7:30 p.m.
Most of the details are explained in the patch notes, but the main
reasoning for this is to allow embedding PEMs inside an l_settings
file. We have found that some systems are provisioned with certificates
in /home/<user>/.cert/. System services are not really intended to have
access to /home (though this is not always the case), and for IWD
we do not want to allow that. For this reason it makes a lot of sense
to include the certs in the provisioning file. This also makes
provisioning much easier from both an admin and user perspective as you
just need to supply a single file rather than the network config plus
certificates/keys.
James Prestwood (5):
pem: add _from_data variants to pem APIs
unit/test-pem: add tests for new _from_data APIs
pem: expose is_{start,end}_boundary
settings: introduce extended groups concept
unit/test-settings: add pem extended type tests
ell/ell.sym | 5 +
ell/pem.c | 152 ++++++++++++++++++++--------
ell/pem.h | 7 ++
ell/settings.c | 231 +++++++++++++++++++++++++++++++++++++++++-
ell/settings.h | 5 +
pem-private.h | 33 ++++++
unit/settings.test | 28 ++++++
unit/test-pem.c | 163 ++++++++++++++++++++++++++++++
unit/test-settings.c | 234 ++++++++++++++++++++++++++++++++++++++++++-
9 files changed, 806 insertions(+), 52 deletions(-)
create mode 100644 pem-private.h
--
2.17.1
7:30 p.m.
New subject: [PATCH 1/5] pem: add _from_data variants to pem APIs
Loading cert chains/lists, and private keys was only possible to
do from a file, or as a raw buffer (e.g. from the network). This
patch adds 3 new APIs:
l_pem_load_certificate_chain_from_data
l_pem_load_certificate_list_from_data
l_pem_load_private_key_from_data
These expect the input data just as if it was read in from a PEM
file (BEGIN/END included).
---
ell/ell.sym | 3 ++
ell/pem.c | 141 +++++++++++++++++++++++++++++++++++++---------------
ell/pem.h | 7 +++
3 files changed, 111 insertions(+), 40 deletions(-)
diff --git a/ell/ell.sym b/ell/ell.sym
index 709a0b4..e02f0fe 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -362,9 +362,12 @@ global:
/* pem */
l_pem_load_buffer;
l_pem_load_certificate_chain;
+ l_pem_load_certificate_chain_from_data;
l_pem_load_certificate_list;
+ l_pem_load_certificate_list_from_data;
l_pem_load_file;
l_pem_load_private_key;
+ l_pem_load_private_key_from_data;
/* pkcs5 */
l_pkcs5_pbkdf1;
l_pkcs5_pbkdf2;
diff --git a/ell/pem.c b/ell/pem.c
index 1e51fc5..e268f50 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -247,10 +247,8 @@ LIB_EXPORT uint8_t *l_pem_load_file(const char *filename, int index,
return result;
}
-LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
- const char *filename)
+static struct l_certchain *pem_list_to_chain(struct l_queue *list)
{
- struct l_queue *list = l_pem_load_certificate_list(filename);
struct l_certchain *chain;
if (!list)
@@ -265,17 +263,36 @@ LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
return chain;
}
-LIB_EXPORT struct l_queue *l_pem_load_certificate_list(const char *filename)
+LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain_from_data(
+ const void *buf, size_t len)
{
- struct pem_file_info file;
- const uint8_t *ptr, *end;
- struct l_queue *list = NULL;
+ struct l_queue *list = l_pem_load_certificate_list_from_data(buf, len);
- if (pem_file_open(&file, filename) < 0)
+ if (!list)
+ return NULL;
+
+ return pem_list_to_chain(list);
+}
+
+LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
+ const char *filename)
+{
+ struct l_queue *list = l_pem_load_certificate_list(filename);
+
+ if (!list)
return NULL;
- ptr = file.data;
- end = file.data + file.st.st_size;
+ return pem_list_to_chain(list);
+}
+
+LIB_EXPORT struct l_queue *l_pem_load_certificate_list_from_data(
+ const void *buf, size_t len)
+{
+ const uint8_t *ptr, *end;
+ struct l_queue *list = NULL;
+
+ ptr = buf;
+ end = buf + len;
while (ptr && ptr < end) {
uint8_t *der;
@@ -309,47 +326,35 @@ LIB_EXPORT struct l_queue *l_pem_load_certificate_list(const char
*filename)
l_queue_push_tail(list, cert);
}
- pem_file_close(&file);
return list;
error:
l_queue_destroy(list, (l_queue_destroy_func_t) l_cert_free);
- pem_file_close(&file);
return NULL;
}
-/**
- * l_pem_load_private_key
- * @filename: path string to the PEM file to load
- * @passphrase: private key encryption passphrase or NULL for unencrypted
- * @encrypted: receives indication whether the file was encrypted if non-NULL
- *
- * Load the PEM encoded RSA Private Key file at @filename. If it is an
- * encrypted private key and @passphrase was non-NULL, the file is
- * decrypted. If it's unencrypted @passphrase is ignored. @encrypted
- * stores information of whether the file was encrypted, both in a
- * success case and on error when NULL is returned. This can be used to
- * check if a passphrase is required without prior information.
- *
- * Returns: An l_key object to be freed with an l_key_free* function,
- * or NULL.
- **/
-LIB_EXPORT struct l_key *l_pem_load_private_key(const char *filename,
- const char *passphrase,
- bool *encrypted)
+LIB_EXPORT struct l_queue *l_pem_load_certificate_list(const char *filename)
{
- uint8_t *content;
- char *label;
- size_t len;
- struct l_key *pkey = NULL;
+ struct pem_file_info file;
+ struct l_queue *list = NULL;
- if (encrypted)
- *encrypted = false;
+ if (pem_file_open(&file, filename) < 0)
+ return NULL;
- content = l_pem_load_file(filename, 0, &label, &len);
+ list = l_pem_load_certificate_list_from_data(file.data,
+ file.st.st_size);
+ pem_file_close(&file);
- if (!content)
- return NULL;
+ return list;
+}
+
+static struct l_key *pem_load_private_key(uint8_t *content,
+ size_t len,
+ char *label,
+ const char *passphrase,
+ bool *encrypted)
+{
+ struct l_key *pkey = NULL;
/*
* RFC7469- and PKCS#8-compatible label (default in OpenSSL 1.0.1+)
@@ -452,3 +457,59 @@ err:
l_free(label);
return pkey;
}
+
+LIB_EXPORT struct l_key *l_pem_load_private_key_from_data(const void *buf,
+ size_t buf_len,
+ const char *passphrase,
+ bool *encrypted)
+{
+ uint8_t *content;
+ char *label;
+ size_t len;
+
+ if (encrypted)
+ *encrypted = false;
+
+ content = pem_load_buffer(buf, buf_len, 0, &label, &len, NULL);
+
+ if (!content)
+ return NULL;
+
+ return pem_load_private_key(content, len, label, passphrase, encrypted);
+}
+
+
+/**
+ * l_pem_load_private_key
+ * @filename: path string to the PEM file to load
+ * @passphrase: private key encryption passphrase or NULL for unencrypted
+ * @encrypted: receives indication whether the file was encrypted if non-NULL
+ *
+ * Load the PEM encoded RSA Private Key file at @filename. If it is an
+ * encrypted private key and @passphrase was non-NULL, the file is
+ * decrypted. If it's unencrypted @passphrase is ignored. @encrypted
+ * stores information of whether the file was encrypted, both in a
+ * success case and on error when NULL is returned. This can be used to
+ * check if a passphrase is required without prior information.
+ *
+ * Returns: An l_key object to be freed with an l_key_free* function,
+ * or NULL.
