mirror of
https://github.com/weechat/weechat.git
synced 2026-07-01 07:16:37 +02:00
relay: add command "handshake" in weechat relay protocol and nonce to prevent replay attacks (closes #1474)
This introduces a new command called "handshake" in the weechat relay protocol. It should be sent by the client before the "init" command, to negotiate the way to authenticate with a password. 3 new options are added: * relay.network.auth_password * relay.network.hash_iterations * relay.network.nonce_size
This commit is contained in:
@@ -0,0 +1,362 @@
|
||||
/*
|
||||
* test-relay-auth.cpp - test client authentication functions
|
||||
*
|
||||
* Copyright (C) 2020 Sébastien Helleu <flashcode@flashtux.org>
|
||||
*
|
||||
* This file is part of WeeChat, the extensible chat client.
|
||||
*
|
||||
* WeeChat is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* WeeChat is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with WeeChat. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "CppUTest/TestHarness.h"
|
||||
|
||||
extern "C"
|
||||
{
|
||||
#include <stdio.h>
|
||||
#include "src/plugins/relay/relay-auth.h"
|
||||
}
|
||||
|
||||
#define WEE_CHECK_PARSE_SHA(__parameters) \
|
||||
salt = (char *)0x1; \
|
||||
salt_size = -1; \
|
||||
hash_sha = (char *)0x1; \
|
||||
relay_auth_parse_sha ( \
|
||||
__parameters, \
|
||||
&salt_hexa, \
|
||||
&salt, \
|
||||
&salt_size, \
|
||||
&hash_sha);
|
||||
|
||||
#define WEE_CHECK_PARSE_PBKDF2(__parameters) \
|
||||
salt = (char *)0x1; \
|
||||
salt_size = -1; \
|
||||
iterations = -1; \
|
||||
hash_pbkdf2 = (char *)0x1; \
|
||||
relay_auth_parse_pbkdf2 ( \
|
||||
__parameters, \
|
||||
&salt_hexa, \
|
||||
&salt, \
|
||||
&salt_size, \
|
||||
&iterations, \
|
||||
&hash_pbkdf2);
|
||||
|
||||
TEST_GROUP(RelayAuth)
|
||||
{
|
||||
};
|
||||
|
||||
/*
|
||||
* Tests functions:
|
||||
* relay_auth_parse_sha
|
||||
*/
|
||||
|
||||
TEST(RelayAuth, ParseSha)
|
||||
{
|
||||
char *salt_hexa, *salt, *hash_sha;
|
||||
const char salt_expected[4] = { 0x41, 0x42, 0x43, 0x44 }; /* "ABCD" */
|
||||
int salt_size;
|
||||
|
||||
/* NULL string */
|
||||
WEE_CHECK_PARSE_SHA(NULL);
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
POINTERS_EQUAL(NULL, hash_sha);
|
||||
|
||||
/* not enough parameters: 0 (expected: 2) */
|
||||
WEE_CHECK_PARSE_SHA("");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
POINTERS_EQUAL(NULL, hash_sha);
|
||||
|
||||
/* not enough parameters: 1 (expected: 2) */
|
||||
WEE_CHECK_PARSE_SHA("41424344");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
POINTERS_EQUAL(NULL, hash_sha);
|
||||
|
||||
/* good parameters */
|
||||
WEE_CHECK_PARSE_SHA("41424344:5e884898da28047151d0e56f8dc6292773603d0d6aa"
|
||||
"bbdd62a11ef721d1542d8");
|
||||
STRCMP_EQUAL("41424344", salt_hexa);
|
||||
MEMCMP_EQUAL(salt_expected, salt, 4);
|
||||
LONGS_EQUAL(4, salt_size);
|
||||
STRCMP_EQUAL("5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1"
|
||||
"542d8",
|
||||
hash_sha);
|
||||
free (salt_hexa);
|
||||
free (salt);
|
||||
free (hash_sha);
|
||||
|
||||
/* wrong salt */
|
||||
WEE_CHECK_PARSE_SHA("Z:5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a"
|
||||
"11ef721d1542d8");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
STRCMP_EQUAL("5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1"
|
||||
"542d8",
|
||||
hash_sha);
|
||||
free (hash_sha);
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests functions:
|
||||
* relay_auth_parse_pbkdf2
|
||||
*/
|
||||
|
||||
TEST(RelayAuth, ParsePbkdf2)
|
||||
{
|
||||
char *salt_hexa, *salt, *hash_pbkdf2;
|
||||
const char salt_expected[4] = { 0x41, 0x42, 0x43, 0x44 }; /* "ABCD" */
|
||||
int salt_size, iterations;
|
