END_TEST
// This checks for a proper behavior when providing an existing username,
// first, as the first and only username, then after having many on the list
START_TEST(test_check_login_proper_data) {
PPH_ERROR error;
pph_context *context;
uint8 threshold = 2;
uint8 partial_bytes = 0;
unsigned char password[] = "i'mnothere";
unsigned char username[] = "nonexistentpassword";
unsigned char anotheruser[] = "0anotheruser";
unsigned int i;
// setup the context
context = pph_init_context(threshold,partial_bytes);
ck_assert_msg(context != NULL,
"this was a good initialization, go tell someone");
// add a single user and see how it behaves:
// 1) add a user
error = pph_create_account(context, username, strlen(username), password,
strlen(password), 1);
ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test");
// 2) ask for it, providing correct credentials
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ERROR_OK,
"expected OK");
// lets add a whole bunch of users and check for an existing one again
// 1) add a whole new bunch of users:
for(i=1;i<9;i++) {
anotheruser[0] = i+48;
error = pph_create_account(context, anotheruser, strlen(anotheruser),
"anotherpassword", strlen("anotherpassword"), 1);
ck_assert_msg(error == PPH_ERROR_OK,
" this shouldn't have broken the test");
}
// 2) ask again, with the correct password
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ERROR_OK,
"expected ERROR_OK");
pph_destroy_context(context);
}
END_TEST
// this test attempts to create full ranged usernames and passwords and check
// the login procedures at the same time.
START_TEST(test_pph_create_and_check_login_full_range) {
pph_context *context;
uint8 username_buffer[MAX_USERNAME_LENGTH];
uint8 password_buffer[MAX_PASSWORD_LENGTH];
unsigned int i;
uint8 threshold = 2;
uint8 partial_bytes = 0;
PPH_ERROR error;
context = pph_init_context( threshold, partial_bytes);
ck_assert(context != NULL);
// we will iterate all of the lengths of the username fields and generate
// random string users.
for( i = 1; i < MAX_USERNAME_LENGTH; i++){
// generate a username and a password of length i
get_random_bytes(i, username_buffer);
get_random_bytes(i, password_buffer);
// create an account with those credentials
error = pph_create_account( context, username_buffer, i, password_buffer,
i, 1);
ck_assert( error == PPH_ERROR_OK );
// check the login of the newly created account
error = pph_check_login( context, username_buffer, i, password_buffer, i);
ck_assert( error == PPH_ERROR_OK);
// now invert the first byte of the password so we can't login
password_buffer[0] = ~password_buffer[0];
error = pph_check_login( context, username_buffer, i, password_buffer, i);
ck_assert( error != PPH_ERROR_OK);
}
pph_destroy_context(context);
}END_TEST
END_TEST
// This checks for a proper return code when asking for the wrong username
START_TEST(test_check_login_wrong_username) {
PPH_ERROR error;
pph_context *context;
uint8 threshold = 2;
uint8 partial_bytes = 0;
unsigned char password[] = "i'mnothere";
unsigned char username[] = "nonexistentpassword";
unsigned char anotheruser[] = "0anotheruser";
unsigned int i;
// setup the context
context = pph_init_context(threshold,partial_bytes);
ck_assert_msg(context != NULL,
"this was a good initialization, go tell someone");
// check with an uninitialized userlist first
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID,
"expected ACCOUNT_IS_INVALID");
// add a single user and see how it behaves:
// 1) add a user
error = pph_create_account(context, anotheruser, strlen(anotheruser),
"anotherpassword", strlen("anotherpassword"), 1);
ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test");
// 2) ask for a user that's not here
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID,
"expected ACCOUNT_IS_INVALID");
// lets add a whole bunch of users and check for an existing one again
// 1) add a whole new bunch of users:
for(i=1;i<9;i++) {
anotheruser[0] = i+48;
error = pph_create_account(context, anotheruser, strlen(anotheruser),
"anotherpassword",strlen("anotherpassword"), 1);
ck_assert_msg(error == PPH_ERROR_OK,
" this shouldn't have broken the test");
}
// 2) ask for a user that's not here
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID,
"expected ACCOUNT_IS_INVALID");
pph_destroy_context(context);
}
END_TEST
// This test checks for the input of the check_login function, proper error
// codes should be returned.