+ **/
+LIB_EXPORT struct l_key *l_pem_load_private_key(const char *filename,
+ const char *passphrase,
+ bool *encrypted)
+{
+ uint8_t *content;
+ char *label;
+ size_t len;
+
+ if (encrypted)
+ *encrypted = false;
+
+ content = l_pem_load_file(filename, 0, &label, &len);
+
+ if (!content)
+ return NULL;
+
+ return pem_load_private_key(content, len, label, passphrase, encrypted);
+}
diff --git a/ell/pem.h b/ell/pem.h
index fc5b019..41583e2 100644
--- a/ell/pem.h
+++ b/ell/pem.h
@@ -38,11 +38,18 @@ uint8_t *l_pem_load_file(const char *filename, int index,
char **type_label, size_t *len);
struct l_certchain *l_pem_load_certificate_chain(const char *filename);
+struct l_certchain *l_pem_load_certificate_chain_from_data(const void *buf,
+ size_t len);
struct l_queue *l_pem_load_certificate_list(const char *filename);
+struct l_queue *l_pem_load_certificate_list_from_data(const void *buf,
+ size_t len);
struct l_key *l_pem_load_private_key(const char *filename,
const char *passphrase,
bool *encrypted);
+struct l_key *l_pem_load_private_key_from_data(const void *buf, size_t len,
+ const char *passphrase,
+ bool *encrypted);
#ifdef __cplusplus
}
--
2.17.1
8:24 p.m.
New subject: [PATCH 1/5] pem: add _from_data variants to pem APIs
Hi James,
On 9/27/19 2:30 PM, James Prestwood wrote:
Loading cert chains/lists, and private keys was only possible to
do from a file, or as a raw buffer (e.g. from the network). This
patch adds 3 new APIs:
l_pem_load_certificate_chain_from_data
l_pem_load_certificate_list_from_data
l_pem_load_private_key_from_data
These expect the input data just as if it was read in from a PEM
file (BEGIN/END included).
---
ell/ell.sym | 3 ++
ell/pem.c | 141 +++++++++++++++++++++++++++++++++++++---------------
ell/pem.h | 7 +++
3 files changed, 111 insertions(+), 40 deletions(-)
Patches 1 & 2 applied, thanks.
Regards,
-Denis
7:30 p.m.
New subject: [PATCH 2/5] unit/test-pem: add tests for new _from_data APIs
Existing certs/keys were stripped of new lines and stored as strings
in the test. These new tests just verify that the certs load/verify
and that a private key can be decrypted.
---
unit/test-pem.c | 163 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 163 insertions(+)
diff --git a/unit/test-pem.c b/unit/test-pem.c
index 085e061..df396ce 100644
--- a/unit/test-pem.c
+++ b/unit/test-pem.c
@@ -62,6 +62,166 @@ static const struct pem_test empty_label = {
.decoded_size = 6,
};
+struct pem_from_data_test {
+ const char *list;
+ const char *ca;
+};
+
+static const struct pem_from_data_test single_line_cert_chain = {
+ /* Copied from cert-chain.pem */
+ .list =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEXDCCA0SgAwIBAgIJALjNE85c9plgMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV\n"
+ "BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z\n"
+ "MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB\n"
+ "Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTkwOTE2MTcxMzAzWhcNNDcwMjAxMTcxMzAz\n"
+ "WjB4MTUwMwYDVQQKDCxJbnRlcm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3Jn\n"
+ "YW5pemF0aW9uczEfMB0GA1UEAwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwG\n"
+ "CSqGSIb3DQEJARYPY2FAbWFpbC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOC\n"
+ "AQ8AMIIBCgKCAQEA7Lft5O6BtUUokuueQ7mBQVzRzPeH0Nl3NjgGnfBYcz7O2Jca\n"
+ "rFSBPsV76reUG4QFQudsdwyaLOpniFFSFaI3GRXMxjwZJJjLqvT0aebTiLUSKseA\n"
+ "QkP/NSITmIljs2yclnPJGIApLuFvykPagx+yc9ckbziEz1PvKB/ukbiU/zt6QCru\n"
+ "BbyCQ1kWBuyrS3RC0/UgmrSbL7YkkmuD2B1vyZLIoPsJijXs2GJQY3a+zpLemTth\n"
+ "i/Vw4AURJS1gfEUDNzf9Y9+o7vWJfzk+g7xm1XpMTsNTd7q6UwHOi1xdiKCEPT+q\n"
+ "c3LXi7qgWqSXeD+F513PM3JMJ3Wk1H8K4VwJwQIDAQABo4HoMIHlMAwGA1UdEwQF\n"
+ "MAMBAf8wHQYDVR0OBBYEFMuhnjqw8YGMg0cyYlQppMncWis/MIG1BgNVHSMEga0w\n"
+ "gaqAFJ75Zb78cte1aqkdBX4EuDcM140noXykejB4MTUwMwYDVQQKDCxJbnRlcm5h\n"
+ "dGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3JnYW5pemF0aW9uczEfMB0GA1UEAwwW\n"
+ "Q2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwGCSqGSIb3DQEJARYPY2FAbWFpbC5l\n"
+ "eGFtcGxlghQog5dBcTIdmw4XD/6KEME0ZNCdZTANBgkqhkiG9w0BAQsFAAOCAQEA\n"
+ "PjX5n/fgkskZmh9aRhX8r9985JtxMdgogJP4uwRbfuQPzAqYyu9QlAOcRl6tNGN7\n"
+ "mztB5RfJ9HDyjS9iGXsvKXS8wT5ELbuATev+C1Ppxakd3gvJMN4ZqYn32JqRYigN\n"
+ "L2V2jo9RzVUuFa3YP6sw0KfZAfHsfUmQCxAm8HAfQg98aYyIXu/OzeVUsAuhfqWN\n"
+ "qvWcOLjTQTn6t10OHHdIYw59EpIEOPD3Opq7pLgIm+EV3eVMWthSLYbEhIavh8Pc\n"
+ "xN9lqCg887kTawbXbXd49Z8jYZxjxQl7IoonvIyrPhhabKjKCpE2bRFzzpia0PkC\n"
+ "fRgh+KB2tqIeAoekDllmbA==\n"
+ "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL\n"
+ "BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y\n"
+ "Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc\n"
+ "BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00\n"
+ "NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg\n"
+ "RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1\n"
+ "ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG\n"
+ "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet\n"
+ "1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0\n"
+ "v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H\n"
+ "ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO\n"
+ "A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq\n"
+ "wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw\n"
+ "gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX\n"
+ "jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz\n"
+ "BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp\n"
+ "b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN\n"
+ "AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG\n"
+ "SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53\n"
