END_TEST // This checks for a proper behavior when providing an existing username, // first, as the first and only username, then after having many on the list START_TEST(test_check_login_proper_data) { PPH_ERROR error; pph_context *context; uint8 threshold = 2; uint8 partial_bytes = 0; unsigned char password[] = "i'mnothere"; unsigned char username[] = "nonexistentpassword"; unsigned char anotheruser[] = "0anotheruser"; unsigned int i; // setup the context context = pph_init_context(threshold,partial_bytes); ck_assert_msg(context != NULL, "this was a good initialization, go tell someone"); // add a single user and see how it behaves: // 1) add a user error = pph_create_account(context, username, strlen(username), password, strlen(password), 1); ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test"); // 2) ask for it, providing correct credentials error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ERROR_OK, "expected OK"); // lets add a whole bunch of users and check for an existing one again // 1) add a whole new bunch of users: for(i=1;i<9;i++) { anotheruser[0] = i+48; error = pph_create_account(context, anotheruser, strlen(anotheruser), "anotherpassword", strlen("anotherpassword"), 1); ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test"); } // 2) ask again, with the correct password error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ERROR_OK, "expected ERROR_OK"); pph_destroy_context(context); }
END_TEST // this test attempts to create full ranged usernames and passwords and check // the login procedures at the same time. START_TEST(test_pph_create_and_check_login_full_range) { pph_context *context; uint8 username_buffer[MAX_USERNAME_LENGTH]; uint8 password_buffer[MAX_PASSWORD_LENGTH]; unsigned int i; uint8 threshold = 2; uint8 partial_bytes = 0; PPH_ERROR error; context = pph_init_context( threshold, partial_bytes); ck_assert(context != NULL); // we will iterate all of the lengths of the username fields and generate // random string users. for( i = 1; i < MAX_USERNAME_LENGTH; i++){ // generate a username and a password of length i get_random_bytes(i, username_buffer); get_random_bytes(i, password_buffer); // create an account with those credentials error = pph_create_account( context, username_buffer, i, password_buffer, i, 1); ck_assert( error == PPH_ERROR_OK ); // check the login of the newly created account error = pph_check_login( context, username_buffer, i, password_buffer, i); ck_assert( error == PPH_ERROR_OK); // now invert the first byte of the password so we can't login password_buffer[0] = ~password_buffer[0]; error = pph_check_login( context, username_buffer, i, password_buffer, i); ck_assert( error != PPH_ERROR_OK); } pph_destroy_context(context); }END_TEST
END_TEST // This checks for a proper return code when asking for the wrong username START_TEST(test_check_login_wrong_username) { PPH_ERROR error; pph_context *context; uint8 threshold = 2; uint8 partial_bytes = 0; unsigned char password[] = "i'mnothere"; unsigned char username[] = "nonexistentpassword"; unsigned char anotheruser[] = "0anotheruser"; unsigned int i; // setup the context context = pph_init_context(threshold,partial_bytes); ck_assert_msg(context != NULL, "this was a good initialization, go tell someone"); // check with an uninitialized userlist first error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, "expected ACCOUNT_IS_INVALID"); // add a single user and see how it behaves: // 1) add a user error = pph_create_account(context, anotheruser, strlen(anotheruser), "anotherpassword", strlen("anotherpassword"), 1); ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test"); // 2) ask for a user that's not here error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, "expected ACCOUNT_IS_INVALID"); // lets add a whole bunch of users and check for an existing one again // 1) add a whole new bunch of users: for(i=1;i<9;i++) { anotheruser[0] = i+48; error = pph_create_account(context, anotheruser, strlen(anotheruser), "anotherpassword",strlen("anotherpassword"), 1); ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test"); } // 2) ask for a user that's not here error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, "expected ACCOUNT_IS_INVALID"); pph_destroy_context(context); }
