From f84310f476cd0811e5cc0ea987c23ec0cbfcc5df Mon Sep 17 00:00:00 2001
From: Antonio Borneo <Antonio Borneo@315857ad-0bdb-0310-b42e-dec37551a5f0>
Date: Wed, 4 Dec 2013 13:40:55 +0000
Subject: [PATCH] test-crypto: move crypted data out of code

The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
---
 Makefile          |   4 +-
 test-crypto.c     | 128 ++++++++++++++++++++++++++++------------------
 test/dec_data.bin | Bin 0 -> 256 bytes
 test/sig_data.bin | Bin 0 -> 256 bytes
 4 files changed, 81 insertions(+), 51 deletions(-)
 create mode 100644 test/dec_data.bin
 create mode 100644 test/sig_data.bin

diff --git a/Makefile b/Makefile
index 29d20c2..1fded3d 100644
--- a/Makefile
+++ b/Makefile
@@ -114,8 +114,8 @@ vpnc-%.tar.gz :
 	rm -rf vpnc-$*
 
 test : all
-	./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
-	#./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt
+	./test-crypto test/sig_data.bin test/dec_data.bin \
+		test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
 
 dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz
 
diff --git a/test-crypto.c b/test-crypto.c
index bba0599..4d0a9d3 100644
--- a/test-crypto.c
+++ b/test-crypto.c
@@ -16,6 +16,7 @@
 */
 
 #include <stdio.h>
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <errno.h>
@@ -25,55 +26,64 @@
 #include <stdlib.h>
 #include "crypto.h"
 
+static unsigned char *read_binfile(const char *filename, size_t *len)
+{
+	int fd, ret;
+	struct stat s;
+	unsigned char *b;
+
+	if (filename == NULL || len ==NULL)
+		return NULL;
+
+	fd = open(filename, O_RDONLY);
+	if (fd < 0) {
+		fprintf(stderr, "Error opening file %s\n", filename);
+		return NULL;
+	}
+
+	ret = fstat(fd, &s);
+	if (ret < 0) {
+		fprintf(stderr, "Error while stat() file %s\n", filename);
+		close(fd);
+		return NULL;
+	}
+	if (s.st_size == 0) {
+		fprintf(stderr, "Empty file %s\n", filename);
+		close(fd);
+		return NULL;
+	}
+
+	b = malloc(s.st_size);
+	if (b == NULL) {
+		fprintf(stderr, "Error allocating memory\n");
+		close(fd);
+		return NULL;
+	}
+
+	ret = read(fd, b, s.st_size);
+	if (ret != s.st_size) {
+		fprintf(stderr, "Error reading file %s\n", filename);
+		free(b);
+		close(fd);
+		return NULL;
+	}
+
+	close(fd);
+	*len = s.st_size;
+	return b;
+}
+
 int main(int argc, char *argv[])
 {
 	crypto_ctx *cctx;
 	crypto_error *error = NULL;
 	int i;
 	unsigned char *data;
-	size_t size = 0;
-	const unsigned char sig_data[] = {
-   0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
-   0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30,
-   0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
-   0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68,
-
-   0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65,
-   0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e,
-   0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
-   0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69,
-
-   0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74,
-   0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21,
-   0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74,
-   0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72,
-
-   0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35,
-   0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32,
-   0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
-   0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b,
-		};
-	const unsigned char dec_data[] = {
-   0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3,
-   0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8,
-   0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89,
-   0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf,
-   0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f,
-   0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec,
-   0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60,
-   0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05,
-   0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2,
-   0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44,
-   0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37,
-   0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4,
-   0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b,
-   0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23,
-   0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76,
-   0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63,
-		};
-
-	if (argc < 4) {
-		fprintf(stderr, "Need at least 3 arguments: <ca> <cert1> <server>\n");
+	size_t size = 0, sig_len, dec_len;
+	unsigned char *sig_data, *dec_data;
+
+	if (argc < 6) {
+		fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
 		return 1;
 	}
 