+ "4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d\n"
+ "tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS\n"
+ "SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th\n"
+ "MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P\n"
+ "DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK\n"
+ "-----END CERTIFICATE-----\n",
+ /* copied from cert-ca.pem */
+ .ca = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL\n"
+ "BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y\n"
+ "Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc\n"
+ "BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00\n"
+ "NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg\n"
+ "RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1\n"
+ "ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG\n"
+ "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet\n"
+ "1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0\n"
+ "v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H\n"
+ "ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO\n"
+ "A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq\n"
+ "wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw\n"
+ "gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX\n"
+ "jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz\n"
+ "BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp\n"
+ "b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN\n"
+ "AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG\n"
+ "SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53\n"
+ "4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d\n"
+ "tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS\n"
+ "SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th\n"
+ "MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P\n"
+ "DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK\n"
+ "-----END CERTIFICATE-----\n",
+};
+
+static void destroy_cert(void *cert)
+{
+ l_cert_free(cert);
+}
+
+static void test_chain_from_data(const void *data)
+{
+ const struct pem_from_data_test *test = data;
+ struct l_queue *twocas;
+ struct l_certchain *chain;
+
+ twocas = l_pem_load_certificate_list_from_data(test->list,
+ strlen(test->list));
+ assert(twocas);
+
+ chain = l_pem_load_certificate_chain_from_data(test->ca,
+ strlen(test->ca));
+ assert(chain);
+
+ assert(l_certchain_verify(chain, twocas, NULL));
+
+ l_certchain_free(chain);
+ l_queue_destroy(twocas, destroy_cert);
+}
+
+static void test_priv_key_from_data(const void *data)
+{
+ bool is_encrypted = false;
+ struct l_key *key;
+
+ const char *raw_private_key =
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIvjkVXsNnUUgCAggA\n"
+ "MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBAQfXcH4tJZzrKM0bmpXyQWBIIE\n"
+ "0FwZdv9kfXAZVbPIC2UZLpAqrFqxaaxPMA7FxZrS2sI7QmkXEIfO5TkR8IupYigh\n"
+ "s/41jv7V5Mij1syrSodfiYDq3Y0gb9tF9Cb0FNoJwJ9f29X/h1GgnG5NPQBQEH4d\n"
+ "zkqCA8Q8tzh8UTGXLcPwKYSmsAK9Rq739qre5qwHY0+hcoCtUfrev4twFUSC/PUj\n"
+ "oJDFUxQyVt+WCjcuOG+ugWZSENJJe2O8pAqmt7ChuNKGZTe0UEFn/pxgAAgQYfaz\n"
+ "lH/Nx7OQBSVqxdVkFr03/j8eeBy/SzZubirThd0aehwsQTw5/M9rSX8p2ldyjUWF\n"
+ "Fb+UjXFFWdOs21rZtO0LcbdZlIVK94mswI4zo+Vv3f7DsAZPgW+Y36UJbzZNtxRl\n"
+ "C8t97KH3NozGZIq0znC3CmdYk3EsIlMasp1vgyIpjnsyZcCVtCqbl2+PORv4gZyA\n"
+ "9/PMNDNGambIERa4WCLc+Sx5lTryK6wNzQXCMigrpB7yaD+s2CA4OxvdU99iMQzD\n"
+ "9/7cRvEQn/qFhcdTpz3wt97Gs51A+IleJbj9l/50sEsfQmcLVlUM3VbKtozUkaV1\n"
+ "+5/O15HtMQp0jsjwTlz1AzW5eanPIGoFzLiHKfauzrO5L3i5I2G9GGeCtbUV0+Ts\n"
+ "CTwT2kCUnypaNl4D5qdtxe3h+78uW3Yz0f5t4Yw/RlYVSJQZ7irdi3QTgDEEBrpL\n"
+ "pOXTd8nRNxZ+zJZ5ifnBB0Ed+cMxmyKcliVnVLSV0KseNn3tKZwmRUtMBiPqKUD1\n"
+ "qh8KskfJ0ye8jdcWIubP/gvDh5OgkSz1OdDZKH/RmkktUWCJoyXOMxIz+7GH9u3n\n"
+ "n9Z6uAteNTefTJyawA3dwlGvRhySAI2nMl2Aj0g+6/ztpUUjXVx09oxZqh9Bn9k4\n"
+ "t+gKaf4osH51QcKFs8J2YcYCwEYilzRAUwyw65Bo/k4myNXA5t2xSWfQIYRY+Yob\n"
+ "pmbhOfDMLY1spEVHQ49hXvKE99eP5dyA0CmwZw2gkbXCYBEE1IPthJGYxO4zZdrq\n"
+ "AYZq22L+09o0899pnD+p/eDTwKaFenjHVqO71khXurF6q7EPz9m4SkphDSNe/9Tc\n"
+ "O11yMrQE9OUBTTd3zYuN8KuZpj2aW2p5/Z7pqCYJTDwlV/+HRmS/8aJ/sgHfYXpS\n"
+ "Wpl/SHav6qI7fE5BlKwOwWE6O+vf0Nm9AMsbMErXTFdXe5dAin/uNuFyJM3bTHVO\n"
+ "SR/R7/zsNoMJwsgogGMSiFbG1ebcSTgMNHKMFS8RvCBNX44fErW2r0bfNjHU4GgO\n"
+ "KJFukksz/6tNfpIi9lU0Xojc7W8CJVdA9RTx8+LClM5nwFQlqyfIrtEXUK5BM+Vz\n"
+ "2OI8DlMTpp0+JbSAdE3z1i8cEDFmbfaJ2pNX/1M0JPfcZmZsJiMtNC5Fn6MFBQME\n"
+ "Fu1MyJuUr+maOqPLb6c4aYa7gVWpiRwwK8nTe1FofKeEY7mi7PyNJI7pARIDmoD4\n"
+ "d5yFZ9Itg/5/XK7GfuRdve1m5/YGpV+u3HWqDnk/xBJ5FhyF9aIPzROYhXkRkVZz\n"
+ "rn7DSN3XL2XXtUMle9++kRNmjB8h9GGn4ljunjs9YJBVTb1Y9C9vH1xLh2hknL4M\n"
+ "h+XY4w5Os5FZNEkIQd/0gLUwgQRK5+j3aetp085GutPR\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n";
+
+ key = l_pem_load_private_key_from_data(raw_private_key,
+ strlen(raw_private_key),
+ "abc", &is_encrypted);
+ assert(key);
+ assert(is_encrypted);
+
+ l_key_free(key);
+}
+
static void test_pem(const void *data)
{
const struct pem_test *test = data;
@@ -144,6 +304,9 @@ int main(int argc, char *argv[])
l_test_add("pem/empty", test_pem, &empty);
l_test_add("pem/empty label", test_pem, &empty_label);
+ l_test_add("pem/cert chain from data", test_chain_from_data,
+ &single_line_cert_chain);
+ l_test_add("pem/private key from data", test_priv_key_from_data, NULL);
if (!l_checksum_is_supported(L_CHECKSUM_MD5, false) ||
!l_checksum_is_supported(L_CHECKSUM_SHA1, false) ||
--
2.17.1
7:30 p.m.
New subject: [PATCH 3/5] pem: expose is_{start,end}_boundary
Added a new file pem-private.h which exposes these two APIs as
pem_is_start_boundary and pem_is_end_boundary. These will be
used in settings.c for extended group PEM parsing.