START_TEST(test_check_login_input_sanity) {
PPH_ERROR error;
pph_context *context;
uint8 threshold = 2;
uint8 partial_bytes = 0;
unsigned char password[] = "i'mnothere";
unsigned char username[] = "nonexistentpassword";
unsigned char too_big_username[MAX_USERNAME_LENGTH+2];
unsigned char too_big_password[MAX_PASSWORD_LENGTH+2];
unsigned int i;
// lets send a null context pointer first
context=NULL;
error = pph_check_login(context, username,strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_BAD_PTR, "expected PPH_BAD_PTR");
// we will send a wrong username pointer now
context = pph_init_context(threshold, partial_bytes);
ck_assert_msg(context != NULL,
"this was a good initialization, go tell someone");
error = pph_check_login(context, NULL, 0, password, 0);
ck_assert_msg(error == PPH_BAD_PTR, "expected PPH_BAD_PTR");
// do the same for the password
error = pph_check_login(context, username, 0, NULL, 0);
ck_assert_msg(error == PPH_BAD_PTR, "expected PPH_BAD_PTR");
// now lets create some big usernames and passwords
for(i=0;i<MAX_USERNAME_LENGTH+1;i++) {
too_big_username[i]='j';
}
too_big_username[i]='\0'; // null terminate our string
// and query for a login
error = pph_check_login(context, too_big_username, strlen(too_big_username),
password, strlen(password));
ck_assert_msg(error == PPH_USERNAME_IS_TOO_LONG,
"expected USERNAME_IS_TOO_LONG");
// let's do the same with the password
for(i=0;i<MAX_PASSWORD_LENGTH+1;i++) {
too_big_password[i]='j';
}
too_big_password[i]='\0';
error=pph_check_login(context, username, strlen(username),
too_big_password, strlen(too_big_password));
ck_assert_msg(error == PPH_PASSWORD_IS_TOO_LONG,
"expected PASSWORD_IS_TOO_LONG");
// finally, check it returns the proper error code if the vault is locked
// still. We set the unlocked flag to false to lock the context, and we also
// know that partial bytes is 0 and won't provide any login functionality.
context->is_unlocked = false;
error=pph_check_login(context,username,strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_CONTEXT_IS_LOCKED,
"expected CONTEXT_IS_LOCKED");
pph_destroy_context(context);
}
END_TEST
// we will check for a full input range unlocking procedure using random
// username-password combinations of various lengths, the procedure should
// yield a correct secret and an incorrect secret when prompted with one bad
// password
START_TEST(test_pph_unlock_password_data_full_range) {
uint8 *usernames[MAX_USERNAME_LENGTH];
uint8 *passwords[MAX_PASSWORD_LENGTH];
unsigned int *username_lengths;
unsigned int i;
PPH_ERROR error;
uint8 threshold = 2;
uint8 partial_bytes = 0;
pph_context *context;
// initialize the buffers
username_lengths = malloc(sizeof(*username_lengths)*MAX_USERNAME_LENGTH);
context = pph_init_context( threshold, partial_bytes);
ck_assert(context != NULL);
// initialize a username password pair of each length of a random value
for( i = 0; i < MAX_USERNAME_LENGTH-1; i++){
usernames[i] = malloc(sizeof(*usernames[i])*MAX_USERNAME_LENGTH);
passwords[i] = malloc(sizeof(*passwords[i])*MAX_PASSWORD_LENGTH);
ck_assert( usernames[i] != NULL);
ck_assert( passwords[i] != NULL);
get_random_bytes( i+1, usernames[i]);
get_random_bytes( i+1, passwords[i]);
username_lengths[i]= i + 1;
