}END_TEST





// do a full lifecycle test, in other words, create a context with accounts, 
// store it, reload it, unlock it and provide login and creation service. 
START_TEST(test_pph_store_and_reload_with_users) {
  
  
  PPH_ERROR error;
  pph_context *context;
  uint8 threshold = 2; 
  uint8 partial_bytes = 0;
  uint8 secret[DIGEST_LENGTH]; 
  unsigned int i;
  unsigned int username_count=5;
  const uint8 *usernames[] = {"username1",
                              "username12",
                              "username1231",
                              "username26",
                              "username5",
                            };
  const uint8 *passwords[] = {"password1",
                              "password12",
                              "password1231",
                              "password26",
                              "password5"
                              };

  unsigned int username_lengths[] = { strlen("username1"),
                                      strlen("username12"),
                                      strlen("username1231"),
                                      strlen("username26"),
                                      strlen("username5"),
                                  };
  const uint8 *usernames_subset[] = { "username12",
                                      "username26"};
  unsigned int username_lengths_subset[] = { strlen("username12"),
                                            strlen("username26"),
                                            };

  const uint8 *password_subset[] = {"password12",
                                    "password26"};

  // setup the context 
  context = pph_init_context(threshold, partial_bytes);
  ck_assert_msg(context != NULL,
      "this was a good initialization, go tell someone");
  for(i=0;i<username_count;i++) {
    pph_create_account(context,usernames[i], strlen(usernames[i]),passwords[i],
          strlen(passwords[i]),1);
  }
 

  // backup our secret
  memcpy(secret,context->secret,DIGEST_LENGTH);

  // let's store our data!
  error = pph_store_context(context,"pph.db");
  ck_assert_msg(error == PPH_ERROR_OK, " couldn't store a context with users");
  

  // destroy the existing context in memory
  pph_destroy_context(context); 


  // reload the one in disk.
  context = pph_reload_context("pph.db");
  ck_assert_msg(context != NULL, " Didn't get a valid structure from disk");

  // now give a correct full account information, we expect to have our secret
  // back. 
  pph_account_node *user_nodes;
  user_nodes = context->account_data;
  error = pph_unlock_password_data(context, username_count, usernames,
      username_lengths, passwords);
  for(i=0;i<DIGEST_LENGTH;i++) {
    ck_assert(secret[i]==context->secret[i]);
  }

  
  // clean up, we will reload the context. 
  pph_destroy_context(context);

  context = pph_reload_context("pph.db");
  ck_assert_msg(context != NULL, " didn't get a valid structure from disk");

  // now give a correct full account information, we expect to have our secret
  // back. 
  error = pph_unlock_password_data(context, 2, usernames_subset,
        username_lengths_subset, password_subset);
  for(i=0;i<DIGEST_LENGTH;i++) {
    ck_assert(secret[i]==context->secret[i]);
  }

  pph_destroy_context(context);
}
END_TEST





// we check that the unlock password data cannot unlock the valut provided w
// wrong information. 
START_TEST(test_pph_unlock_password_data_correct_thresholds) {
  
  
  PPH_ERROR error;
  pph_context *context;
  uint8 threshold = 2; 
  uint8 partial_bytes = 0;
                          
  unsigned int i;
  unsigned int username_count=5;
  uint8 secret[DIGEST_LENGTH];

  const uint8 *usernames[] = {"username1",
                              "username12",
                              "username1231",
                              "username26",
                              "username5",
                            };
  const uint8 *passwords[] = {"password1",
                              "password12",
                              "password1231",
                              "password26",
                              "password5"
                              };

  unsigned int username_lengths[] = { strlen("username1"),
                                      strlen("username12"),
                                      strlen("username1231"),
                                      strlen("username26"),
                                      strlen("username5"),
                                  };
  const uint8 *usernames_subset[] = { "username12",
                                      "username26"};
  unsigned int username_lengths_subset[] = { strlen("username12"),
                                            strlen("username26"),
                                    };
  const uint8 *password_subset[] = {"password12",
                                    "password26"};
  const uint8 *bad_passwords[] = { "whoisthisguy?",
                                   "notauser"};
  