---
ell/pem.c | 11 +++++++----
pem-private.h | 33 +++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 4 deletions(-)
create mode 100644 pem-private.h
diff --git a/ell/pem.c b/ell/pem.c
index e268f50..7040cd4 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -45,11 +45,12 @@
#include "cipher.h"
#include "cert-private.h"
#include "missing.h"
+#include "pem-private.h"
#define PEM_START_BOUNDARY "-----BEGIN "
#define PEM_END_BOUNDARY "-----END "
-static const uint8_t *is_start_boundary(const uint8_t *buf, size_t buf_len,
+const uint8_t *pem_is_start_boundary(const uint8_t *buf, size_t buf_len,
size_t *label_len)
{
const uint8_t *start, *end, *ptr;
@@ -102,7 +103,7 @@ static const uint8_t *is_start_boundary(const uint8_t *buf, size_t
buf_len,
return start;
}
-static bool is_end_boundary(const uint8_t *buf, size_t buf_len,
+bool pem_is_end_boundary(const uint8_t *buf, size_t buf_len,
const uint8_t *label, size_t label_len)
{
size_t len = strlen(PEM_END_BOUNDARY) + label_len + 5;
@@ -144,11 +145,13 @@ static uint8_t *pem_load_buffer(const uint8_t *buf, size_t buf_len,
int index,
break;
if (!base64_data) {
- label = is_start_boundary(buf, eol - buf, &label_len);
+ label = pem_is_start_boundary(buf, eol - buf,
+ &label_len);
if (label)
base64_data = eol;
- } else if (is_end_boundary(buf, eol - buf, label, label_len)) {
+ } else if (pem_is_end_boundary(buf, eol - buf, label,
+ label_len)) {
if (index == 0) {
data = l_base64_decode(
(const char *) base64_data,
diff --git a/pem-private.h b/pem-private.h
new file mode 100644
index 0000000..9203881
--- /dev/null
+++ b/pem-private.h
@@ -0,0 +1,33 @@
+/*
+ *
+ * Embedded Linux library
+ *
+ * Copyright (C) 2019 Intel Corporation. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#define _GNU_SOURCE
+#include <sys/types.h>
+
+const uint8_t *pem_is_start_boundary(const uint8_t *buf, size_t buf_len,
+ size_t *label_len);
+bool pem_is_end_boundary(const uint8_t *buf, size_t buf_len,
+ const uint8_t *label, size_t label_len);
--
2.17.1
7:30 p.m.
New subject: [PATCH 4/5] settings: introduce extended groups concept
This patch introduces a new extended format for settings files. This new
format allows raw data to be provided under a given group rather than
key/value pairs. A group using an extended format will contain both the
extended type and group name in the format, for example:
[@[email protected]]
Where 'pem' is the type and 'certificate' is the name. The type of
format requries an extension specific parser implementation in settings
as the parser must know when to start/stop parsing data. This allows for
any textual characters to be present after the group is declared,
including special characters like [] (its completely up to the parser to
decide whats valid and what is not).
Two new l_settings APIs were added:
l_settings_is_extended_group
l_settings_get_extended_data
In this patch, the 'pem' extension type is also introduced, and for now
is the only extended type. The pem extended type expects a base64 encoded
PEM (or list of PEMs) after the group. The pem parser will stop after the
last PEM is found. Examples can be found in unit/test-settings.c
---
ell/ell.sym | 2 +
ell/settings.c | 231 +++++++++++++++++++++++++++++++++++++++++++++++--
ell/settings.h | 5 ++
3 files changed, 233 insertions(+), 5 deletions(-)
diff --git a/ell/ell.sym b/ell/ell.sym
index e02f0fe..13e3fd8 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -425,6 +425,8 @@ global:
l_settings_set_float;
l_settings_remove_group;
l_settings_remove_key;
+ l_settings_is_extended_group;
+ l_settings_get_extended_data;
/* signal */
l_signal_create;
l_signal_remove;
diff --git a/ell/settings.c b/ell/settings.c
index 98f0cfd..b8f61b4 100644
--- a/ell/settings.c
+++ b/ell/settings.c
@@ -48,6 +48,7 @@
#include "settings.h"
#include "private.h"
#include "missing.h"
+#include "pem-private.h"
struct setting_data {
char *key;
@@ -57,6 +58,9 @@ struct setting_data {
struct group_data {
char *name;
struct l_queue *settings;
+ /* settings and ext_data/type are mutually exclusive */
+ char *ext_type;
+ char *ext_data;
};
struct l_settings {
@@ -81,7 +85,13 @@ static void group_destroy(void *data)
struct group_data *group = data;
l_free(group->name);
- l_queue_destroy(group->settings, setting_destroy);
+
+ if (group->settings)
+ l_queue_destroy(group->settings, setting_destroy);
+ else {
+ l_free(group->ext_data);
+ l_free(group->ext_type);
+ }
l_free(group);
}
@@ -222,6 +232,168 @@ static char *escape_value(const char *value)
return ret;
}
+/*
+ * The PEM APIs deal with unsigned bytes since they ultimately end up decoding
+ * the base64 into a raw buffer. Since we are using these to just return the
+ * already encoded PEMs as textual data we are using char *. These macros just
+ * take care of the casting between the two.
+ */
+#define IS_PEM_START(buf, len, llen) \
+ (const char *)pem_is_start_boundary((const uint8_t *)buf, len, llen)
+
+#define IS_PEM_END(buf, len, label, llen) \
+ pem_is_end_boundary((const uint8_t *)buf, len, \
+ (const uint8_t *)label, label_len)
+
+static const char *next_eol(const char *data, size_t len)
+{
+ const char *eol;
+
+ for (eol = data; eol < data + len; eol++)
+ if (*eol == '\r' || *eol == '\n')
+ break;
+
+ return eol;
+}
+
+/*
+ * This was modeled after pem_load_buffer, except actually decoding the data
+ * is not done. Support for parsing multiple PEMS in a row (chain) was also
+ * added.
+ */
+static bool parse_pem(const char *data, size_t total_len, size_t *data_len)
+{
+ const char *eol;
+ const char *label;
+ size_t label_len;
+ const char *start = NULL;
+
+ while (total_len) {
+ eol = next_eol(data, total_len);
+
+ if (!start) {
+ label = IS_PEM_START(data, eol - data, &label_len);
+ if (label)
+ start = label - strlen("-----BEGIN ");
+ } else if (start && IS_PEM_END(data, eol - data,
+ label, label_len)) {
+ const char *new_eol;
+
+ new_eol = next_eol(eol + 1, total_len - (eol - data));
+
+ label = IS_PEM_START(eol + 1, new_eol - eol - 1,
+ &label_len);
+ if (!label) {
+ /* No more PEMs in chain */
+ *data_len = eol - start + 1;
+ return true;
+ }
+
+ /* Continue to next PEM */
+ eol = new_eol;
+ }
+
+ if (eol == data + total_len)
+ break;
+
+ total_len -= eol + 1 - data;
+ data = eol + 1;
+
+ if (total_len && *eol == '\r' && *data == '\n') {
+ data++;
+ total_len--;
+ }
+ }
+
+ return false;
+}
+
+struct group_extension {
+ char *name;
+ bool (*parse)(const char *data, size_t total_len, size_t *data_len);
+};
+
+static struct group_extension pem_extension = {
+ .name = "pem",
+ .parse = parse_pem,
+};
+
+struct group_extension *extensions[] = {
+ &pem_extension,
+ NULL
+};
+
+static struct group_extension *find_group_extension(const char *type)
+{
+ unsigned int i;
+
+ for (i = 0; extensions[i]; i++) {
+ if (!strcmp(type, extensions[i]->name))
+ return extensions[i];
+ }
+
+ return NULL;
+}
+
+static bool parse_extended_group(struct l_settings *setting, const char *data,
+ size_t line_len, size_t total_len,
+ size_t *offset)
+{
+ struct group_data *group;
+ struct group_extension *ext;
+ char *ptr1, *ptr2;
+ char *type, *name;
+
+ /* Must be at least [@[email protected]]\n */