END_TEST // This test checks for the input of the check_login function, proper error // codes should be returned. START_TEST(test_check_login_input_sanity) { PPH_ERROR error; pph_context *context; uint8 threshold = 2; uint8 partial_bytes = 0; unsigned char password[] = "i'mnothere"; unsigned char username[] = "nonexistentpassword"; unsigned char too_big_username[MAX_USERNAME_LENGTH+2]; unsigned char too_big_password[MAX_PASSWORD_LENGTH+2]; unsigned int i; // lets send a null context pointer first context=NULL; error = pph_check_login(context, username,strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_BAD_PTR, "expected PPH_BAD_PTR"); // we will send a wrong username pointer now context = pph_init_context(threshold, partial_bytes); ck_assert_msg(context != NULL, "this was a good initialization, go tell someone"); error = pph_check_login(context, NULL, 0, password, 0); ck_assert_msg(error == PPH_BAD_PTR, "expected PPH_BAD_PTR"); // do the same for the password error = pph_check_login(context, username, 0, NULL, 0); ck_assert_msg(error == PPH_BAD_PTR, "expected PPH_BAD_PTR"); // now lets create some big usernames and passwords for(i=0;i<MAX_USERNAME_LENGTH+1;i++) { too_big_username[i]='j'; } too_big_username[i]='\0'; // null terminate our string // and query for a login error = pph_check_login(context, too_big_username, strlen(too_big_username), password, strlen(password)); ck_assert_msg(error == PPH_USERNAME_IS_TOO_LONG, "expected USERNAME_IS_TOO_LONG"); // let's do the same with the password for(i=0;i<MAX_PASSWORD_LENGTH+1;i++) { too_big_password[i]='j'; } too_big_password[i]='\0'; error=pph_check_login(context, username, strlen(username), too_big_password, strlen(too_big_password)); ck_assert_msg(error == PPH_PASSWORD_IS_TOO_LONG, "expected PASSWORD_IS_TOO_LONG"); // finally, check it returns the proper error code if the vault is locked // still. We set the unlocked flag to false to lock the context, and we also // know that partial bytes is 0 and won't provide any login functionality. context->is_unlocked = false; error=pph_check_login(context,username,strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_CONTEXT_IS_LOCKED, "expected CONTEXT_IS_LOCKED"); pph_destroy_context(context); }
END_TEST // we will check for a full input range unlocking procedure using random // username-password combinations of various lengths, the procedure should // yield a correct secret and an incorrect secret when prompted with one bad // password START_TEST(test_pph_unlock_password_data_full_range) { uint8 *usernames[MAX_USERNAME_LENGTH]; uint8 *passwords[MAX_PASSWORD_LENGTH]; unsigned int *username_lengths; unsigned int i; PPH_ERROR error; uint8 threshold = 2; uint8 partial_bytes = 0; pph_context *context; // initialize the buffers username_lengths = malloc(sizeof(*username_lengths)*MAX_USERNAME_LENGTH); context = pph_init_context( threshold, partial_bytes); ck_assert(context != NULL); // initialize a username password pair of each length of a random value for( i = 0; i < MAX_USERNAME_LENGTH-1; i++){ usernames[i] = malloc(sizeof(*usernames[i])*MAX_USERNAME_LENGTH); passwords[i] = malloc(sizeof(*passwords[i])*MAX_PASSWORD_LENGTH); ck_assert( usernames[i] != NULL); ck_assert( passwords[i] != NULL); get_random_bytes( i+1, usernames[i]); get_random_bytes( i+1, passwords[i]); username_lengths[i]= i + 1; error = pph_create_account( context, usernames[i], username_lengths[i], passwords[i], username_lengths[i], 1); ck_assert( error == PPH_ERROR_OK); error = pph_check_login( context, usernames[i], username_lengths[i], passwords[i], username_lengths[i]); ck_assert( error == PPH_ERROR_OK); } // lock the context context->is_unlocked = false; // unlock the context error = pph_unlock_password_data( context, MAX_USERNAME_LENGTH -1, usernames, username_lengths, passwords); ck_assert( error == PPH_ERROR_OK ); // check we can login after unlocking for(i = 0; i < MAX_USERNAME_LENGTH-1; i++){ error = pph_check_login( context, usernames[i], username_lengths[i], passwords[i], username_lengths[i]); ck_assert(error == PPH_ERROR_OK); } // now, fail to unlock the context, context->is_unlocked = false; passwords[0][0] = ~passwords[0][0]; error = pph_unlock_password_data( context, MAX_USERNAME_LENGTH -1, usernames, username_lengths, passwords); ck_assert( error != PPH_ERROR_OK); // free everything for(i = 0; i < MAX_USERNAME_LENGTH-1; i++) { free(usernames[i]); free(passwords[i]); } free(username_lengths); pph_destroy_context(context); }END_TEST;
int main(void) { // a context is the data structure that holds the information about the // whole pph store pph_context *context; // Setting a theshold of two means that we are going to need two accounts // to attempt bootstrapping. uint8 threshold = 2; // isolated-check-bits will be set to two, so users can login after any reboot // event. uint8 isolated_check_bits = 2; // setup the context, this will generate us the shares, setup information // needed to operate and initialize all of the data structures. context = pph_init_context(threshold, isolated_check_bits); // add some users, we send the context, a username, a password and a number // of shares to assign to the user. The a user can have many shares, and count // more towards the threshold. pph_create_account(context, "Alice", strlen("Alice"), "I.love.bob", strlen("I.love.bob"), 1); pph_create_account(context, "Bob", strlen("Bob"), "i.secretly.love.eve",strlen("i.secretly.love.eve"),1); // when