error = pph_create_account( context, usernames[i], username_lengths[i],
passwords[i], username_lengths[i], 1);
ck_assert( error == PPH_ERROR_OK);
error = pph_check_login( context, usernames[i], username_lengths[i],
passwords[i], username_lengths[i]);
ck_assert( error == PPH_ERROR_OK);
}
// lock the context
context->is_unlocked = false;
// unlock the context
error = pph_unlock_password_data( context, MAX_USERNAME_LENGTH -1, usernames,
username_lengths, passwords);
ck_assert( error == PPH_ERROR_OK );
// check we can login after unlocking
for(i = 0; i < MAX_USERNAME_LENGTH-1; i++){
error = pph_check_login( context, usernames[i], username_lengths[i],
passwords[i], username_lengths[i]);
ck_assert(error == PPH_ERROR_OK);
}
// now, fail to unlock the context,
context->is_unlocked = false;
passwords[0][0] = ~passwords[0][0];
error = pph_unlock_password_data( context, MAX_USERNAME_LENGTH -1, usernames,
username_lengths, passwords);
ck_assert( error != PPH_ERROR_OK);
// free everything
for(i = 0; i < MAX_USERNAME_LENGTH-1; i++) {
free(usernames[i]);
free(passwords[i]);
}
free(username_lengths);
pph_destroy_context(context);
}END_TEST;
int main(void)
{
// a context is the data structure that holds the information about the
// whole pph store
pph_context *context;
// Setting a theshold of two means that we are going to need two accounts
// to attempt bootstrapping.
uint8 threshold = 2;
// isolated-check-bits will be set to two, so users can login after any reboot
// event.
uint8 isolated_check_bits = 2;
// setup the context, this will generate us the shares, setup information
// needed to operate and initialize all of the data structures.
context = pph_init_context(threshold, isolated_check_bits);
// add some users, we send the context, a username, a password and a number
// of shares to assign to the user. The a user can have many shares, and count
// more towards the threshold.
pph_create_account(context, "Alice", strlen("Alice"),
"I.love.bob", strlen("I.love.bob"), 1);
pph_create_account(context, "Bob", strlen("Bob"),
"i.secretly.love.eve",strlen("i.secretly.love.eve"),1);
// when creating a user with no shares, we get a *shielded* account.
// Shielded accounts have their hash encrypted and are unable to
// recover shares and thus cannot help to transition to normal operation.
pph_create_account(context,"Eve", strlen("Eve"),
"i'm.all.ears", strlen("i'm.all.ears"), 0);
// to fully check a login we must have a bootstrapped context, we send the
// credentials and receive an error in return
if(pph_check_login(context, "Alice", strlen("Alice"), "I.love.bob",
strlen("I.love.bob")) == PPH_ERROR_OK){
printf("welcome alice\n");
}else{
printf("generic error message\n");
}
// We can, then store a context to work with it later, have in mind the
// context will be stored in a locked state and alice and bob will have
// to bootstrap it.
pph_store_context(context,"securepasswords");
// We should destroy a context when we finish to free sensible data, such as
// the share information. The pph_destroy_context function ensures that all
// of the data structures associated with the context are properly freed.
pph_destroy_context(context);
// time goes by and we want to start working again, with the same information
// about alice, bob and eve...
