OpenVPN 3 Core Library
Loading...
Searching...
No Matches
test_peer_fingerprint.cpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11//
12
13#include <string>
14
15#include "test_common.hpp"
16#include "openvpn/ssl/peer_fingerprint.hpp"
17
18using namespace openvpn;
19
20namespace unittests {
21
22std::vector<uint8_t> test_fingerprint = {
23 // clang-format off
24 0x44, 0xF5, 0xA6, 0x4D, 0x4A, 0xCB, 0x65, 0xE1, 0x8A, 0x9F, 0x55, 0x89, 0x7F, 0x77, 0xA0, 0x79,
25 0xAA, 0xFB, 0xCC, 0xA1, 0x37, 0x2F, 0xD8, 0xB3, 0x47, 0xAA, 0x9D, 0xE3, 0xD0, 0x76, 0xB1, 0x44
26 // clang-format on
27};
28
29TEST(PeerFingerprint, parse_config)
30{
31 OptionList cfg;
32 cfg.parse_from_config(
33 "peer-fingerprint 01:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44\n"
34 "<peer-fingerprint>\n"
35 " \n"
36 "02:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44\n"
37 "# comment\n"
38 "03:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44 \n"
39 " ; comment\n"
40 "04:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44 \n"
41 "</peer-fingerprint>\n"
42 "peer-fingerprint 05:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44 \n",
43 nullptr);
44 cfg.update_map();
45
46 struct TestPeerFingerprints : public PeerFingerprints
47 {
48 TestPeerFingerprints(const OptionList &opt, std::size_t fp_size)
49 : PeerFingerprints(opt, fp_size)
50 {
51 }
52 std::size_t size()
53 {
54 return fingerprints_.size();
55 }
56 };
57
58 TestPeerFingerprints fps(cfg, test_fingerprint.size());
59 ASSERT_EQ(fps.size(), 5u);
60
61 for (std::size_t i = 1; i <= fps.size(); ++i)
62 {
63 auto fingerprint = test_fingerprint;
64 fingerprint[0] = static_cast<unsigned char>(i);
65 PeerFingerprint fp(fingerprint);
66 ASSERT_EQ(fps.match(fp), true);
67 }
68}
69
70
71TEST(PeerFingerprint, malformed)
72{
73 OptionList cfg;
74 cfg.parse_from_config(
75 "peer-fingerprint 01:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1\n",
76 nullptr);
77 cfg.update_map();
78 EXPECT_THROW(PeerFingerprints(cfg, test_fingerprint.size()), option_error);
79
80 cfg.clear();
81 cfg.parse_from_config(
82 "peer-fingerprint 01:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:55:FF\n",
83 nullptr);
84 cfg.update_map();
85 EXPECT_THROW(PeerFingerprints(cfg, test_fingerprint.size()), option_error);
86
87 cfg.clear();
88 cfg.parse_from_config(
89 "peer-fingerprint 101:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:55\n",
90 nullptr);
91 cfg.update_map();
92 EXPECT_THROW(PeerFingerprints(cfg, test_fingerprint.size()), option_error);
93
94 cfg.clear();
95 cfg.parse_from_config(
96 "peer-fingerprint 11:F5:A6:4D:4A:1CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:55\n",
97 nullptr);
98 cfg.update_map();
99 EXPECT_THROW(PeerFingerprints(cfg, test_fingerprint.size()), option_error);
100
101 cfg.clear();
102 cfg.parse_from_config(
103 "peer-fingerprint 11/F5/A6/4D/4A/CB/65/E1/8A/9F/55/89/7F/77/A0/79/AA/FB/CC/A1/37/2F/D8/B3/47/AA/9D/E3/D0/76/B1/55\n",
104 nullptr);
105 cfg.update_map();
106 EXPECT_THROW(PeerFingerprints(cfg, test_fingerprint.size()), option_error);
107
108 cfg.clear();
109 cfg.parse_from_config(
110 "<peer-fingerprint>\n"
111 " 02:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44\n"
112 "</peer-fingerprint>\n",
113 nullptr);
114 cfg.update_map();
115 EXPECT_THROW(PeerFingerprints(cfg, test_fingerprint.size()), option_error);
116}
117
118
119TEST(PeerFingerprint, stringify)
120{
121 std::string hex_fp("01:f5:a6:4d:4a:cb:65:e1:8a:9f:55:89:7f:77:a0:79:aa:fb:cc:a1:37:2f:d8:b3:47:aa:9d:e3:d0:76:b1:55");
122 PeerFingerprint fp(hex_fp, test_fingerprint.size());
123 ASSERT_EQ(fp.str(), hex_fp);
124}
125
126
127TEST(PeerFingerprint, match_empty)
128{
129 PeerFingerprint fp(test_fingerprint);
130 PeerFingerprints fps;
131 ASSERT_FALSE(fps);
132 ASSERT_EQ(fps.match(fp), false);
133}
134
135
136TEST(PeerFingerprint, match)
137{
138 OptionList cfg;
139 cfg.parse_from_config(
140 "<peer-fingerprint>\n"
141 "A4:E5:A7:1D:AA:E3:65:E1:3A:6E:45:89:80:66:A0:79:BB:E3:EC:41:34:2F:08:83:97:AA:91:33:DF:11:31:AA\n"
142 "44:F5:A6:4D:4A:CB:65:E1:8A:9F:55:89:7F:77:A0:79:AA:FB:CC:A1:37:2F:D8:B3:47:AA:9D:E3:D0:76:B1:44\n"
143 "</peer-fingerprint>\n",
144 nullptr);
145 cfg.update_map();
146
147 PeerFingerprint fp(test_fingerprint);
148 PeerFingerprints fps(cfg, test_fingerprint.size());
149 ASSERT_EQ(fps.match(fp), true);
150}
151
152TEST(PeerFingerprint, no_match)
153{
154 OptionList cfg;
155 cfg.parse_from_config(
156 "peer-fingerprint A4:E5:A7:1D:AA:E3:65:E1:3A:6E:45:89:80:66:A0:79:BB:E3:EC:41:34:2F:08:83:97:AA:91:33:DF:11:31:AA\n",
157 nullptr);
158 cfg.update_map();
159
160 PeerFingerprint fp(test_fingerprint);
161 PeerFingerprints fps(cfg, test_fingerprint.size());
162 ASSERT_EQ(fps.match(fp), false);
163}
164
165
166} // namespace unittests
openvpn::OptionList::parse_from_config
void parse_from_config(const std::string &str, Limits *lim)
Definition options.hpp:985
unittests::test_fingerprint
std::vector< uint8_t > test_fingerprint
Definition test_peer_fingerprint.cpp:22
unittests::TEST
TEST(CPUTime, cpu_time_pid)
Definition test_cpu_time.cpp:110
peer_fingerprint.hpp
openvpn::PeerFingerprints::match
bool match(const PeerFingerprint &fp) const
Definition peer_fingerprint.hpp:115
test_common.hpp