  
  
  // setup the context 
  context = pph_init_context(threshold,partial_bytes);
  ck_assert_msg(context != NULL,
      "this was a good initialization, go tell someone");
  
  //backup the secret
  memcpy(secret,context->secret,DIGEST_LENGTH);

  // create some usernames so we can unlock the context.
  for(i=0;i<username_count;i++) {
    pph_create_account(context,usernames[i], strlen(usernames[i]), passwords[i],
          strlen(passwords[i]),1);
  }


  // let's imagine it's all broken
  context->is_unlocked = false;
  strcpy(context->secret,"thiswasnotthesecretstring");

  // now give a correct full account information, we expect to have our secret
  // back. 
  error = pph_unlock_password_data(context, username_count, usernames,
      username_lengths, passwords);
  for(i=0;i<DIGEST_LENGTH;i++) {
    ck_assert(secret[i] ==  context->secret[i]);
  }

  // let's imagine it's all broken (Again)
  context->is_unlocked = false;
  strcpy(context->secret,"thiswasnotthesecretstring");

  // now give a correct full account information, we expect to have our secret
  // back. 
  error = pph_unlock_password_data(context, 2, usernames_subset,
      username_lengths_subset, password_subset);
  for(i=0;i<DIGEST_LENGTH;i++) {
    ck_assert(secret[i] ==  context->secret[i]);
  }


  // and last but not least, create a superuser account and unlock it 
  // by himself, note how he's got three shares assigned to his account.
  pph_create_account(context,"ipicklocks", strlen("ipicklocks"),"ipickpockets",
      strlen("ipickpockets"), 3);
  error = pph_unlock_password_data(context, 1 ,strdup("ipicklocks"),
      1, strdup("ipickpockets"));
  
  for(i=0;i<DIGEST_LENGTH;i++) {
    ck_assert(secret[i] ==  context->secret[i]);
  }
  
  // attempt to unlock the vault with  wrong passwords
  free(context->secret);
  context->is_unlocked = false;

  error = pph_unlock_password_data(context, 2, usernames_subset,
     username_lengths_subset, bad_passwords);
  ck_assert(error == PPH_ACCOUNT_IS_INVALID);

  // clean up our mess
  pph_destroy_context(context);
}
}END_TEST


////////// shamir recombination and persistent storage test cases. //////////

// this checks that the unlock password data correctly parses input.
START_TEST(test_pph_unlock_password_data_input_sanity) {
  
  PPH_ERROR error;
  pph_context *context;
  uint8 threshold = 2; 
  uint8 partial_bytes = 0;
                          
  unsigned int i;
  unsigned int username_count=5;
  const uint8 *usernames[] = {"username1",
                              "username12",
                              "username1231",
                              "username26",
                              "username5",
                            };
  unsigned int username_lengths[] = { strlen("username1"),
                                      strlen("username12"),
                                      strlen("username1231"),
                                      strlen("username26"),
                                      strlen("username5"),
                                  };
  const uint8 *passwords[] = {"password1",
                              "password12",
                              "password1231",
                              "password26",
                              "password5"
                              };

  
  // check for bad pointers at first
  error = pph_unlock_password_data(NULL, username_count, usernames,
     username_lengths, passwords);
  ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");

  // setup the context 
  context = pph_init_context(threshold, partial_bytes);
  ck_assert_msg(context != NULL,
      "this was a good initialization, go tell someone");
  
  // let's imagine it's all broken
  context->is_unlocked = false;
  
  // now give a wrong username count, below the threshold.
  error = pph_unlock_password_data(context, 0, usernames, username_lengths,
      passwords);
  ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, 
      " Expected ACCOUNT_IS_INVALID");

  // do it again, more graphical... 
  error = pph_unlock_password_data(context, threshold -1, usernames,
     username_lengths, passwords);
  ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, 
      " Expected ACCOUNT_IS_INVALID");

  // let's check for NULL pointers on the username and password fields
  error = pph_unlock_password_data(context, username_count, NULL, 
     username_lengths, passwords);
  ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");

 
  // check for wrong values in the username_lengths field
  error = pph_unlock_password_data(context, username_count, usernames, NULL,
      passwords);
  ck_assert( error == PPH_BAD_PTR);

