test-crypto: move crypted data out of code

The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.

Signed-off-by: Antonio Borneo <[email protected]>

Makefile

@@ -114,8 +114,8 @@ vpnc-%.tar.gz :
 	rm -rf vpnc-$*
 
 test : all
-	./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
-	#./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt
+	./test-crypto test/sig_data.bin test/dec_data.bin \
+		test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
 
 dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz
 

test-crypto.c

@@ -16,6 +16,7 @@
 */
 
 #include <stdio.h>
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <errno.h>
@@ -25,55 +26,64 @@
 #include <stdlib.h>
 #include "crypto.h"
 
+static unsigned char *read_binfile(const char *filename, size_t *len)
+{
+	int fd, ret;
+	struct stat s;
+	unsigned char *b;
+
+	if (filename == NULL || len ==NULL)
+		return NULL;
+
+	fd = open(filename, O_RDONLY);
+	if (fd < 0) {
+		fprintf(stderr, "Error opening file %s\n", filename);
+		return NULL;
+	}
+
+	ret = fstat(fd, &s);
+	if (ret < 0) {
+		fprintf(stderr, "Error while stat() file %s\n", filename);
+		close(fd);
+		return NULL;
+	}
+	if (s.st_size == 0) {
+		fprintf(stderr, "Empty file %s\n", filename);
+		close(fd);
+		return NULL;
+	}
+
+	b = malloc(s.st_size);
+	if (b == NULL) {
+		fprintf(stderr, "Error allocating memory\n");
+		close(fd);
+		return NULL;
+	}
+
+	ret = read(fd, b, s.st_size);
+	if (ret != s.st_size) {
+		fprintf(stderr, "Error reading file %s\n", filename);
+		free(b);
+		close(fd);
+		return NULL;
+	}
+
+	close(fd);
+	*len = s.st_size;
+	return b;
+}
+
 int main(int argc, char *argv[])
 {
 	crypto_ctx *cctx;
 	crypto_error *error = NULL;
 	int i;
 	unsigned char *data;
-	size_t size = 0;
-	const unsigned char sig_data[] = {
-   0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
-   0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30,
-   0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
-   0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68,
-
-   0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65,
-   0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e,
-   0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
-   0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69,
-
-   0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74,
-   0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21,
-   0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74,
-   0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72,
-
-   0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35,
-   0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32,
-   0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
-   0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b,
-		};
-	const unsigned char dec_data[] = {
-   0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3,
-   0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8,
-   0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89,
-   0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf,
-   0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f,
-   0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec,
-   0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60,
-   0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05,
-   0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2,
-   0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44,
-   0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37,
-   0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4,
-   0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b,
-   0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23,
-   0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76,
-   0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63,
-		};
-
-	if (argc < 4) {
-		fprintf(stderr, "Need at least 3 arguments: <ca> <cert1> <server>\n");
+	size_t size = 0, sig_len, dec_len;
+	unsigned char *sig_data, *dec_data;
+
+	if (argc < 6) {
+		fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
 		return 1;
 	}
 
@@ -84,7 +94,7 @@ int main(int argc, char *argv[])
 	}
 
 	/* Load certificates */
-	for (i = 2; i < argc; i++) {
+	for (i = 4; i < argc; i++) {
 		data = crypto_read_cert(argv[i], &size, &error);
 		if (!data) {
 			fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
@@ -99,30 +109,50 @@ int main(int argc, char *argv[])
 	}
 
 	/* Verify the cert chain */
-	if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) {
+	if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
 		fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
 		return error->code;
 	}
 
 	/* Decrypt something using the public key of the server certificate */
+	sig_data = read_binfile(argv[1], &sig_len);
+	if (sig_data == NULL)
+		return 1;
+
+	dec_data = read_binfile(argv[2], &dec_len);
+	if (dec_data == NULL) {
+		free(sig_data);
+		return 1;
+	}
+
 	size = 0;
-	data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error);
+	data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
 	if (!data || !size) {
 		fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
+		free(dec_data);
+		free(sig_data);
 		return error->code;
 	}
 
-	if (size != sizeof(dec_data)) {
+	if (size != dec_len) {
 		fprintf(stderr, "Error decrypting signature: unexpected "
-		        "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data));
+		        "decrypted size %zd (expected %zu)\n", size, dec_len);
+		free(dec_data);
+		free(sig_data);
+		free(data);
 		return 1;
 	}
 
-	if (memcmp(data, dec_data, sizeof(dec_data))) {
+	if (memcmp(data, dec_data, dec_len)) {
 		fprintf(stderr, "Error decrypting signature: decrypted data did"
 		        " not match expected decrypted data\n");
+		free(dec_data);
+		free(sig_data);
+		free(data);
 		return 1;
 	}
+	free(dec_data);
+	free(sig_data);
 	free(data);
 
 	fprintf(stdout, "Success\n");