Skip to content

Cred mgr test #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nboard wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Cred mgr test #60

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
eb840eb
Credentials db: update to use newmalloc for memory management.
gbeeley Jun 14, 2022
d2f4c30
Credentials db: memory management switch to newmalloc, continued.
gbeeley Jun 14, 2022
8ed298d
Merge branch 'master' into credentials-mgr
gbeeley Jun 15, 2022
beb717e
Added tests for IV, salt, and key random generation. RSA key pair gen…
Jun 30, 2022
7160b07
Added tests for IV, salt, and key random generation. RSA key pair gen…
Jun 30, 2022
c7e22c0
Merge branch 'cred-mgr-test' of https://github.com/LightSys/centralli…
Jun 30, 2022
ffba040
Merge branch 'cred-mgr-test' of https://github.com/LightSys/centralli…
nboard Jun 30, 2022
540ed9f
Merge branch 'cred-mgr-test' of https://github.com/LightSys/centralli…
nboard Jun 30, 2022
0334927
Added tests for encrypting and decrypting with RSA and AES, as well a…
nboard Jul 5, 2022
cfde138
Added tests for database auth and user tables. Updated typos in Crypt…
nboard Jul 6, 2022
507e233
Added error for updates and deletes that do not affect any rows
nboard Jul 7, 2022
6e8dd74
added tests for user resource, and updated tests to expect updates an…
nboard Jul 7, 2022
7d6d176
Updated cred DB tests to test new Auth insert and delete, as well as …
nboard Jul 7, 2022
e563de2
updated cred DB to allow auth to perform deletes and updates by prima…
nboard Jul 7, 2022
063aedf
Removed salt from auth table. Updated auth tables's delete all and re…
nboard Jul 8, 2022
3ea522b
updated tests to account for salt no longer being in auth table. Adde…
nboard Jul 8, 2022
a23ff12
Made Auth table's PK autoinc. made auth retrieve function assign the …
nboard Jul 8, 2022
f79d064
Added delete all test for resc table. Updated small errors in tests, …
nboard Jul 8, 2022
2d6634a
Changed some poor uses of strcmp to memcmp. Changed the filepath for …
nboard Jul 13, 2022
42d2c3e
replaced a custom function in crypto test 5 with bzero
nboard Jul 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
412 changes: 289 additions & 123 deletions centrallix/cxss/cxss_credentials_db.c
View file
Open in desktop

Large diffs are not rendered by default.

32 changes: 13 additions & 19 deletions centrallix/cxss/cxss_credentials_mgr.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,10 @@ cxssCredentialsManagerClose(void)
* @param cxss_userid Centrallix User ID
* @param pb_userk ey Password-based user encryption key (used to encrypt private key)
* @param keylength Length of password-based user encryption key
* @param salt User salt
* @param salt_len Length of user salt
* @return Status code
*/
int
cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_len,
const char *salt, size_t salt_len)
cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_len)
{
CXSS_UserData UserData = {};
CXSS_UserAuth UserAuth = {};
Expand Down Expand Up @@ -110,11 +107,9 @@ cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_l
UserAuth.CXSS_UserID = cxss_userid;
UserAuth.PrivateKey = encrypted_privatekey;
UserAuth.PrivateKeyIV = iv;
UserAuth.Salt = salt;
UserAuth.DateCreated = current_timestamp;
UserAuth.DateLastUpdated = current_timestamp;
UserAuth.RemovalFlag = false;
UserAuth.SaltLength = salt_len;
UserAuth.KeyLength = encr_privatekey_len;
UserAuth.IVLength = sizeof(iv);

Expand All @@ -127,13 +122,13 @@ cxssAddUser(const char *cxss_userid, const char *pb_userkey, size_t pb_userkey_l
goto error;
}

free(encrypted_privatekey);
nmSysFree(encrypted_privatekey);
cxssDestroyKey(privatekey, privatekey_len);
cxssShred(pb_userkey, pb_userkey_len);
return CXSS_MGR_SUCCESS;

error:
free(encrypted_privatekey);
nmSysFree(encrypted_privatekey);
cxssDestroyKey(privatekey, privatekey_len);
cxssShred(pb_userkey, pb_userkey_len);
return CXSS_MGR_INSERT_ERROR;
Expand Down Expand Up @@ -173,7 +168,7 @@ cxssRetrieveUserPrivateKey(const char *cxss_userid, const char *pb_userkey, size
return CXSS_MGR_SUCCESS;

error:
free(*privatekey);
nmSysFree(*privatekey);
cxssFreeUserAuth(&UserAuth);
cxssShred(pb_userkey, pb_userkey_len);
return CXSS_MGR_RETRIEVE_ERROR;
Expand All @@ -198,7 +193,7 @@ cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *public
}