+ if (line_len < 7)
+ return false;
+
+ /* extended type */
+ ptr1 = strchr(data, '@');
+ if (!ptr1)
+ return false;
+
+ ptr2 = strchr(ptr1 + 1, '@');
+ if (!ptr2)
+ return false;
+
+ type = l_strndup(ptr1 + 1, ptr2 - ptr1 - 1);
+
+ ptr1 = strchr(ptr2, ']');
+ if (!ptr1)
+ goto free_type;
+
+ if (ptr1[1] != '\n')
+ goto free_type;
+
+ if (ptr1 - ptr2 - 1 < 1)
+ goto free_type;
+
+ name = l_strndup(ptr2 + 1, ptr1 - ptr2 - 1);
+
+ ext = find_group_extension(type);
+ if (!ext)
+ goto free_name;
+
+ if (!ext->parse(ptr1 + 2, total_len - line_len, offset))
+ goto free_name;
+
+ group = l_new(struct group_data, 1);
+ group->name = name;
+ group->ext_type = type;
+ group->ext_data = l_strndup(ptr1 + 2, *offset);
+
+ l_queue_push_tail(setting->groups, group);
+
+ return true;
+
+free_name:
+ l_free(name);
+free_type:
+ l_free(type);
+ return false;
+}
+
static bool parse_group(struct l_settings *settings, const char *data,
size_t len, size_t line)
{
@@ -382,6 +554,7 @@ LIB_EXPORT bool l_settings_load_from_data(struct l_settings
*settings,
const char *eol;
size_t line = 1;
size_t line_len;
+ size_t ext_offset = 0;
if (unlikely(!settings || !data || !len))
return false;
@@ -404,7 +577,19 @@ LIB_EXPORT bool l_settings_load_from_data(struct l_settings
*settings,
line_len = eol - data - pos;
- if (data[pos] == '[') {
+ if (data[pos] == '[' && data[pos + 1] == '@') {
+ r = parse_extended_group(settings, data + pos,
+ line_len, len - pos,
+ &ext_offset);
+ if (!r)
+ return false;
+
+ /*
+ * This is the offset for the actual raw data, the
+ * group line will be offset below
+ */
+ pos += ext_offset;
+ } else if (data[pos] == '[') {
r = parse_group(settings, data + pos, line_len, line);
if (r)
has_group = true;
@@ -437,10 +622,17 @@ LIB_EXPORT char *l_settings_to_data(const struct l_settings
*settings,
group_entry = l_queue_get_entries(settings->groups);
while (group_entry) {
struct group_data *group = group_entry->data;
- const struct l_queue_entry *setting_entry =
- l_queue_get_entries(group->settings);
+ const struct l_queue_entry *setting_entry;
+
+ if (group->ext_data) {
+ l_string_append_printf(buf, "[@%[email protected]%s]\n%s",
+ group->ext_type, group->name,
+ group->ext_data);
+ goto group_done;
+ } else
+ l_string_append_printf(buf, "[%s]\n", group->name);
- l_string_append_printf(buf, "[%s]\n", group->name);
+ setting_entry = l_queue_get_entries(group->settings);
while (setting_entry) {
struct setting_data *setting = setting_entry->data;
@@ -450,6 +642,7 @@ LIB_EXPORT char *l_settings_to_data(const struct l_settings
*settings,
setting_entry = setting_entry->next;
}
+group_done:
if (group_entry->next)
l_string_append_c(buf, '\n');
@@ -1176,3 +1369,31 @@ LIB_EXPORT bool l_settings_remove_key(struct l_settings *settings,
return true;
}
+
+LIB_EXPORT bool l_settings_is_extended_group(struct l_settings *settings,
+ const char *group)
+{
+ struct group_data *group_data;
+
+ if (unlikely(!settings))
+ return false;
+
+ group_data = l_queue_find(settings->groups, group_match, group);
+
+ return group_data->ext_data != NULL;
+}
+
+LIB_EXPORT const char *l_settings_get_extended_data(struct l_settings *settings,
+ const char *group_name)
+{
+ struct group_data *group;
+
+ if (unlikely(!settings))
+ return false;
+
+ group = l_queue_find(settings->groups, group_match, group_name);
+ if (!group || !group->ext_data)
+ return NULL;
+
+ return group->ext_data;
+}
diff --git a/ell/settings.h b/ell/settings.h
index 0da9f55..bf7bc44 100644
--- a/ell/settings.h
+++ b/ell/settings.h
@@ -123,6 +123,11 @@ bool l_settings_remove_key(struct l_settings *settings, const char
*group_name,
const char *key);
bool l_settings_remove_group(struct l_settings *settings,
const char *group_name);
+
+bool l_settings_is_extended_group(struct l_settings *settings,
+ const char *group);
+const char *l_settings_get_extended_data(struct l_settings *settings,
+ const char *group);
#ifdef __cplusplus
}
#endif
--
2.17.1
8:50 p.m.
New subject: [PATCH 4/5] settings: introduce extended groups concept
Hi James,
On 9/27/19 2:30 PM, James Prestwood wrote:
This patch introduces a new extended format for settings files. This
new
format allows raw data to be provided under a given group rather than
key/value pairs. A group using an extended format will contain both the
extended type and group name in the format, for example:
[@[email protected]]
Where 'pem' is the type and 'certificate' is the name. The type of
format requries an extension specific parser implementation in settings
typo: requires
as the parser must know when to start/stop parsing data. This allows
for
any textual characters to be present after the group is declared,
including special characters like [] (its completely up to the parser to
decide whats valid and what is not).
Two new l_settings APIs were added:
l_settings_is_extended_group
l_settings_get_extended_data
In this patch, the 'pem' extension type is also introduced, and for now
is the only extended type. The pem extended type expects a base64 encoded
PEM (or list of PEMs) after the group. The pem parser will stop after the
last PEM is found. Examples can be found in unit/test-settings.c
---
ell/ell.sym | 2 +
ell/settings.c | 231 +++++++++++++++++++++++++++++++++++++++++++++++--
ell/settings.h | 5 ++
3 files changed, 233 insertions(+), 5 deletions(-)
<snip>
diff --git a/ell/settings.c b/ell/settings.c
index 98f0cfd..b8f61b4 100644
--- a/ell/settings.c
+++ b/ell/settings.c
@@ -48,6 +48,7 @@
#include "settings.h"
#include "private.h"
#include "missing.h"
+#include "pem-private.h"
struct setting_data {
char *key;
@@ -57,6 +58,9 @@ struct setting_data {
struct group_data {
char *name;
struct l_queue *settings;
+ /* settings and ext_data/type are mutually exclusive */
+ char *ext_type;
+ char *ext_data;
It seems like this belongs in a separate data structure. Maybe
embedded_group_data {
char *name;
char type[32];
uint8_t data[0];
};
};
struct l_settings {
@@ -81,7 +85,13 @@ static void group_destroy(void *data)
struct group_data *group = data;
l_free(group->name);
- l_queue_destroy(group->settings, setting_destroy);
+
+ if (group->settings)
+ l_queue_destroy(group->settings, setting_destroy);
+ else {
+ l_free(group->ext_data);
+ l_free(group->ext_type);
+ }
l_free(group);
}
@@ -222,6 +232,168 @@ static char *escape_value(const char *value)
return ret;
}
+/*
+ * The PEM APIs deal with unsigned bytes since they ultimately end up decoding
+ * the base64 into a raw buffer. Since we are using these to just return the
+ * already encoded PEMs as textual data we are using char *. These macros just
+ * take care of the casting between the two.
+ */
+#define IS_PEM_START(buf, len, llen) \
+ (const char *)pem_is_start_boundary((const uint8_t *)buf, len, llen)
+
+#define IS_PEM_END(buf, len, label, llen) \
+ pem_is_end_boundary((const uint8_t *)buf, len, \
+ (const uint8_t *)label, label_len)
Yeah I think we screwed up the pem APIs a bit. I think that
l_pem_load_buffer should likely take a const void *. And maybe
pem_load_private_key should do as well. The start/end_boundary
functions should probably be converted to take a const void * too.