creating a user with no shares, we get a *shielded* account. // Shielded accounts have their hash encrypted and are unable to // recover shares and thus cannot help to transition to normal operation. pph_create_account(context,"Eve", strlen("Eve"), "i'm.all.ears", strlen("i'm.all.ears"), 0); // to fully check a login we must have a bootstrapped context, we send the // credentials and receive an error in return if(pph_check_login(context, "Alice", strlen("Alice"), "I.love.bob", strlen("I.love.bob")) == PPH_ERROR_OK){ printf("welcome alice\n"); }else{ printf("generic error message\n"); } // We can, then store a context to work with it later, have in mind the // context will be stored in a locked state and alice and bob will have // to bootstrap it. pph_store_context(context,"securepasswords"); // We should destroy a context when we finish to free sensible data, such as // the share information. The pph_destroy_context function ensures that all // of the data structures associated with the context are properly freed. pph_destroy_context(context); // time goes by and we want to start working again, with the same information // about alice, bob and eve... // We reload our context, we reload a context from disk using // pph_reload_context, providing a filename, remember that the obtained // context is locked after loading from disk. context = pph_reload_context("securepasswords"); // at this point we can still provide a login service, thanks to the isolated // validation extension. But in order to create accounts and to provide full login // functionality, we should bootstrap the store. if(pph_check_login(context, "Alice",strlen("alice"), "i'm.trudy", strlen("i'm.trudy")) == PPH_ERROR_OK){ printf("welcome alice!\n"); // this won't happen }else{ printf("go away trudy!\n"); } // during the locked phase, we are unable to create accounts if(pph_create_account(context, "trudy", strlen("trudy"), "I'm.trudy", strlen("I'm.trudy"), 1) == PPH_CONTEXT_IS_LOCKED){ printf("Sorry, we cannot create accounts at this time\n"); }else{ printf("!!! This shouldn't happen\n"); } // In order to be able to create protector accounts, we must bootstrap the. // for this, we setup an array of username strings and an array of password // strings. const uint8 **usernames = malloc(sizeof(*usernames)*2); usernames[0] = strdup("Alice"); usernames[1] = strdup("Bob"); const uint8 **passwords = malloc(sizeof(*passwords)*2); passwords[0] = strdup("I.love.bob"); passwords[1] = strdup("i.secretly.love.eve"); unsigned int *username_lengths = malloc(sizeof(*username_lengths)*2); username_lengths[0] = strlen("Alice"); username_lengths[1] = strlen("bob"); unsigned int *password_lengths = malloc(sizeof(*password_lengths)*2); password_lengths[0] = strlen("I.love.bob"); password_lengths[1] = strlen("i.secretly.love.eve"); // if the information provided was correct, the pph_unlock_password_data // returns PPH_ERROR_OK, bootstraps the vault and recovers the shares. pph_unlock_password_data(context, 2, usernames, username_lengths, passwords, password_lengths); // now the data is available. We can create accounts now. pph_create_account(context, "carl", strlen("carl"), "verysafe", strlen("verysafe"),0); // we can now check accounts using the full feature also (non-isolated-check-bits) if(pph_check_login(context, "carl", strlen("carl"), "verysafe", strlen("verysafe")) == PPH_ERROR_OK){ printf("welcome back carl\n"); }else{ printf("you are not carl"); } // we should now store the context and free the data before leaving pph_store_context(context,"securepasswords"); pph_destroy_context(context); return 0; }
END_TEST // we test partial verification, we use a seemingly locked context and try to // login. We don't care if the account is thresholdless or threshold, since // we only check for the leaked partial bytes. START_TEST(test_pph_partial_verification_and_unlock) { PPH_ERROR error; pph_context *context; uint8 threshold = 2; uint8 partial_bytes = 2; unsigned int i; unsigned int username_count=5; const uint8 *usernames[] = {"username1", "username12", "username1231", "username26", "username5", }; const uint8 *passwords[] = {"password1", "password12", "password1231", "password26", "password5" }; unsigned int username_lengths[] = { strlen("username1"), strlen("username12"), strlen("username1231"), strlen("username26"), strlen("username5"), }; const uint8 *usernames_subset[] = { "username12", "username26"}; unsigned int username_lengths_subset[] = { strlen("username12"), strlen("username26"), }; const uint8 *password_subset[] = { "password12", "password26"}; // check for bad pointers at first error = pph_unlock_password_data(NULL, username_count, usernames, username_lengths, passwords); ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR"); // setup