/* Allocate buffer for public key */
*publickey = malloc(UserData.KeyLength);
*publickey = nmSysMalloc(UserData.KeyLength);
if (!(*publickey)) {
mssError(0, "CXSS", "Memory allocation error\n");
goto error;
Expand Down Expand Up @@ -227,7 +222,7 @@ cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *public
* @return Status code
*/
int
cxssAddResource(const char *cxss_userid, const char *resource_id, const char *auth_class,
cxssAddResource(const char *cxss_userid, const char *resource_id,
const char *resource_username, size_t username_len,
const char *resource_authdata, size_t authdata_len)
{
Expand Down Expand Up @@ -290,7 +285,6 @@ cxssAddResource(const char *cxss_userid, const char *resource_id, const char *au
/* Build struct */
UserResc.CXSS_UserID = cxss_userid;
UserResc.ResourceID = resource_id;
UserResc.AuthClass = auth_class;
UserResc.AESKey = encrypted_rand_key;
UserResc.ResourceUsername = encrypted_username;
UserResc.ResourceAuthData = encrypted_password;
Expand All @@ -310,17 +304,17 @@ cxssAddResource(const char *cxss_userid, const char *resource_id, const char *au
goto error;
}

free(publickey);
free(encrypted_username);
free(encrypted_password);
nmSysFree(publickey);
nmSysFree(encrypted_username);
nmSysFree(encrypted_password);
cxssShred(resource_username, username_len);
cxssShred(resource_authdata, authdata_len);
return CXSS_MGR_SUCCESS;

error:
free(publickey);
free(encrypted_username);
free(encrypted_password);
nmSysFree(publickey);
nmSysFree(encrypted_username);
nmSysFree(encrypted_password);
cxssShred(resource_username, username_len);
cxssShred(resource_authdata, authdata_len);
return CXSS_MGR_INSERT_ERROR;
Expand Down Expand Up @@ -416,7 +410,7 @@ cxss_deleteUser(const char *cxss_userid)
mssError(0, "CXSS", "Failed to delete user data\n");
return CXSS_MGR_DELETE_ERROR;
}
if (cxssDeleteAllUserAuth(dbcontext, cxss_userid) < 0) {
if (cxssDeleteAllUserAuth(dbcontext, cxss_userid, NULL) < 0) {
mssError(0, "CXSS", "Failed to delete user auth data\n");
return CXSS_MGR_DELETE_ERROR;
}
Expand Down
15 changes: 8 additions & 7 deletions centrallix/cxss/cxss_crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
#include <openssl/pem.h>
#include "cxss/crypto.h"
#include "cxss/credentials_db.h"
#include "cxlib/newmalloc.h"

static bool CSPRNG_Initialized = false;

Expand Down Expand Up @@ -73,7 +74,7 @@ cxssEncryptAES256(const char *plaintext, int plaintext_len,
int len;

/* Allocate buffer to store ciphertext */
*ciphertext = malloc(cxssAES256CiphertextLength(plaintext_len));
*ciphertext = (char*)nmSysMalloc(cxssAES256CiphertextLength(plaintext_len));
if (!(*ciphertext)) {
mssError(0, "CXSS", "Memory allocation error\n");
goto error;
Expand Down Expand Up @@ -112,7 +113,7 @@ cxssEncryptAES256(const char *plaintext, int plaintext_len,

error:
EVP_CIPHER_CTX_free(ctx);
free(*ciphertext);
nmSysFree(*ciphertext);
return CXSS_CRYPTO_ENCR_ERROR;
}

Expand Down Expand Up @@ -140,7 +141,7 @@ cxssDecryptAES256(const char *ciphertext, int ciphertext_len,
int len;