+
+static const char *next_eol(const char *data, size_t len)
+{
+ const char *eol;
+
+ for (eol = data; eol < data + len; eol++)
+ if (*eol == '\r' || *eol == '\n')
+ break;
+
+ return eol;
+}
+
+/*
+ * This was modeled after pem_load_buffer, except actually decoding the data
+ * is not done. Support for parsing multiple PEMS in a row (chain) was also
+ * added.
+ */
+static bool parse_pem(const char *data, size_t total_len, size_t *data_len)
+{
+ const char *eol;
+ const char *label;
+ size_t label_len;
+ const char *start = NULL;
+
+ while (total_len) {
+ eol = next_eol(data, total_len);
+
+ if (!start) {
+ label = IS_PEM_START(data, eol - data, &label_len);
+ if (label)
+ start = label - strlen("-----BEGIN ");
+ } else if (start && IS_PEM_END(data, eol - data,
+ label, label_len)) {
+ const char *new_eol;
+
+ new_eol = next_eol(eol + 1, total_len - (eol - data));
+
+ label = IS_PEM_START(eol + 1, new_eol - eol - 1,
+ &label_len);
+ if (!label) {
+ /* No more PEMs in chain */
+ *data_len = eol - start + 1;
+ return true;
+ }
+
+ /* Continue to next PEM */
+ eol = new_eol;
+ }
+
+ if (eol == data + total_len)
+ break;
+
+ total_len -= eol + 1 - data;
+ data = eol + 1;
+
+ if (total_len && *eol == '\r' && *data == '\n') {
+ data++;
+ total_len--;
+ }
+ }
+
+ return false;
+}
It almost seems like you want a version of 'pem_load_buffer' that simply
doesn't perform the base64 decode...
+
+struct group_extension {
+ char *name;
+ bool (*parse)(const char *data, size_t total_len, size_t *data_len);
Just do ssize_t (*parse)(const void *data, size_t len);
+};
+
+static struct group_extension pem_extension = {
+ .name = "pem",
+ .parse = parse_pem,
+};
+
+struct group_extension *extensions[] = {
+ &pem_extension,
+ NULL
+};
+
+static struct group_extension *find_group_extension(const char *type)
+{
+ unsigned int i;
+
+ for (i = 0; extensions[i]; i++) {
+ if (!strcmp(type, extensions[i]->name))
+ return extensions[i];
+ }
+
+ return NULL;
+}
+
+static bool parse_extended_group(struct l_settings *setting, const char *data,
+ size_t line_len, size_t total_len,
+ size_t *offset)
+{
+ struct group_data *group;
+ struct group_extension *ext;
+ char *ptr1, *ptr2;
+ char *type, *name;
+
+ /* Must be at least [@[email protected]]\n */
+ if (line_len < 7)
+ return false;
+
+ /* extended type */
+ ptr1 = strchr(data, '@');
+ if (!ptr1)
+ return false;
You sort of already checked this in the caller. And you can't assume
any of these are null terminated.
+
+ ptr2 = strchr(ptr1 + 1, '@');
+ if (!ptr2)
+ return false;
+
+ type = l_strndup(ptr1 + 1, ptr2 - ptr1 - 1);
+
+ ptr1 = strchr(ptr2, ']');
+ if (!ptr1)
+ goto free_type;
+
+ if (ptr1[1] != '\n')
+ goto free_type;
+
+ if (ptr1 - ptr2 - 1 < 1)
+ goto free_type;
+
+ name = l_strndup(ptr2 + 1, ptr1 - ptr2 - 1);
+
+ ext = find_group_extension(type);
+ if (!ext)
+ goto free_name;
+
+ if (!ext->parse(ptr1 + 2, total_len - line_len, offset))
+ goto free_name;
+
+ group = l_new(struct group_data, 1);
+ group->name = name;
+ group->ext_type = type;
+ group->ext_data = l_strndup(ptr1 + 2, *offset);
+
+ l_queue_push_tail(setting->groups, group);
+
+ return true;
+
+free_name:
+ l_free(name);
+free_type:
+ l_free(type);
+ return false;
+}
+
static bool parse_group(struct l_settings *settings, const char *data,
size_t len, size_t line)
{
@@ -382,6 +554,7 @@ LIB_EXPORT bool l_settings_load_from_data(struct l_settings
*settings,
const char *eol;
size_t line = 1;
size_t line_len;
+ size_t ext_offset = 0;
if (unlikely(!settings || !data || !len))
return false;
@@ -404,7 +577,19 @@ LIB_EXPORT bool l_settings_load_from_data(struct l_settings
*settings,
line_len = eol - data - pos;
- if (data[pos] == '[') {
+ if (data[pos] == '[' && data[pos + 1] == '@') {
Careful of buffer overflows
+ r = parse_extended_group(settings, data + pos,
+ line_len, len - pos,
+ &ext_offset);
+ if (!r)
+ return false;
+
+ /*
+ * This is the offset for the actual raw data, the
+ * group line will be offset below
+ */
+ pos += ext_offset;
+ } else if (data[pos] == '[') {
r = parse_group(settings, data + pos, line_len, line);
if (r)
has_group = true;
<snip>
diff --git a/ell/settings.h b/ell/settings.h
index 0da9f55..bf7bc44 100644
--- a/ell/settings.h
+++ b/ell/settings.h
@@ -123,6 +123,11 @@ bool l_settings_remove_key(struct l_settings *settings, const char
*group_name,
const char *key);
bool l_settings_remove_group(struct l_settings *settings,
const char *group_name);
+
+bool l_settings_is_extended_group(struct l_settings *settings,
+ const char *group);
I would actually keep extended groups separately. So maybe
char **l_settings_get_embedded_groups(settings);
bool l_settings_has_embedded_group(settings, group);
const char *l_settings_get_embedded_value(settings, group, char **out_type);
or perhaps
const char *l_settings_get_embedded_type(settings, group);
It is arguable whether you want to set or remove embedded groups, so we
can leave that capability out for now.
+const char *l_settings_get_extended_data(struct l_settings
*settings,
+ const char *group);
#ifdef __cplusplus
}
#endif
Regards,
-Denis
7:30 p.m.
