c +++ b/centrallix/tests/test_cxss-credDB_00.c @@ -9,7 +9,7 @@ test(char** name) /** Basic test of init and release */ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH); assert(dbCon != NULL); diff --git a/centrallix/tests/test_cxss-credDB_01.c b/centrallix/tests/test_cxss-credDB_01.c index 6e21996ce..968ee84b0 100644 --- a/centrallix/tests/test_cxss-credDB_01.c +++ b/centrallix/tests/test_cxss-credDB_01.c @@ -8,7 +8,7 @@ test(char** name) *name = "CXSS Cred DB 01: Test user table"; /** Set up DB. **/ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; /** Reset DB file if needed **/ if(access(PATH, 0) == 0) diff --git a/centrallix/tests/test_cxss-credDB_02.c b/centrallix/tests/test_cxss-credDB_02.c index efd208362..a1a0589ac 100644 --- a/centrallix/tests/test_cxss-credDB_02.c +++ b/centrallix/tests/test_cxss-credDB_02.c @@ -9,7 +9,7 @@ test(char** name) *name = "CXSS Cred DB 02: Basic auth table tests"; /** Set up DB. **/ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; /** Reset DB file if needed **/ if(access(PATH, 0) == 0) diff --git a/centrallix/tests/test_cxss-credDB_03.c b/centrallix/tests/test_cxss-credDB_03.c index 380fc3aca..5c4ee3d62 100644 --- a/centrallix/tests/test_cxss-credDB_03.c +++ b/centrallix/tests/test_cxss-credDB_03.c @@ -9,7 +9,7 @@ test(char** name) *name = "CXSS Cred DB 03: resource table basic tests "; /** Set up DB. **/ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; /** Reset DB file if needed **/ if(access(PATH, 0) == 0) diff --git a/centrallix/tests/test_cxss-credDB_04.c b/centrallix/tests/test_cxss-credDB_04.c index ad25e494c..b7c2960e8 100644 --- a/centrallix/tests/test_cxss-credDB_04.c +++ b/centrallix/tests/test_cxss-credDB_04.c @@ -11,7 +11,7 @@ test(char** name) int n = 100; /** Set up DB. **/ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; /* Reset DB file if needed */ if(access(PATH, 0) == 0) { diff --git a/centrallix/tests/test_cxss-credDB_05.c b/centrallix/tests/test_cxss-credDB_05.c index bccfb8595..14e3ce2c0 100644 --- a/centrallix/tests/test_cxss-credDB_05.c +++ b/centrallix/tests/test_cxss-credDB_05.c @@ -11,7 +11,7 @@ test(char** name) int n = 100; /** Set up DB. **/ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; /* Reset DB file if needed */ if(access(PATH, 0) == 0) { diff --git a/centrallix/tests/test_cxss-credDB_06.c b/centrallix/tests/test_cxss-credDB_06.c index 329630e2e..e4e6a441c 100644 --- a/centrallix/tests/test_cxss-credDB_06.c +++ b/centrallix/tests/test_cxss-credDB_06.c @@ -13,7 +13,7 @@ test(char** name) int n = 100; /* WARNING: if set to higher than 255, things will break */ /** Set up DB. **/ - char * PATH = "/home/devel/test.db"; + char * PATH = "./tests/tempFiles/test.db"; /* Reset DB file if needed */ if(access(PATH, 0) == 0) { diff --git a/centrallix/tests/test_cxss-crypto_00.c b/centrallix/tests/test_cxss-crypto_00.c index 63e568478..f15344f0f 100644 --- a/centrallix/tests/test_cxss-crypto_00.c +++ b/centrallix/tests/test_cxss-crypto_00.c @@ -8,7 +8,7 @@ test(char** name) *name = "CXSS Crypto 00: Basic Init"; /** Basic test of init and release */ - cxss_internal_InitEntropy(1280); /* must be into first */ + cxss_internal_InitEntropy(1280); cxssCryptoInit(); cxssCryptoCleanup(); diff --git a/centrallix/tests/test_cxss-crypto_05.c b/centrallix/tests/test_cxss-crypto_05.c index a01d33abc..650e4bfc7 100644 --- a/centrallix/tests/test_cxss-crypto_05.c +++ b/centrallix/tests/test_cxss-crypto_05.c @@ -43,7 +43,7 @@ test(char** name) assert(result == CXSS_CRYPTO_SUCCESS); assert(ciphertext != NULL); assert(cipherLen > 0); - assert(strcmp(data, ciphertext) != 0); + assert(memcmp(data, ciphertext, strlen(data)) != 0); /** test decryption for key 1 **/ char plaintext[4096]; @@ -58,19 +58,23 @@ test(char** name) /** make sure different messages with same key are not the same **/ int cipherLen2 = 4096; char ciphertext2[4096]; + clearBuff(ciphertext, 4096); + clearBuff(ciphertext2, 4096); result = cxssEncryptRSA(short1, strlen(short1), pubKey1, pubSize1, ciphertext, &cipherLen); assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptRSA(short2, strlen(short2), pubKey1, pubSize1, ciphertext2, &cipherLen2); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext, ciphertext2) != 0); + assert(memcmp(ciphertext, ciphertext2, 4096) != 0); /** make sure same data and same key do not match (padding) but decrypt correctly **/ + clearBuff(ciphertext, 4096); + clearBuff(ciphertext2, 4096); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext, &cipherLen); assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext2, &cipherLen2); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext, ciphertext2) != 0); + assert(memcmp(ciphertext, ciphertext2, 4096) != 0); int plainLen2 = 4096; char plaintext2[4096]; @@ -83,11 +87,13 @@ test(char** name) /** make sure same