||||
|
||||
/* NULL string */
|
||||
WEE_CHECK_PARSE_PBKDF2(NULL);
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
LONGS_EQUAL(0, iterations);
|
||||
POINTERS_EQUAL(NULL, hash_pbkdf2);
|
||||
|
||||
/* not enough parameters: 0 (expected: 3) */
|
||||
WEE_CHECK_PARSE_PBKDF2("");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
LONGS_EQUAL(0, iterations);
|
||||
POINTERS_EQUAL(NULL, hash_pbkdf2);
|
||||
|
||||
/* not enough parameters: 1 (expected: 3) */
|
||||
WEE_CHECK_PARSE_PBKDF2("41424344");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
LONGS_EQUAL(0, iterations);
|
||||
POINTERS_EQUAL(NULL, hash_pbkdf2);
|
||||
|
||||
/* not enough parameters: 2 (expected: 3) */
|
||||
WEE_CHECK_PARSE_PBKDF2("41424344:100000");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
LONGS_EQUAL(0, iterations);
|
||||
POINTERS_EQUAL(NULL, hash_pbkdf2);
|
||||
|
||||
/* good parameters */
|
||||
WEE_CHECK_PARSE_PBKDF2("41424344:100000:01757d53157ca14a1419e3a8cc1563536"
|
||||
"520a60b76d2d48e7f9ac09afc945a1c");
|
||||
STRCMP_EQUAL("41424344", salt_hexa);
|
||||
MEMCMP_EQUAL(salt_expected, salt, 4);
|
||||
LONGS_EQUAL(4, salt_size);
|
||||
LONGS_EQUAL(100000, iterations);
|
||||
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
|
||||
"45a1c",
|
||||
hash_pbkdf2);
|
||||
free (salt_hexa);
|
||||
free (salt);
|
||||
free (hash_pbkdf2);
|
||||
|
||||
/* wrong salt */
|
||||
WEE_CHECK_PARSE_PBKDF2("Z:100000:01757d53157ca14a1419e3a8cc1563536520a60b"
|
||||
"76d2d48e7f9ac09afc945a1c");
|
||||
POINTERS_EQUAL(NULL, salt_hexa);
|
||||
POINTERS_EQUAL(NULL, salt);
|
||||
LONGS_EQUAL(0, salt_size);
|
||||
LONGS_EQUAL(100000, iterations);
|
||||
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
|
||||
"45a1c",
|
||||
hash_pbkdf2);
|
||||
free (hash_pbkdf2);
|
||||
|
||||
/* wrong iterations */
|
||||
WEE_CHECK_PARSE_PBKDF2("41424344:abcd:01757d53157ca14a1419e3a8cc156353652"
|
||||
"0a60b76d2d48e7f9ac09afc945a1c");
|
||||
STRCMP_EQUAL("41424344", salt_hexa);
|
||||
MEMCMP_EQUAL(salt_expected, salt, 4);
|
||||
LONGS_EQUAL(4, salt_size);
|
||||
LONGS_EQUAL(0, iterations);
|
||||
STRCMP_EQUAL("01757d53157ca14a1419e3a8cc1563536520a60b76d2d48e7f9ac09afc9"
|
||||
"45a1c",
|
||||
hash_pbkdf2);
|
||||
free (salt_hexa);
|
||||
free (salt);
|
||||
free (hash_pbkdf2);
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests functions:
|
||||
* relay_auth_check_password_plain
|
||||
*/
|
||||
|
||||
TEST(RelayAuth, CheckPasswordPlain)
|
||||
{
|
||||
/* invalid arguments */
|
||||
LONGS_EQUAL(0, relay_auth_check_password_plain (NULL, NULL));
|
||||
LONGS_EQUAL(0, relay_auth_check_password_plain ("abcd", NULL));
|
||||
LONGS_EQUAL(0, relay_auth_check_password_plain (NULL, "password"));
|
||||
|
||||
/* wrong password */
|
||||
LONGS_EQUAL(0, relay_auth_check_password_plain ("test", "password"));
|
||||
LONGS_EQUAL(0, relay_auth_check_password_plain ("Password", "password"));
|
||||
|
||||
/* good password */
|
||||
LONGS_EQUAL(1, relay_auth_check_password_plain ("", ""));
|
||||
LONGS_EQUAL(1, relay_auth_check_password_plain ("password", "password"));
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests functions:
|
||||
* relay_auth_check_hash_sha
|
||||
*/
|
||||
|
||||
TEST(RelayAuth, CheckHashSha)
|
||||
{
|
||||
/* "ABCDEFGHIJKLMNOP" */
|
||||
const char salt[16] = { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
|
||||
0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50 };
|
||||
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
NULL, NULL, 0, NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