New subject: [PATCH 5/5] unit/test-settings: add pem extended type tests
---
unit/settings.test | 28 ++++++
unit/test-settings.c | 234 ++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 259 insertions(+), 3 deletions(-)
diff --git a/unit/settings.test b/unit/settings.test
index 3884f7d..5f2d4f8 100644
--- a/unit/settings.test
+++ b/unit/settings.test
@@ -20,3 +20,31 @@ StringList=Foo,Bar,Baz
StringListEmpty=
StringListOne=FooBarBaz
StringWithSpaces=Bar B Q
+
+[@[email protected]]
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL
+BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y
+Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc
+BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00
+NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg
+RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1
+ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet
+1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0
+v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H
+ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO
+A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq
+wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw
+gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX
+jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz
+BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp
+b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN
+AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG
+SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53
+4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d
+tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS
+SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th
+MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P
+DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK
+-----END CERTIFICATE-----
diff --git a/unit/test-settings.c b/unit/test-settings.c
index 4d4fb68..4e790fb 100644
--- a/unit/test-settings.c
+++ b/unit/test-settings.c
@@ -30,6 +30,120 @@
#include <ell/ell.h>
+#define TEST_CERTIFICATE \
+ "-----BEGIN CERTIFICATE-----\n" \
+ "MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL\n" \
+ "BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y\n" \
+ "Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc\n" \
+ "BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00\n" \
+ "NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg\n" \
+ "RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1\n" \
+ "ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG\n" \
+ "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet\n" \
+ "1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0\n" \
+ "v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H\n" \
+ "ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO\n" \
+ "A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq\n" \
+ "wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw\n" \
+ "gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX\n" \
+ "jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz\n" \
+ "BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp\n" \
+ "b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN\n" \
+ "AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG\n" \
+ "SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53\n" \
+ "4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d\n" \
+ "tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS\n" \
+ "SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th\n" \
+ "MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P\n" \
+ "DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK\n" \
+ "-----END CERTIFICATE-----\n"
+
+#define TEST_CERT_LIST \
+ "-----BEGIN CERTIFICATE-----\n" \
+ "MIIEXDCCA0SgAwIBAgIJALjNE85c9plgMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV\n" \
+ "BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z\n" \
+ "MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB\n" \
+ "Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTkwOTE2MTcxMzAzWhcNNDcwMjAxMTcxMzAz\n" \
+ "WjB4MTUwMwYDVQQKDCxJbnRlcm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3Jn\n" \
+ "YW5pemF0aW9uczEfMB0GA1UEAwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwG\n" \
+ "CSqGSIb3DQEJARYPY2FAbWFpbC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" \
+ "AQ8AMIIBCgKCAQEA7Lft5O6BtUUokuueQ7mBQVzRzPeH0Nl3NjgGnfBYcz7O2Jca\n" \
+ "rFSBPsV76reUG4QFQudsdwyaLOpniFFSFaI3GRXMxjwZJJjLqvT0aebTiLUSKseA\n" \
+ "QkP/NSITmIljs2yclnPJGIApLuFvykPagx+yc9ckbziEz1PvKB/ukbiU/zt6QCru\n" \
+ "BbyCQ1kWBuyrS3RC0/UgmrSbL7YkkmuD2B1vyZLIoPsJijXs2GJQY3a+zpLemTth\n" \
+ "i/Vw4AURJS1gfEUDNzf9Y9+o7vWJfzk+g7xm1XpMTsNTd7q6UwHOi1xdiKCEPT+q\n" \
+ "c3LXi7qgWqSXeD+F513PM3JMJ3Wk1H8K4VwJwQIDAQABo4HoMIHlMAwGA1UdEwQF\n" \
+ "MAMBAf8wHQYDVR0OBBYEFMuhnjqw8YGMg0cyYlQppMncWis/MIG1BgNVHSMEga0w\n" \
+ "gaqAFJ75Zb78cte1aqkdBX4EuDcM140noXykejB4MTUwMwYDVQQKDCxJbnRlcm5h\n" \
+ "dGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3JnYW5pemF0aW9uczEfMB0GA1UEAwwW\n" \
+ "Q2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwGCSqGSIb3DQEJARYPY2FAbWFpbC5l\n" \
+ "eGFtcGxlghQog5dBcTIdmw4XD/6KEME0ZNCdZTANBgkqhkiG9w0BAQsFAAOCAQEA\n" \
+ "PjX5n/fgkskZmh9aRhX8r9985JtxMdgogJP4uwRbfuQPzAqYyu9QlAOcRl6tNGN7\n" \
+ "mztB5RfJ9HDyjS9iGXsvKXS8wT5ELbuATev+C1Ppxakd3gvJMN4ZqYn32JqRYigN\n" \
+ "L2V2jo9RzVUuFa3YP6sw0KfZAfHsfUmQCxAm8HAfQg98aYyIXu/OzeVUsAuhfqWN\n" \
+ "qvWcOLjTQTn6t10OHHdIYw59EpIEOPD3Opq7pLgIm+EV3eVMWthSLYbEhIavh8Pc\n" \
+ "xN9lqCg887kTawbXbXd49Z8jYZxjxQl7IoonvIyrPhhabKjKCpE2bRFzzpia0PkC\n" \
+ "fRgh+KB2tqIeAoekDllmbA==\n" \
+ "-----END CERTIFICATE-----\n" \
+ "-----BEGIN CERTIFICATE-----\n" \
+ "MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL\n" \
+ "BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y\n" \
+ "Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc\n" \
+ "BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00\n" \
+ "NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg\n" \
+ "RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1\n" \
+ "ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG\n" \
+ "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet\n" \
+ "1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0\n" \
+ "v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H\n" \
+ "ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO\n" \
+ "A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq\n" \
+ "wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw\n" \
+ "gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX\n" \
+ "jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz\n" \
+ "BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp\n" \
+ "b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN\n" \
+ "AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG\n" \
+ "SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53\n" \
+ "4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d\n" \
+ "tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS\n" \
+ "SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th\n" \
+ "MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P\n" \
+ "DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK\n" \
+ "-----END CERTIFICATE-----\n"