  // let's check for NULL pointers on the username and password fields
  error = pph_unlock_password_data(context, username_count, usernames, 
      username_lengths, NULL);
  ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");

  pph_destroy_context(context);

}
END_TEST





// we will check for a full input range unlocking procedure using random
// username-password combinations of various lengths, the procedure should
// yield a correct secret and an incorrect secret when prompted with one bad
// password
START_TEST(test_pph_unlock_password_data_full_range) {
  
  
  uint8 *usernames[MAX_USERNAME_LENGTH];
  uint8 *passwords[MAX_PASSWORD_LENGTH];
  unsigned int *username_lengths;
  unsigned int i;
  PPH_ERROR error;
  uint8 threshold = 2;
  uint8 partial_bytes = 0;
  pph_context *context;

  // initialize the buffers
  username_lengths = malloc(sizeof(*username_lengths)*MAX_USERNAME_LENGTH);

  context = pph_init_context( threshold, partial_bytes);
  ck_assert(context != NULL);
  
  // initialize a username password pair of each length of a random value
  for( i = 0; i < MAX_USERNAME_LENGTH-1; i++){

    usernames[i] = malloc(sizeof(*usernames[i])*MAX_USERNAME_LENGTH);
    passwords[i] = malloc(sizeof(*passwords[i])*MAX_PASSWORD_LENGTH);
    ck_assert( usernames[i] != NULL);
    ck_assert( passwords[i] != NULL);

    get_random_bytes( i+1, usernames[i]);
    get_random_bytes( i+1, passwords[i]);
    
   
    username_lengths[i]= i + 1;
    
    error = pph_create_account( context, usernames[i], username_lengths[i],
        passwords[i], username_lengths[i], 1);
    ck_assert( error == PPH_ERROR_OK);
    
    error = pph_check_login( context, usernames[i], username_lengths[i],
        passwords[i], username_lengths[i]);
    ck_assert( error == PPH_ERROR_OK);

  }

  // lock the context
  context->is_unlocked = false;
  
  // unlock the context
  error = pph_unlock_password_data( context, MAX_USERNAME_LENGTH -1, usernames,
      username_lengths, passwords);
  ck_assert( error == PPH_ERROR_OK );

  // check we can login after unlocking
  for(i = 0; i < MAX_USERNAME_LENGTH-1; i++){
  
    error = pph_check_login( context, usernames[i], username_lengths[i],
        passwords[i], username_lengths[i]);
    ck_assert(error == PPH_ERROR_OK);

  }

  // now, fail to unlock the context, 
  context->is_unlocked = false;
  passwords[0][0] = ~passwords[0][0];

  error = pph_unlock_password_data( context, MAX_USERNAME_LENGTH -1, usernames,
      username_lengths, passwords);
  ck_assert( error != PPH_ERROR_OK);

  // free everything
  for(i = 0; i < MAX_USERNAME_LENGTH-1; i++) {
    
    free(usernames[i]);
    free(passwords[i]);

  }

  free(username_lengths);
  pph_destroy_context(context);

}END_TEST;
int main(void)
{

  // a context is the data structure that holds the information about the 
  // whole pph store
  pph_context *context;

  // Setting a theshold of two means that we are going to need two accounts 
  // to attempt bootstrapping. 
  uint8 threshold = 2;    
                          
  // isolated-check-bits will be set to two, so users can login after any reboot
  // event.
  uint8 isolated_check_bits = 2;
                         


  // setup the context, this will generate us the shares, setup information 
  // needed to operate and initialize all of the data structures.
  context = pph_init_context(threshold, isolated_check_bits);
  
  
  // add some users, we send the context, a username, a password and a number
  // of shares to assign to the user. The a user can have many shares, and count
  // more towards the threshold. 
  pph_create_account(context, "Alice", strlen("Alice"),
                                       "I.love.bob", strlen("I.love.bob"), 1);
  pph_create_account(context, "Bob", strlen("Bob"),
                       "i.secretly.love.eve",strlen("i.secretly.love.eve"),1);
  