@@ -84,7 +94,7 @@ int main(int argc, char *argv[])
 	}
 
 	/* Load certificates */
-	for (i = 2; i < argc; i++) {
+	for (i = 4; i < argc; i++) {
 		data = crypto_read_cert(argv[i], &size, &error);
 		if (!data) {
 			fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
@@ -99,30 +109,50 @@ int main(int argc, char *argv[])
 	}
 
 	/* Verify the cert chain */
-	if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) {
+	if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
 		fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
 		return error->code;
 	}
 
 	/* Decrypt something using the public key of the server certificate */
+	sig_data = read_binfile(argv[1], &sig_len);
+	if (sig_data == NULL)
+		return 1;
+
+	dec_data = read_binfile(argv[2], &dec_len);
+	if (dec_data == NULL) {
+		free(sig_data);
+		return 1;
+	}
+
 	size = 0;
-	data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error);
+	data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
 	if (!data || !size) {
 		fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
+		free(dec_data);
+		free(sig_data);
 		return error->code;
 	}
 
-	if (size != sizeof(dec_data)) {
+	if (size != dec_len) {
 		fprintf(stderr, "Error decrypting signature: unexpected "
-		        "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data));
+		        "decrypted size %zd (expected %zu)\n", size, dec_len);
+		free(dec_data);
+		free(sig_data);
+		free(data);
 		return 1;
 	}
 
-	if (memcmp(data, dec_data, sizeof(dec_data))) {
+	if (memcmp(data, dec_data, dec_len)) {
 		fprintf(stderr, "Error decrypting signature: decrypted data did"
 		        " not match expected decrypted data\n");
+		free(dec_data);
+		free(sig_data);
+		free(data);
 		return 1;
 	}
+	free(dec_data);
+	free(sig_data);
 	free(data);
 
 	fprintf(stdout, "Success\n");
diff --git a/test/dec_data.bin b/test/dec_data.bin
new file mode 100644
index 0000000000000000000000000000000000000000..95421e574cafedb1c776bd723d8a56e576edb87a
GIT binary patch
literal 256
zcmV+b0ssDdD&$}gpR3k(dz}`$(-xy)P*xM<VGfXSTt}`-!io4tVN5^P5tp|OgofSe
zZ9a+MPkNO<Zsg6ffIb;MmweyV|I3j3ah&g=_KY^OA7g(q^#BrH6NHH46C4pOn%C@6
zlpt=8Y2OFwMmyOY3cz5HI+_@$8OC_Y^BTL#sI>)asQc^P8CJype1x(6lD*=xlvh0i
z3i0mB?1~SzBMU?n4dAh8I97aSV2@ObT!1%}Cy7TaBt>g>-TUz|?|-Dal}nMFhNeiO
zT0vwn6o6~94Mr5QVM&4Y6fPV)d%`1~F=k0tP-$seT!Ltp1i^L~855PQy<e7X{@!J3
Gct>L+t9mQ|

literal 0
HcmV?d00001

diff --git a/test/sig_data.bin b/test/sig_data.bin
new file mode 100644
index 0000000000000000000000000000000000000000..570253441dc3d0904253876b845280e852b07bc0
GIT binary patch
literal 256
zcmXqLV%ciY#5{KaGZP~d5E<~YacZ@Bw0-AgWMpAwFld}_$Zf#M#vIDRCd?EXY$#+P
z0OD{6b2_CKWfx~;7Nr^r81R9_*oE2sQp=M{iz*Gp4MagAT*7?5l?u-Jxdn-Nl?py3
zDTaau{2&Q#VUCcDRE5yI%o0Os14)n&v#?M}YH^8Paei)Uc}8kcs$PCkx}l<hJls8;
pjACFV4k$_t<ivRmEDcPIEDVfH4NQ%q#CZ)tTr()wps^pH4*<sQIzIpa

literal 0
HcmV?d00001