data and different key are not the same, but match on decrypt **/ + clearBuff(ciphertext, 4096); + clearBuff(ciphertext2, 4096); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext, &cipherLen); assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey2, pubSize2, ciphertext2, &cipherLen2);; assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext, ciphertext2) != 0); + assert(memcmp(ciphertext, ciphertext2, 4096) != 0); result = cxssDecryptRSA(ciphertext, cipherLen, privKey1, privSize1, plaintext, &plainLen); assert(result == CXSS_CRYPTO_SUCCESS); @@ -101,3 +107,11 @@ test(char** name) return 0; } + +void clearBuff(char* array, int length) + { + for(int i = 0 ; i < length ; i ++) + { + array[i] = 0; + } + } diff --git a/centrallix/tests/test_cxss-crypto_06.c b/centrallix/tests/test_cxss-crypto_06.c index 84aca69a4..9b2b33d5d 100644 --- a/centrallix/tests/test_cxss-crypto_06.c +++ b/centrallix/tests/test_cxss-crypto_06.c @@ -30,7 +30,7 @@ test(char** name) result = cxssEncryptAES256(data, strlen(data)+1, key1, iv1, &ciphertext1, &cipherLen1); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(data, ciphertext1) != 0); + assert(memcmp(data, ciphertext1, strlen(data)) != 0); /** test decrpty restores data **/ char* plaintext1 = NULL; @@ -47,7 +47,8 @@ test(char** name) result = cxssEncryptAES256(data, strlen(data)+1, key1, iv1, &ciphertext2, &cipherLen2); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext2, ciphertext1) == 0); + int len = cxssAES256CiphertextLength(strlen(data)); + assert(memcmp(ciphertext2, ciphertext1, len) == 0); assert(cipherLen1 == cipherLen2); /** make sure same key, iv with idfferent text is different. **/ @@ -55,7 +56,8 @@ test(char** name) assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptAES256(short2, strlen(short2)+1, key1, iv1, &ciphertext2, &cipherLen2); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext2, ciphertext1) != 0); + len = cxssAES256CiphertextLength(strlen(short1)); + assert(memcmp(ciphertext2, ciphertext1, len) != 0); /** make sure changing the IV changes it **/ char iv2 [16]; @@ -63,7 +65,8 @@ test(char** name) assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptAES256(short1, strlen(short1)+1, key1, iv2, &ciphertext2, &cipherLen2); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext2, ciphertext1) != 0); + len = cxssAES256CiphertextLength(strlen(short1)); + assert(memcmp(ciphertext2, ciphertext1, len) != 0); /** make sure key changes it **/ char key2 [32]; @@ -71,7 +74,8 @@ test(char** name) assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptAES256(short1, strlen(short1)+1, key2, iv1, &ciphertext2, &cipherLen2); assert(result == CXSS_CRYPTO_SUCCESS); - assert(strcmp(ciphertext2, ciphertext1) != 0); + len = cxssAES256CiphertextLength(strlen(short1)); + assert(memcmp(ciphertext2, ciphertext1, len) != 0); cxssCryptoCleanup(); From 42d2c3ef8563bc0cb015547831061982bf2d3871 Mon Sep 17 00:00:00 2001 From: nboard Date: Thu, 14 Jul 2022 12:52:35 -0600 Subject: [PATCH 16/16] replaced a custom function in crypto test 5 with bzero --- centrallix/tests/test_cxss-crypto_05.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/centrallix/tests/test_cxss-crypto_05.c b/centrallix/tests/test_cxss-crypto_05.c index 650e4bfc7..4e299b242 100644 --- a/centrallix/tests/test_cxss-crypto_05.c +++ b/centrallix/tests/test_cxss-crypto_05.c @@ -58,8 +58,8 @@ test(char** name) /** make sure different messages with same key are not the same **/ int cipherLen2 = 4096; char ciphertext2[4096]; - clearBuff(ciphertext, 4096); - clearBuff(ciphertext2, 4096); + bzero(ciphertext, 4096); + bzero(ciphertext2, 4096); result = cxssEncryptRSA(short1, strlen(short1), pubKey1, pubSize1, ciphertext, &cipherLen); assert(result == CXSS_CRYPTO_SUCCESS); @@ -68,8 +68,8 @@ test(char** name) assert(memcmp(ciphertext, ciphertext2, 4096) != 0); /** make sure same data and same key do not match (padding) but decrypt correctly **/ - clearBuff(ciphertext, 4096); - clearBuff(ciphertext2, 4096); + bzero(ciphertext, 4096); + bzero(ciphertext2, 4096); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext, &cipherLen); assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext2, &cipherLen2); @@ -87,8 +87,8 @@ test(char** name) /** make sure same data and different key are not the same, but match on decrypt **/ - clearBuff(ciphertext, 4096); - clearBuff(ciphertext2, 4096); + bzero(ciphertext, 4096); + bzero(ciphertext2, 4096); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey1, pubSize1, ciphertext, &cipherLen); assert(result == CXSS_CRYPTO_SUCCESS); result = cxssEncryptRSA(short1, strlen(short1)+1, pubKey2, pubSize2, ciphertext2, &cipherLen2);; @@ -107,11 +107,3 @@ test(char** name) return 0; } - -void clearBuff(char* array, int length) - { - for(int i = 0 ; i < length ; i ++) - { - array[i] = 0; - } - }