Skip to content

Commit 0157f81

Browse files
committed
test/psk: add testcase for TLS identity derivation
Add a testcase for TLS identity derivation to catch errors from the HKDF-Expand-Label algorithm changes. Signed-off-by: Hannes Reinecke <[email protected]>
1 parent a3995d2 commit 0157f81

1 file changed

Lines changed: 81 additions & 14 deletions

File tree

test/psk.c

Lines changed: 81 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,15 @@
1515

1616
static int test_rc;
1717

18-
struct test_data {
18+
struct test_data_psk {
1919
const unsigned char configured_psk[48];
2020
size_t psk_length;
2121
unsigned char version;
2222
unsigned char hmac;
2323
const char *exported_psk;
2424
};
2525

26-
static struct test_data test_data[] = {
26+
static struct test_data_psk test_data_psk[] = {
2727
{ { 0x55, 0x12, 0xDB, 0xB6,
2828
0x73, 0x7D, 0x01, 0x06,
2929
0xF6, 0x59, 0x75, 0xB7,
@@ -60,6 +60,45 @@ static struct test_data test_data[] = {
6060
"NVMeTLSkey-1:02:VRLbtnN9AQb2WXW3c9+wEf/DRLz0QuLdbYvEhwtdWwP/w0S89ELi3W2LxIcLXVsDn8kXZQ==:" },
6161
};
6262

63+
struct test_data_identity {
64+
const unsigned char configured_psk[48];
65+
size_t psk_length;
66+
unsigned char version;
67+
unsigned char hmac;
68+
const char *hostnqn;
69+
const char *subsysnqn;
70+
const char *identity;
71+
};
72+
73+
static struct test_data_identity test_data_identity[] = {
74+
{ { 0x55, 0x12, 0xDB, 0xB6,
75+
0x73, 0x7D, 0x01, 0x06,
76+
0xF6, 0x59, 0x75, 0xB7,
77+
0x73, 0xDF, 0xB0, 0x11,
78+
0xFF, 0xC3, 0x44, 0xBC,
79+
0xF4, 0x42, 0xE2, 0xDD,
80+
0x6D, 0x8B, 0xC4, 0x87,
81+
0x0B, 0x5D, 0x5B, 0x03},
82+
32, 1, NVME_HMAC_ALG_SHA2_256,
83+
"nqn.psk-test-host", "nqn.psk-test-subsys",
84+
"NVMe1R01 nqn.psk-test-host nqn.psk-test-subsys 66GuqV08TsAGII39teWUfwQwizjv06Jy8jOcX3NAAzM=" },
85+
{ { 0x55, 0x12, 0xDB, 0xB6,
86+
0x73, 0x7D, 0x01, 0x06,
87+
0xF6, 0x59, 0x75, 0xB7,
88+
0x73, 0xDF, 0xB0, 0x11,
89+
0xFF, 0xC3, 0x44, 0xBC,
90+
0xF4, 0x42, 0xE2, 0xDD,
91+
0x6D, 0x8B, 0xC4, 0x87,
92+
0x0B, 0x5D, 0x5B, 0x03,
93+
0xFF, 0xC3, 0x44, 0xBC,
94+
0xF4, 0x42, 0xE2, 0xDD,
95+
0x6D, 0x8B, 0xC4, 0x87,
96+
0x0B, 0x5D, 0x5B, 0x03},
97+
48, 1, NVME_HMAC_ALG_SHA2_384,
98+
"nqn.psk-test-host", "nqn.psk-test-subsys",
99+
"NVMe1R02 nqn.psk-test-host nqn.psk-test-subsys RsKmYJ3nAn1ApjjMloJFbAkLPivONDAX/xW327YBUsn2eGShXSjCZvBaOxscLqmz" },
100+
};
101+
63102
static void check_str(const char *exp, const char *res)
64103
{
65104
if (!strcmp(res, exp))
@@ -70,7 +109,7 @@ static void check_str(const char *exp, const char *res)
70109
test_rc = 1;
71110
}
72111

73-
static void export_test(struct test_data *test)
112+
static void export_test(struct test_data_psk *test)
74113
{
75114
char *psk;
76115

@@ -92,7 +131,7 @@ static void export_test(struct test_data *test)
92131
free(psk);
93132
}
94133

95-
static void import_test(struct test_data *test)
134+
static void import_test(struct test_data_psk *test)
96135
{
97136
unsigned char *psk;
98137
int psk_length;
@@ -133,7 +172,7 @@ static void import_test(struct test_data *test)
133172
free(psk);
134173
}
135174

136-
static void export_versioned_test(struct test_data *test)
175+
static void export_versioned_test(struct test_data_psk *test)
137176
{
138177
char *psk;
139178

@@ -158,7 +197,7 @@ static void export_versioned_test(struct test_data *test)
158197
free(psk);
159198
}
160199

161-
static void import_versioned_test(struct test_data *test)
200+
static void import_versioned_test(struct test_data_psk *test)
162201
{
163202
unsigned char *psk;
164203
unsigned char version;
@@ -207,19 +246,47 @@ static void import_versioned_test(struct test_data *test)
207246
free(psk);
208247
}
209248

249+
static void identity_test(struct test_data_identity *test)
250+
{
251+
char *id;
252+
253+
if (test->version != 1 ||
254+
!(test->hmac == NVME_HMAC_ALG_SHA2_256 ||
255+
test->hmac == NVME_HMAC_ALG_SHA2_384))
256+
return;
257+
258+
printf("test nvme_generate_tls_key_identity host %s subsys %s hmac %d %s\n",
259+
test->hostnqn, test->subsysnqn, test->hmac, test->identity);
260+
261+
id = nvme_generate_tls_key_identity(test->hostnqn, test->subsysnqn,
262+
test->version, test->hmac,
263+
(unsigned char *)test->configured_psk,
264+
test->psk_length);
265+
if (!id) {
266+
test_rc = 1;
267+
printf("ERROR: nvme_generate_tls_key_identity() failed with %d\n", errno);
268+
return;
269+
}
270+
check_str(test->identity, id);
271+
free(id);
272+
}
273+
210274
int main(void)
211275
{
212-
for (int i = 0; i < ARRAY_SIZE(test_data); i++)
213-
export_test(&test_data[i]);
276+
for (int i = 0; i < ARRAY_SIZE(test_data_psk); i++)
277+
export_test(&test_data_psk[i]);
278+
279+
for (int i = 0; i < ARRAY_SIZE(test_data_psk); i++)
280+
import_test(&test_data_psk[i]);
214281

215-
for (int i = 0; i < ARRAY_SIZE(test_data); i++)
216-
import_test(&test_data[i]);
282+
for (int i = 0; i < ARRAY_SIZE(test_data_psk); i++)
283+
export_versioned_test(&test_data_psk[i]);
217284

218-
for (int i = 0; i < ARRAY_SIZE(test_data); i++)
219-
export_versioned_test(&test_data[i]);
285+
for (int i = 0; i < ARRAY_SIZE(test_data_psk); i++)
286+
import_versioned_test(&test_data_psk[i]);
220287

221-
for (int i = 0; i < ARRAY_SIZE(test_data); i++)
222-
import_versioned_test(&test_data[i]);
288+
for (int i = 0; i < ARRAY_SIZE(test_data_identity); i++)
289+
identity_test(&test_data_identity[i]);
223290

224291
return test_rc ? EXIT_FAILURE : EXIT_SUCCESS;
225292
}

0 commit comments

Comments
 (0)