  // when creating a user with no shares, we get a *shielded* account. 
  // Shielded accounts have their hash encrypted and are unable to 
  // recover shares and thus cannot help to transition to normal operation. 
  pph_create_account(context,"Eve", strlen("Eve"),
                                   "i'm.all.ears", strlen("i'm.all.ears"), 0);
  
  // to fully check a login we must have a bootstrapped context, we send the
  // credentials and receive an error in return
  if(pph_check_login(context, "Alice", strlen("Alice"), "I.love.bob",
         strlen("I.love.bob")) == PPH_ERROR_OK){
    printf("welcome alice\n");
  }else{
    printf("generic error message\n");
  }

  // We can, then store a context to work with it later, have in mind the 
  // context will be stored in a locked state and alice and bob will have 
  // to bootstrap it. 
  pph_store_context(context,"securepasswords");
  
  // We should destroy a context when we finish to free sensible data, such as
  // the share information. The pph_destroy_context function ensures that all
  // of the data structures associated with the context are properly freed. 
  pph_destroy_context(context);
  
  // time goes by and we want to start working again, with the same information
  // about alice, bob and eve...
  
  // We reload our context, we reload a context from disk using
  // pph_reload_context, providing a filename, remember that the obtained 
  // context is locked after loading from disk.
  context = pph_reload_context("securepasswords");
  
  // at this point we can still provide a login service, thanks to the isolated 
  // validation extension. But in order to create accounts and to provide full login
  // functionality, we should bootstrap the store.
  if(pph_check_login(context, "Alice",strlen("alice"), "i'm.trudy", 
                                          strlen("i'm.trudy")) == PPH_ERROR_OK){
    printf("welcome alice!\n"); // this won't happen
  }else{
    printf("go away trudy!\n");
  }

  // during the locked phase, we are unable to create accounts
  if(pph_create_account(context, "trudy", strlen("trudy"), "I'm.trudy", 
                            strlen("I'm.trudy"), 1) == PPH_CONTEXT_IS_LOCKED){
    printf("Sorry, we cannot create accounts at this time\n");
  }else{
    printf("!!! This shouldn't happen\n");
  }
  
  // In order to be able to create protector accounts, we must bootstrap the.
  // for this, we setup an array of username strings and an array of password 
  // strings.
  const uint8 **usernames = malloc(sizeof(*usernames)*2);
  usernames[0] = strdup("Alice");
  usernames[1] = strdup("Bob");
  
  const uint8  **passwords = malloc(sizeof(*passwords)*2);
  passwords[0] = strdup("I.love.bob");
  passwords[1] = strdup("i.secretly.love.eve");

  unsigned int *username_lengths = malloc(sizeof(*username_lengths)*2);
  username_lengths[0] = strlen("Alice");
  username_lengths[1] = strlen("bob");
  
  unsigned int *password_lengths = malloc(sizeof(*password_lengths)*2);
  password_lengths[0] = strlen("I.love.bob");
  password_lengths[1] = strlen("i.secretly.love.eve");
  
  
  // if the information provided was correct, the pph_unlock_password_data
  // returns PPH_ERROR_OK, bootstraps the vault and recovers the shares.
  pph_unlock_password_data(context, 2, usernames, username_lengths, passwords, password_lengths);

  // now the data is available. We can create accounts now.
  pph_create_account(context, "carl", strlen("carl"), "verysafe", 
                                                        strlen("verysafe"),0);
  
  // we can now check accounts using the full feature also (non-isolated-check-bits)
  if(pph_check_login(context, "carl", strlen("carl"), "verysafe",
                                          strlen("verysafe")) == PPH_ERROR_OK){
    printf("welcome back carl\n"); 
  }else{
    printf("you are not carl");
  }
  
  
  // we should now store the context and free the data before leaving
  pph_store_context(context,"securepasswords");
  pph_destroy_context(context);


  return 0;
}
Exemplo n.º 6
0
END_TEST




// we test partial verification, we use a seemingly locked context and try to
// login. We don't care if the account is thresholdless or threshold, since
// we only check for the leaked partial bytes. 
START_TEST(test_pph_partial_verification_and_unlock) {