"", "", 0, "", ""));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha256", NULL, 0, NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha256", salt, sizeof (salt), NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha256", salt, sizeof (salt), "", ""));
|
||||
|
||||
/* SHA256: hash is for password: "wrong" */
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha256",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
"5d21c7a7d34f47623195ff4750bd65c34bb5f1ba131bf0086a498b2a"
|
||||
"6a4edfcb",
|
||||
"password"));
|
||||
/* SHA256: hash is for password: "password" */
|
||||
LONGS_EQUAL(1,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha256",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
"6b1550cb48b6cd66b7152f96804b816b5ae861e4ae52ff5c7a56b7a4"
|
||||
"f2fdb772",
|
||||
"password"));
|
||||
|
||||
/* SHA512: hash is for password: "wrong" */
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha512",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
"527d147327d77aceeb862848b404d462ce2a11e4502eda82ce0b1be1"
|
||||
"958422491ca14f3fe8b94a66c61d54639d9fbed0979025ae1073ccaa"
|
||||
"a66a2d2de9416221",
|
||||
"password"));
|
||||
/* SHA512: hash is for password: "password" */
|
||||
LONGS_EQUAL(1,
|
||||
relay_auth_check_hash_sha (
|
||||
"sha512",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
"49d2c9a7f7cf630b32c0cc79b331db4eec6215e2c90bcc6c43db93f8"
|
||||
"847cfdf885a4a8d36b440cb47fed79e97b35380d086a5722c3a26018"
|
||||
"fdc633fe56949938",
|
||||
"password"));
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests functions:
|
||||
* relay_auth_check_hash_pbkdf2
|
||||
*/
|
||||
|
||||
TEST(RelayAuth, CheckHashPbkdf2)
|
||||
{
|
||||
/* "ABCDEFGHIJKLMNOP" */
|
||||
const char salt[16] = { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
|
||||
0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50 };
|
||||
|
||||
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
NULL, NULL, 0, 0, NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"", "", 0, 0, "", ""));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha256", NULL, 0, 0, NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha256", salt, sizeof (salt), 0, NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha256", salt, sizeof (salt), 100000, NULL, NULL));
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha256", salt, sizeof (salt), 100000, "", ""));
|
||||
|
||||
/* PBKDF2 (SHA256): hash is for password "wrong" */
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha256",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
100000,
|
||||
"e8f92a75f5956e9dc3499775221e9ef121bf4d09bdca4391b69aa62c"
|
||||
"50c2bb6b",
|
||||
"password"));
|
||||
/* PBKDF2 (SHA256): hash is for password "password" */
|
||||
LONGS_EQUAL(1,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha256",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
100000,
|
||||
"323d29f1762dcb5917bc8320c4eb9ea05900fc28e53cbc3e1b7f0980"
|
||||
"2e35e2d0",
|
||||
"password"));
|
||||
|
||||
/* PBKDF2 (SHA512): hash is for password "wrong" */
|
||||
LONGS_EQUAL(0,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha512",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
100000,
|
||||
"e682a3815a4d1de8d13a223932b6b0467b7d775111aae3794afb9a84"
|
||||
"ee62bd50755fde725262f75d1211e8497a35c8dca8a6333bcc9f7b53"
|
||||
"244f6ff567d25cfc",
|
||||
"password"));
|
||||
/* PBKDF2 (SHA512): hash is for password "password" */
|
||||
LONGS_EQUAL(1,
|
||||
relay_auth_check_hash_pbkdf2 (
|
||||
"sha512",
|
||||
salt,
|
||||
sizeof (salt),
|
||||
100000,
|
||||
"db166999c1f415a40570a4bbd3a26d461f87e495da215c75135b77bf"
|
||||
"910a261d3749f28264d24b546fc898908d4209704700020b8dd2bca6"
|
||||
"e4698208dd5aa5f2",
|
||||
"password"));
|
||||
}
|
||||
Reference in New Issue
Block a user