+
+#define TEST_PRIV_KEY \
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \
+ "MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIvjkVXsNnUUgCAggA\n" \
+ "MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBAQfXcH4tJZzrKM0bmpXyQWBIIE\n" \
+ "0FwZdv9kfXAZVbPIC2UZLpAqrFqxaaxPMA7FxZrS2sI7QmkXEIfO5TkR8IupYigh\n" \
+ "s/41jv7V5Mij1syrSodfiYDq3Y0gb9tF9Cb0FNoJwJ9f29X/h1GgnG5NPQBQEH4d\n" \
+ "zkqCA8Q8tzh8UTGXLcPwKYSmsAK9Rq739qre5qwHY0+hcoCtUfrev4twFUSC/PUj\n" \
+ "oJDFUxQyVt+WCjcuOG+ugWZSENJJe2O8pAqmt7ChuNKGZTe0UEFn/pxgAAgQYfaz\n" \
+ "lH/Nx7OQBSVqxdVkFr03/j8eeBy/SzZubirThd0aehwsQTw5/M9rSX8p2ldyjUWF\n" \
+ "Fb+UjXFFWdOs21rZtO0LcbdZlIVK94mswI4zo+Vv3f7DsAZPgW+Y36UJbzZNtxRl\n" \
+ "C8t97KH3NozGZIq0znC3CmdYk3EsIlMasp1vgyIpjnsyZcCVtCqbl2+PORv4gZyA\n" \
+ "9/PMNDNGambIERa4WCLc+Sx5lTryK6wNzQXCMigrpB7yaD+s2CA4OxvdU99iMQzD\n" \
+ "9/7cRvEQn/qFhcdTpz3wt97Gs51A+IleJbj9l/50sEsfQmcLVlUM3VbKtozUkaV1\n" \
+ "+5/O15HtMQp0jsjwTlz1AzW5eanPIGoFzLiHKfauzrO5L3i5I2G9GGeCtbUV0+Ts\n" \
+ "CTwT2kCUnypaNl4D5qdtxe3h+78uW3Yz0f5t4Yw/RlYVSJQZ7irdi3QTgDEEBrpL\n" \
+ "pOXTd8nRNxZ+zJZ5ifnBB0Ed+cMxmyKcliVnVLSV0KseNn3tKZwmRUtMBiPqKUD1\n" \
+ "qh8KskfJ0ye8jdcWIubP/gvDh5OgkSz1OdDZKH/RmkktUWCJoyXOMxIz+7GH9u3n\n" \
+ "n9Z6uAteNTefTJyawA3dwlGvRhySAI2nMl2Aj0g+6/ztpUUjXVx09oxZqh9Bn9k4\n" \
+ "t+gKaf4osH51QcKFs8J2YcYCwEYilzRAUwyw65Bo/k4myNXA5t2xSWfQIYRY+Yob\n" \
+ "pmbhOfDMLY1spEVHQ49hXvKE99eP5dyA0CmwZw2gkbXCYBEE1IPthJGYxO4zZdrq\n" \
+ "AYZq22L+09o0899pnD+p/eDTwKaFenjHVqO71khXurF6q7EPz9m4SkphDSNe/9Tc\n" \
+ "O11yMrQE9OUBTTd3zYuN8KuZpj2aW2p5/Z7pqCYJTDwlV/+HRmS/8aJ/sgHfYXpS\n" \
+ "Wpl/SHav6qI7fE5BlKwOwWE6O+vf0Nm9AMsbMErXTFdXe5dAin/uNuFyJM3bTHVO\n" \
+ "SR/R7/zsNoMJwsgogGMSiFbG1ebcSTgMNHKMFS8RvCBNX44fErW2r0bfNjHU4GgO\n" \
+ "KJFukksz/6tNfpIi9lU0Xojc7W8CJVdA9RTx8+LClM5nwFQlqyfIrtEXUK5BM+Vz\n" \
+ "2OI8DlMTpp0+JbSAdE3z1i8cEDFmbfaJ2pNX/1M0JPfcZmZsJiMtNC5Fn6MFBQME\n" \
+ "Fu1MyJuUr+maOqPLb6c4aYa7gVWpiRwwK8nTe1FofKeEY7mi7PyNJI7pARIDmoD4\n" \
+ "d5yFZ9Itg/5/XK7GfuRdve1m5/YGpV+u3HWqDnk/xBJ5FhyF9aIPzROYhXkRkVZz\n" \
+ "rn7DSN3XL2XXtUMle9++kRNmjB8h9GGn4ljunjs9YJBVTb1Y9C9vH1xLh2hknL4M\n" \
+ "h+XY4w5Os5FZNEkIQd/0gLUwgQRK5+j3aetp085GutPR\n" \
+ "-----END ENCRYPTED PRIVATE KEY-----\n"
+
static const char *data1 = "[Foobar]\n#Comment\n#Comment2\nKey=Value\n"
"IntegerA=2147483647\nIntegerB=-2147483648\n"
"IntegerC=4294967295\nIntegerD=9223372036854775807\n"
@@ -45,7 +159,9 @@ static const char *data1 =
"[Foobar]\n#Comment\n#Comment2\nKey=Value\n"
"StringList=Foo,Bar,Baz\n"
"StringListEmpty=\n"
"StringListOne=FooBarBaz\n"
- "StringWithSpaces=Bar B Q\n";
+ "StringWithSpaces=Bar B Q\n\n"
+ "[@[email protected]]\n"
+ TEST_CERTIFICATE;
static const char *data2 = "[Group1]\nKey=Value\n"
"IntegerA=2147483647\nIntegerB=-2147483648\n"
@@ -60,7 +176,11 @@ static const char *data2 = "[Group1]\nKey=Value\n"
"StringList=Foo,Bar,Baz\n"
"StringListEmpty=\n"
"StringListOne=FooBarBaz\n\n"
- "[Group2]\nKey=Value\n";
+ "[Group2]\nKey=Value\n\n"
+ "[@[email protected]]\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEajCCA1KgAwIBAgoZIhvcNAQEL\n"
+ "-----END CERTIFICATE-----\n";
static void settings_debug(const char *str, void *userdata)
{
@@ -141,7 +261,10 @@ static void test_settings(struct l_settings *settings)
strv = l_settings_get_groups(settings);
assert(strv);
assert(!strcmp(strv[0], "Foobar"));
- assert(!strv[1]);
+ assert(!strcmp(strv[1], "certificate"));
+ assert(l_settings_is_extended_group(settings, strv[1]));
+ assert(!l_settings_is_extended_group(settings, strv[0]));
+ assert(!strv[2]);
l_strfreev(strv);
assert(!l_settings_get_keys(settings, "Nonexistent"));
@@ -160,6 +283,108 @@ static void test_settings(struct l_settings *settings)
assert(!l_settings_has_group(settings, "Foobar"));
}
+static void test_valid_extended_group(const void *test_data)
+{
+ const char *raw_data =
+ "[normal]\n"
+ "key=value\n"
+ "[@[email protected]_cert]\n"
+ TEST_CERTIFICATE
+ "[next_group]\n"
+ "another_key=another_value\n"
+ "[@[email protected]_certs]\n"
+ TEST_CERT_LIST
+ "\n"
+ "[group_after_list]\n"
+ "key=value\n\n\n\n"
+ "[@[email protected]_key]\n"
+ TEST_PRIV_KEY
+ "\n\n\n\n";
+ struct l_settings *settings = l_settings_new();
+ const char *certificate = TEST_CERTIFICATE;
+ const char *two_certs = TEST_CERT_LIST;
+ const char *priv_key = TEST_PRIV_KEY;
+ const char *test_cert;
+
+ assert(l_settings_load_from_data(settings, raw_data, strlen(raw_data)));
+
+ assert(l_settings_has_group(settings, "normal"));
+ assert(l_settings_has_group(settings, "next_group"));
+ assert(!l_settings_get_value(settings, "single_cert", "value"));
+
+ assert(l_settings_has_group(settings, "single_cert"));
+ assert(l_settings_is_extended_group(settings, "single_cert"));
+ test_cert = l_settings_get_extended_data(settings, "single_cert");
+ assert(!strcmp(test_cert, certificate));
+
+ assert(l_settings_has_group(settings, "two_certs"));
+ assert(l_settings_is_extended_group(settings, "two_certs"));
+ test_cert = l_settings_get_extended_data(settings, "two_certs");
+ assert(!strcmp(test_cert, two_certs));
+
+ assert(l_settings_has_group(settings, "priv_key"));
+ assert(l_settings_is_extended_group(settings, "priv_key"));
+ test_cert = l_settings_get_extended_data(settings, "priv_key");
+ assert(!strcmp(test_cert, priv_key));
+
+ l_settings_free(settings);
+}
+
+static void test_invalid_extended_group(const void *test_data)
+{
+ int i = 0;
+ const char *invalid_data[] = {
+ /* Unterminated PEM */
+ "[normal]\n"
+ "key=value\n"
+ "[@[email protected]_pem]\n"
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhki",
+ /* Invalid ext type */
+ "[normal]\n"
+ "key=value\n"
+ "[@[email protected]]\n"
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n",
+ /* Valid ext type, invalid name */
+ "[normal]\n"
+ "key=value\n"
+ "[@[email protected]]\n"
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n",
+ /* Invalid ext type */
+ "[normal]\n"
+ "key=value\n"
+ "[@@some_name]\n"
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n",
+ /* second PEM invalid */
+ "[normal]\n"
+ "key=value\n"
+ "[@[email protected]_pems]\n"
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhki\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n"
+ "-----BEGIN \n",
+ /* end boundary only */
+ "[normal]\n"
+ "key=value\n"
+ "[@[email protected]_pems]\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n",
+ NULL
+ };
+
+ struct l_settings *settings = l_settings_new();
+
+ while (invalid_data[i]) {
+ assert(!l_settings_load_from_data(settings, invalid_data[i],
+ strlen(invalid_data[i])));
+ i++;
+ }
+
+ l_settings_free(settings);
+}
+
static void test_load_from_data(const void *test_data)
{
struct l_settings *settings;
@@ -319,6 +544,9 @@ int main(int argc, char *argv[])
l_test_add("Export to Data 1", test_to_data, data2);
l_test_add("Invalid Data 1", test_invalid_data, no_group_data);
l_test_add("Invalid Data 2", test_invalid_data, key_before_group_data);
+ l_test_add("Test valid ext group", test_valid_extended_group, NULL);
+ l_test_add("Test invalid ext group", test_invalid_extended_group, NULL);
+
return l_test_run();
}
--
2.17.1
1054
days inactive
1054
days old
7 comments
2 participants
participants (2)
-
Denis Kenzior -
James Prestwood