  PPH_ERROR error;
  pph_context *context;
  uint8 threshold = 2; 
  uint8 partial_bytes = 2;
                         
  unsigned int i;
  unsigned int username_count=5;
  const uint8 *usernames[] = {"username1",
                              "username12",
                              "username1231",
                              "username26",
                              "username5",
                            };
  const uint8 *passwords[] = {"password1",
                              "password12",
                              "password1231",
                              "password26",
                              "password5"
                              };
  unsigned int username_lengths[] = { strlen("username1"),
                                      strlen("username12"),
                                      strlen("username1231"),
                                      strlen("username26"),
                                      strlen("username5"),
                                  };
  const uint8 *usernames_subset[] = { "username12",
                                      "username26"};
  unsigned int username_lengths_subset[] = { strlen("username12"),
                                            strlen("username26"),
                                            };


  const uint8 *password_subset[] = { "password12",
                                     "password26"};

  
  // check for bad pointers at first
  error = pph_unlock_password_data(NULL, username_count, usernames, 
      username_lengths, passwords);
  ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");

  // setup the context 
  context = pph_init_context(threshold, partial_bytes);
  ck_assert_msg(context != NULL,
      "this was a good initialization, go tell someone");
  
  // store the accounts
  for(i=0;i<username_count;i++) {
    error = pph_create_account(context, usernames[i], strlen(usernames[i]),
        passwords[i], strlen(passwords[i]),1);
    ck_assert(error == PPH_ERROR_OK);
  }
  
  // let's pretend all is broken
  context->is_unlocked = false;
  context->AES_key = NULL;
  context->secret = NULL;
  context->share_context= NULL;

  // now try to login properly with partial verification
  error = pph_check_login(context, usernames[0], strlen(usernames[0]), 
        passwords[0], strlen(passwords[0]));
  ck_assert(error == PPH_ERROR_OK);

  // now let's see if we can try to login with a wrong password, we shouldn't
  error = pph_check_login(context, usernames[0], strlen(usernames[0]),
        "wrongpass", strlen("wrongpass"));
  ck_assert(error == PPH_ACCOUNT_IS_INVALID);

  // now give a wrong username count, i.e. below the threshold.
  error = pph_unlock_password_data(context, 0, usernames, 
      username_lengths, passwords);
  ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, 
      " Expected ACCOUNT_IS_INVALID");

  // do it again, more graphical... 
  error = pph_unlock_password_data(context, threshold -1, usernames, 
      username_lengths, passwords);
  ck_assert_msg(error == PPH_ACCOUNT_IS_INVALID, 
      " Expected ACCOUNT_IS_INVALID");

  // let's check for NULL pointers on the username and password fields
  error = pph_unlock_password_data(context, username_count, NULL,
     username_lengths, passwords);
  ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");

 
  // let's check for NULL pointers on the username and password fields
  error = pph_unlock_password_data(context, username_count, usernames, 
      username_lengths, NULL);
  ck_assert_msg(error == PPH_BAD_PTR," EXPECTED BAD_PTR");


  // now give a correct full account information, we expect to have our secret
  // back. 
  error = pph_unlock_password_data(context, username_count, usernames,
      username_lengths, passwords);
  ck_assert(error == PPH_ERROR_OK);
  ck_assert_msg(context->secret !=NULL, " didnt allocate the secret!");
  ck_assert(context->AES_key != NULL);

  // let's imagine it's all broken (Again).
  context->is_unlocked = false;
  context->AES_key = NULL;
  context->secret = NULL;
  context->share_context = NULL;

  // now give correct account information, we expect to have our secret
  // back. 
  error = pph_unlock_password_data(context, 2, usernames_subset,
      username_lengths_subset, password_subset);
  ck_assert(error == PPH_ERROR_OK);
  ck_assert(context->AES_key != NULL);


  // for the sake of it, let's login with a correct account after the
  // secret was recombined.
  error = pph_check_login(context, usernames_subset[0], 
      strlen(usernames_subset[0]),password_subset[0], strlen(password_subset[0]));
  ck_assert(error == PPH_ERROR_OK);

  pph_destroy_context(context);
}