// We reload our context, we reload a context from disk using
// pph_reload_context, providing a filename, remember that the obtained
// context is locked after loading from disk.
context = pph_reload_context("securepasswords");
// at this point we can still provide a login service, thanks to the isolated
// validation extension. But in order to create accounts and to provide full login
// functionality, we should bootstrap the store.
if(pph_check_login(context, "Alice",strlen("alice"), "i'm.trudy",
strlen("i'm.trudy")) == PPH_ERROR_OK){
printf("welcome alice!\n"); // this won't happen
}else{
printf("go away trudy!\n");
}
// during the locked phase, we are unable to create accounts
if(pph_create_account(context, "trudy", strlen("trudy"), "I'm.trudy",
strlen("I'm.trudy"), 1) == PPH_CONTEXT_IS_LOCKED){
printf("Sorry, we cannot create accounts at this time\n");
}else{
printf("!!! This shouldn't happen\n");
}
// In order to be able to create protector accounts, we must bootstrap the.
// for this, we setup an array of username strings and an array of password
// strings.
const uint8 **usernames = malloc(sizeof(*usernames)*2);
usernames[0] = strdup("Alice");
usernames[1] = strdup("Bob");
const uint8 **passwords = malloc(sizeof(*passwords)*2);
passwords[0] = strdup("I.love.bob");
passwords[1] = strdup("i.secretly.love.eve");
unsigned int *username_lengths = malloc(sizeof(*username_lengths)*2);
username_lengths[0] = strlen("Alice");
username_lengths[1] = strlen("bob");
unsigned int *password_lengths = malloc(sizeof(*password_lengths)*2);
password_lengths[0] = strlen("I.love.bob");
password_lengths[1] = strlen("i.secretly.love.eve");
// if the information provided was correct, the pph_unlock_password_data
// returns PPH_ERROR_OK, bootstraps the vault and recovers the shares.
pph_unlock_password_data(context, 2, usernames, username_lengths, passwords, password_lengths);
// now the data is available. We can create accounts now.
pph_create_account(context, "carl", strlen("carl"), "verysafe",
strlen("verysafe"),0);
// we can now check accounts using the full feature also (non-isolated-check-bits)
if(pph_check_login(context, "carl", strlen("carl"), "verysafe",
strlen("verysafe")) == PPH_ERROR_OK){
printf("welcome back carl\n");
}else{
printf("you are not carl");
}
// we should now store the context and free the data before leaving
pph_store_context(context,"securepasswords");
pph_destroy_context(context);
return 0;
}
END_TEST
// we test partial verification, we use a seemingly locked context and try to
// login. We don't care if the account is thresholdless or threshold, since
// we only check for the leaked partial bytes.
START_TEST(test_pph_partial_verification_and_unlock) {
PPH_ERROR error;
pph_context *context;
uint8 threshold = 2;
uint8 partial_bytes = 2;
unsigned int i;
unsigned int username_count=5;
const uint8 *usernames[] = {"username1",
"username12",
"username1231",
"username26",
"username5",
};
const uint8 *passwords[] = {"password1",
"password12",
"password1231",
"password26",
"password5"
};
unsigned int username_lengths[] = { strlen("username1"),
strlen("username12"),
strlen("username1231"),
strlen("username26"),
strlen("username5"),
};
const uint8 *usernames_subset[] = { "username12",
"username26"};
unsigned int username_lengths_subset[] = { strlen("username12"),
strlen("username26"),
};
const uint8 *password_subset[] = { "password12",
"password26"};
// check for bad pointers at first
error = pph_unlock_password_data(NULL, username_count, usernames,
username_lengths, passwords);
ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");
// setup the context
context = pph_init_context(threshold, partial_bytes);
ck_assert_msg(context != NULL,
"this was a good initialization, go tell someone");
// store the accounts
for(i=0;i<username_count;i++) {
error = pph_create_account(context, usernames[i], strlen(usernames[i]),
passwords[i], strlen(passwords[i]),1);
ck_assert(error == PPH_ERROR_OK);
}
// let's pretend all is broken
context->is_unlocked = false;
context->AES_key = NULL;
context->secret = NULL;
context->share_context= NULL;
// now try to login properly with partial verification
error = pph_check_login(context, usernames[0], strlen(usernames[0]),
passwords[0], strlen(passwords[0]));
ck_assert(error == PPH_ERROR_OK);
// now let's see if we can try to login with a wrong password, we shouldn't
error = pph_check_login(context, usernames[0], strlen(usernames[0]),
"wrongpass", strlen("wrongpass"));
ck_assert(error == PPH_ACCOUNT_IS_INVALID);
// now give a wrong username count, i.e. below the threshold.