/* Allocate buffer to store plaintext */
*plaintext = malloc(cxssAES256CiphertextLength(ciphertext_len));
*plaintext = (char*)nmSysMalloc(cxssAES256CiphertextLength(ciphertext_len));
if (!(*plaintext)) {
mssError(0, "CXSS", "Memory allocation error\n");
goto error;
Expand Down Expand Up @@ -180,7 +181,7 @@ cxssDecryptAES256(const char *ciphertext, int ciphertext_len,

error:
EVP_CIPHER_CTX_free(ctx);
free(*plaintext);
nmSysFree(*plaintext);
return CXSS_CRYPTO_DECR_ERROR;
}

Expand Down Expand Up @@ -346,8 +347,8 @@ cxssGenerateRSA4096bitKeypair(char **privatekey, int *privatekey_len,
goto error;
}

*privatekey = malloc(pri_len + 1);
*publickey = malloc(pub_len + 1);
*privatekey = nmSysMalloc(pri_len + 1);
*publickey = nmSysMalloc(pub_len + 1);
if (!(*publickey) || !(*privatekey)) {
mssError(0, "CXSS", "Memory allocation error\n");
goto error;
Expand Down Expand Up @@ -496,7 +497,7 @@ cxssDestroyKey(char *key, size_t keylength)
{
if (key && keylength >= 0) {
memset(key, 0, keylength);
free(key);
nmSysFree(key);
}
}

5 changes: 3 additions & 2 deletions centrallix/cxss/cxss_util.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
#include <string.h>
#include <time.h>
#include "cxss/util.h"
#include "cxlib/newmalloc.h"

/** @brief Duplicate a string
*
Expand All @@ -18,7 +19,7 @@ cxssStrdup(const char *str)
{
if (!str)
return NULL;
return strdup(str);
return nmSysStrdup(str);
}

/** @brief Duplicate an array of bytes
Expand All @@ -39,7 +40,7 @@ cxssBlobdup(const char *blob, size_t len)
if (!blob)
return NULL;

copy = malloc(sizeof(char) * len);
copy = nmSysMalloc(sizeof(char) * len);
if (!copy) {
mssError(0, "CXSS", "Memory allocation error\n");
exit(EXIT_FAILURE);
Expand Down
19 changes: 13 additions & 6 deletions centrallix/include/cxss/credentials_db.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

#include <sqlite3.h>
#include <stdbool.h>
#include <errno.h>

/* DB Context struct */
typedef struct _CXSS_DB_Context_t {
Expand All @@ -16,9 +17,13 @@ typedef struct _CXSS_DB_Context_t {
sqlite3_stmt *update_user_stmt;
sqlite3_stmt *delete_user_stmt;
sqlite3_stmt *insert_user_auth_stmt;
sqlite3_stmt *update_auth_stmt;
sqlite3_stmt *retrieve_user_auth_stmt;
sqlite3_stmt *retrieve_user_auths_stmt;
sqlite3_stmt *retrieve_user_auths_class_stmt;
sqlite3_stmt *delete_user_auth_stmt;
sqlite3_stmt *delete_user_auths_stmt;
sqlite3_stmt *delete_user_auths_class_stmt;
sqlite3_stmt *insert_resc_stmt;
sqlite3_stmt *retrieve_resc_stmt;
sqlite3_stmt *update_resc_stmt;
Expand All @@ -35,22 +40,21 @@ typedef struct {
} CXSS_UserData;

typedef struct {
int PK_UserAuth;
const char *CXSS_UserID;
const char *Salt;
const char *AuthClass;
const char *PrivateKey;
const char *PrivateKeyIV;
const char *DateCreated;
const char *DateLastUpdated;
bool RemovalFlag;
size_t KeyLength;
size_t SaltLength;
size_t IVLength;
} CXSS_UserAuth;

typedef struct {
const char *CXSS_UserID;
const char *ResourceID;
const char *AuthClass;
const char *AESKey;
const char *UsernameIV;
const char *AuthDataIV;
Expand All @@ -71,6 +75,7 @@ typedef struct _CXSS_LLNode {
} CXSS_UserAuth_LLNode;