the context context = pph_init_context(threshold, partial_bytes); ck_assert_msg(context != NULL, "this was a good initialization, go tell someone"); // store the accounts for(i=0;i<username_count;i++) { error = pph_create_account(context, usernames[i], strlen(usernames[i]), passwords[i], strlen(passwords[i]),1); ck_assert(error == PPH_ERROR_OK); } // let's pretend all is broken context->is_unlocked = false; context->AES_key = NULL; context->secret = NULL; context->share_context= NULL; // now try to login properly with partial verification error = pph_check_login(context, usernames[0], strlen(usernames[0]), passwords[0], strlen(passwords[0])); ck_assert(error == PPH_ERROR_OK); // now let's see if we can try to login with a wrong password, we shouldn't error = pph_check_login(context, usernames[0], strlen(usernames[0]), "wrongpass", strlen("wrongpass")); ck_assert(error == PPH_ACCOUNT_IS_INVALID); // now give a wrong username count, i.e. below the threshold. error = pph_unlock_password_data(context, 0, usernames, username_lengths, passwords); ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, " Expected ACCOUNT_IS_INVALID"); // do it again, more graphical... error = pph_unlock_password_data(context, threshold -1, usernames, username_lengths, passwords); ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, " Expected ACCOUNT_IS_INVALID"); // let's check for NULL pointers on the username and password fields error = pph_unlock_password_data(context, username_count, NULL, username_lengths, passwords); ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR"); // let's check for NULL pointers on the username and password fields error = pph_unlock_password_data(context, username_count, usernames, username_lengths, NULL); ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR"); // now give a correct full account information, we expect to have our secret // back. error = pph_unlock_password_data(context, username_count, usernames, username_lengths, passwords); ck_assert(error == PPH_ERROR_OK); ck_assert_msg(context->secret !=NULL, " didnt allocate the secret!"); ck_assert(context->AES_key != NULL); // let's imagine it's all broken (Again). context->is_unlocked = false; context->AES_key = NULL; context->secret = NULL; context->share_context = NULL; // now give correct account information, we expect to have our secret // back. error = pph_unlock_password_data(context, 2, usernames_subset, username_lengths_subset, password_subset); ck_assert(error == PPH_ERROR_OK); ck_assert(context->AES_key != NULL); // for the sake of it, let's login with a correct account after the // secret was recombined. error = pph_check_login(context, usernames_subset[0], strlen(usernames_subset[0]),password_subset[0], strlen(password_subset[0])); ck_assert(error == PPH_ERROR_OK); pph_destroy_context(context); }
END_TEST // This checks for a proper behavior when providing an existing username, // first, as the first and only username, then after having many on the list START_TEST(test_check_login_thresholdless) { PPH_ERROR error; pph_context *context; uint8 threshold = 2; uint8 partial_bytes = 2; unsigned char password[] = "i'mnothere"; unsigned char username[] = "nonexistentpassword"; unsigned char anotheruser[] = "0anotheruser"; unsigned int i; // setup the context context = pph_init_context(threshold, partial_bytes); ck_assert_msg(context != NULL, "this was a good initialization, go tell someone"); // add a single user and see how it behaves: // 1) add a user error = pph_create_account(context, username, strlen(username), password, strlen(password), 0); ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test"); // 2) ask for it, providing correct credentials error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ERROR_OK, "expected OK"); // lets add a whole bunch of users and check for an existing one again // 1) add a whole new bunch of users: for(i=1;i<9;i++) { error = pph_create_account(context, anotheruser, strlen(anotheruser), "anotherpassword", strlen("anotherpassword"), 1); ck_assert_msg(error == PPH_ERROR_OK, " this shouldn't have broken the test"); anotheruser[0] = i+48; } // 2) ask again error = pph_check_login(context, username, strlen(username), password, strlen(password)); ck_assert_msg(error == PPH_ERROR_OK, "expected ERROR_OK"); // 3) ask one more time, mistyping our passwords error = pph_check_login(context, username, strlen(username), "i'mnotthere", strlen("i'mnotthere")); ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, " how did we get in!?"); // 4) check if threshold accounts can login (they should) error = pph_check_login(context, "0anotheruser", strlen("0anotheruser"), "anotherpassword", strlen("anotherpassword")); ck_assert_msg(error == PPH_ERROR_OK, " we should've been able to login as admin"); // clean up our mess. pph_destroy_context(context); }