error = pph_unlock_password_data(context, 0, usernames,
username_lengths, passwords);
ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID,
" Expected ACCOUNT_IS_INVALID");
// do it again, more graphical...
error = pph_unlock_password_data(context, threshold -1, usernames,
username_lengths, passwords);
ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID,
" Expected ACCOUNT_IS_INVALID");
// let's check for NULL pointers on the username and password fields
error = pph_unlock_password_data(context, username_count, NULL,
username_lengths, passwords);
ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");
// let's check for NULL pointers on the username and password fields
error = pph_unlock_password_data(context, username_count, usernames,
username_lengths, NULL);
ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");
// now give a correct full account information, we expect to have our secret
// back.
error = pph_unlock_password_data(context, username_count, usernames,
username_lengths, passwords);
ck_assert(error == PPH_ERROR_OK);
ck_assert_msg(context->secret !=NULL, " didnt allocate the secret!");
ck_assert(context->AES_key != NULL);
// let's imagine it's all broken (Again).
context->is_unlocked = false;
context->AES_key = NULL;
context->secret = NULL;
context->share_context = NULL;
// now give correct account information, we expect to have our secret
// back.
error = pph_unlock_password_data(context, 2, usernames_subset,
username_lengths_subset, password_subset);
ck_assert(error == PPH_ERROR_OK);
ck_assert(context->AES_key != NULL);
// for the sake of it, let's login with a correct account after the
// secret was recombined.
error = pph_check_login(context, usernames_subset[0],
strlen(usernames_subset[0]),password_subset[0], strlen(password_subset[0]));
ck_assert(error == PPH_ERROR_OK);
pph_destroy_context(context);
}
END_TEST
// This checks for a proper behavior when providing an existing username,
// first, as the first and only username, then after having many on the list
START_TEST(test_check_login_thresholdless) {
PPH_ERROR error;
pph_context *context;
uint8 threshold = 2;
uint8 partial_bytes = 2;
unsigned char password[] = "i'mnothere";
unsigned char username[] = "nonexistentpassword";
unsigned char anotheruser[] = "0anotheruser";
unsigned int i;
// setup the context
context = pph_init_context(threshold, partial_bytes);
ck_assert_msg(context != NULL,
"this was a good initialization, go tell someone");
// add a single user and see how it behaves:
// 1) add a user
error = pph_create_account(context, username, strlen(username), password,
strlen(password), 0);
ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test");
// 2) ask for it, providing correct credentials
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ERROR_OK,
"expected OK");
// lets add a whole bunch of users and check for an existing one again
// 1) add a whole new bunch of users:
for(i=1;i<9;i++) {
error = pph_create_account(context, anotheruser, strlen(anotheruser),
"anotherpassword", strlen("anotherpassword"), 1);
ck_assert_msg(error == PPH_ERROR_OK,
" this shouldn't have broken the test");
anotheruser[0] = i+48;
}
// 2) ask again
error = pph_check_login(context, username, strlen(username), password,
strlen(password));
ck_assert_msg(error == PPH_ERROR_OK,
"expected ERROR_OK");
// 3) ask one more time, mistyping our passwords
error = pph_check_login(context, username, strlen(username), "i'mnotthere",
strlen("i'mnotthere"));
ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, " how did we get in!?");
// 4) check if threshold accounts can login (they should)
error = pph_check_login(context, "0anotheruser", strlen("0anotheruser"),
"anotherpassword", strlen("anotherpassword"));
ck_assert_msg(error == PPH_ERROR_OK,
" we should've been able to login as admin");
// clean up our mess.
pph_destroy_context(context);
}