typedef enum {
CXSS_DB_NOENT_ERROR = -ENOENT,
CXSS_DB_SETUP_ERROR = -3,
CXSS_DB_BIND_ERROR = -2,
CXSS_DB_QUERY_ERROR = -1,
Expand All @@ -83,18 +88,20 @@ int cxssInsertUserData(CXSS_DB_Context_t dbcontext, CXSS_UserData *UserData);
int cxssInsertUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth);
int cxssInsertUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc);
int cxssRetrieveUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserData *UserData);
int cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserAuth *UserAuth);
int cxssRetrieveUserAuth(CXSS_DB_Context_t dbcontext, int pk_userAuth, CXSS_UserAuth *UserAuth);
int cxssRetrieveUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *resource_id, CXSS_UserResc *UserResc);
int cxssUpdateUserData(CXSS_DB_Context_t dbcontext, CXSS_UserData *UserData);
int cxssUpdateUserAuth(CXSS_DB_Context_t dbcontext, CXSS_UserAuth *UserAuth);
int cxssUpdateUserResc(CXSS_DB_Context_t dbcontext, CXSS_UserResc *UserResc);
int cxssDeleteUserData(CXSS_DB_Context_t dbcontext, const char *cxss_userid);
int cxssDeleteUserAuth(CXSS_DB_Context_t dbcontext, int pk_userAuth);
int cxssDeleteUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *resource_id);
int cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid);
int cxssDeleteAllUserAuth(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char*auth_class);
int cxssDeleteAllUserResc(CXSS_DB_Context_t dbcontext, const char *cxss_userid);
void cxssFreeUserData(CXSS_UserData *UserData);
void cxssFreeUserAuth(CXSS_UserAuth *UserAuth);
void cxssFreeUserResc(CXSS_UserResc *UserResc);
int cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, CXSS_UserAuth_LLNode **node);
int cxssRetrieveUserAuthLL(CXSS_DB_Context_t dbcontext, const char *cxss_userid, const char *auth_class, CXSS_UserAuth_LLNode **node);
void cxssFreeUserAuthLL(CXSS_UserAuth_LLNode *start);
int cxssGetUserCount(CXSS_DB_Context_t dbcontext);
int cxssGetUserRescCount(CXSS_DB_Context_t dbcontext, const char *cxss_userid);
Expand Down
4 changes: 2 additions & 2 deletions centrallix/include/cxss/credentials_mgr.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ typedef enum {

int cxssCredentialsManagerInit(void);
void cxssCredentialsManagerClose(void);
int cxssAddUser(const char *cxss_userid, const char *encryption_key, size_t encryption_key_length, const char *salt, size_t salt_len);
int cxssAddUser(const char *cxss_userid, const char *encryption_key, size_t encryption_key_length);
int cxssRetrieveUserPrivateKey(const char *cxss_userid, const char *user_key, size_t user_key_len, char **privatekey, int *privatekey_len);
int cxssRetrieveUserPublicKey(const char *cxss_userid, char **publickey, int *publickey_len);
int cxssDeleteUser(const char *cxss_userid);
int cxssAddResource(const char *cxss_userid, const char *resource_id, const char *auth_class, const char *resource_username, size_t username_len, const char *resource_password, size_t password_len);
int cxssAddResource(const char *cxss_userid, const char *resource_id, const char *resource_username, size_t username_len, const char *resource_password, size_t password_len);
int cxssGetResource(const char *cxss_userid, const char *resource_id, const char *user_key, size_t user_key_len, char **resource_username, char **resource_data);
int cxssDeleteResource(const char *cxss_userid, const char *resource_id);

Expand Down
20 changes: 20 additions & 0 deletions centrallix/tests/test_cxss-credDB_00.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#include <assert.h>
#include <stdio.h>
#include "cxss/credentials_db.h"

long long
test(char** name)
{
*name = "CXSS Cred DB 00: Basic Init";


/** Basic test of init and release */
char * PATH = "/home/devel/test.db";
Copy link
Member

@gbeeley gbeeley Jul 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Be sure to not have an install-dependent path in the tests. There may not always be a user "devel". You may want to use a relative path in the current folder instead of an absolute path.

CXSS_DB_Context_t dbCon = cxssCredentialsDatabaseInit(PATH);

assert(dbCon != NULL);

cxssCredentialsDatabaseClose(dbCon);

return 0;
}
Loading