diff options
author | Ladar Levison <ladar@lavabit.com> | 2018-07-18 09:24:30 +0300 |
---|---|---|
committer | Ladar Levison <ladar@lavabit.com> | 2018-07-18 09:24:30 +0300 |
commit | 84cf9d57a2b72d73461dd677ea9e15fcf6ff5cef (patch) | |
tree | c1ff97f8b75b5c7e37d1e744774762342158a88a /check | |
parent | b4ef1c2bedf53b5a57c0c9aa8990adcff6a4efa0 (diff) |
Fixed the realm key derivation scheme. Password change support added.feature/password-changes
Diffstat (limited to 'check')
-rw-r--r-- | check/magma/mail/load_check.c | 2 | ||||
-rw-r--r-- | check/magma/mail/store_check.c | 4 | ||||
-rw-r--r-- | check/magma/prime/stacie_check.c | 12 | ||||
-rw-r--r-- | check/magma/providers/provide_check.c | 16 | ||||
-rw-r--r-- | check/magma/users/users_check.c | 8 |
5 files changed, 19 insertions, 23 deletions
diff --git a/check/magma/mail/load_check.c b/check/magma/mail/load_check.c index 6999a829..f1a40994 100644 --- a/check/magma/mail/load_check.c +++ b/check/magma/mail/load_check.c @@ -37,7 +37,7 @@ bool_t check_mail_load_sthread(stringer_t *errmsg) { result = false; } - else if (meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification, + else if (meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification, META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_ALIASES | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(user))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); diff --git a/check/magma/mail/store_check.c b/check/magma/mail/store_check.c index f618e37d..e5a9ca18 100644 --- a/check/magma/mail/store_check.c +++ b/check/magma/mail/store_check.c @@ -36,7 +36,7 @@ bool_t check_mail_store_plaintext_sthread(stringer_t *errmsg) { result = false; } - else if (meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification, + else if (meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification, META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_ALIASES | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(user))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); @@ -106,7 +106,7 @@ bool_t check_mail_store_encrypted_sthread(stringer_t *errmsg) { result = false; } - else if (meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification, + else if (meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification, META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_ALIASES | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(user))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); diff --git a/check/magma/prime/stacie_check.c b/check/magma/prime/stacie_check.c index a1460d35..02b7b52c 100644 --- a/check/magma/prime/stacie_check.c +++ b/check/magma/prime/stacie_check.c @@ -93,7 +93,7 @@ bool_t check_stacie_simple(void) { st_free(extracted); // Calculate the symmetric key for the "mail" realm and check extracted cipher and vector key values. - if (!(combined_key = stacie_realm_key(master_key, NULLER("mail"), shard)) || + if (!(combined_key = stacie_realm_key(master_key, NULLER("mail"), shard, shard)) || !(vector_key = stacie_realm_vector(combined_key)) || st_cmp_cs_eq(vector_key, realm_vector_key) || !(tag_key = stacie_realm_tag(combined_key)) || st_cmp_cs_eq(tag_key, realm_tag_key) || !(cipher_key = stacie_realm_cipher(combined_key)) || st_cmp_cs_eq(cipher_key, realm_cipher_key)) { @@ -428,27 +428,27 @@ bool_t check_stacie_parameters(void) { return false; } - if ((res = stacie_realm_key(NULL, temp_st, temp_st64))) { + if ((res = stacie_realm_key(NULL, temp_st, temp_st64, temp_st64))) { st_free(res); return false; } - if ((res = stacie_realm_key(temp_st, temp_st, temp_st64))) { + if ((res = stacie_realm_key(temp_st, temp_st, temp_st64, temp_st64))) { st_free(res); return false; } - if ((res = stacie_realm_key(temp_st64, NULL, temp_st64))) { + if ((res = stacie_realm_key(temp_st64, NULL, temp_st64, temp_st64))) { st_free(res); return false; } - if ((res = stacie_realm_key(temp_st64, temp_st, NULL))) { + if ((res = stacie_realm_key(temp_st64, temp_st, NULL, NULL))) { st_free(res); return false; } - if ((res = stacie_realm_key(temp_st64, temp_st, temp_st))) { + if ((res = stacie_realm_key(temp_st64, temp_st, temp_st, temp_st))) { st_free(res); return false; } diff --git a/check/magma/providers/provide_check.c b/check/magma/providers/provide_check.c index 9f52e5bd..39e345ab 100644 --- a/check/magma/providers/provide_check.c +++ b/check/magma/providers/provide_check.c @@ -503,9 +503,8 @@ START_TEST (check_virus_s) { bool_t result = true; stringer_t *errmsg = MANAGEDBUF(1024); - if (status() && magma.iface.virus.available) { - result = check_virus_sthread(errmsg); - } + // If the anti-virus engine is disabled we skip this tests. + if (status() && magma.iface.virus.available) result = check_virus_sthread(errmsg); log_test("CHECKERS / VIRUS / SINGLE THREADED:", (magma.iface.virus.available ? errmsg : NULLER("SKIPPED"))); ck_assert_msg(result, st_char_get(errmsg)); @@ -552,14 +551,11 @@ START_TEST (check_dkim_s) { bool_t result = true; stringer_t *errmsg = MANAGEDBUF(1024); - // If the DKIM engine isn't enabled, then we'll skip the unit test. - if (!(result = magma.dkim.enabled)) st_sprint(errmsg, "SKIPPED"); - - // Otherwise, we'll perform the checks... unless the status variable indicates we shouldn't. - if (status() && result) result = check_dkim_sign_sthread(errmsg); - if (status() && result) result = check_dkim_verify_sthread(errmsg); + // If the DKIM engine is disabled we skip these tests. + if (status() && magma.dkim.enabled) result = check_dkim_sign_sthread(errmsg); + if (status() && magma.dkim.enabled && result) result = check_dkim_verify_sthread(errmsg); - log_test("CHECKERS / DKIM / SINGLE THREADED:", errmsg); + log_test("CHECKERS / DKIM / SINGLE THREADED:", (magma.dkim.enabled ? errmsg : NULLER("SKIPPED"))); ck_assert_msg(result, st_char_get(errmsg)); } diff --git a/check/magma/users/users_check.c b/check/magma/users/users_check.c index 37f04849..91b8d62f 100644 --- a/check/magma/users/users_check.c +++ b/check/magma/users/users_check.c @@ -85,14 +85,14 @@ START_TEST (check_users_meta_valid_s) { result = false; } - else if ((meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification, + else if ((meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification, META_PROTOCOL_POP, META_GET_MESSAGES | META_GET_KEYS, &(pop)))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); result = false; } - else if ((meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification, + else if ((meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification, META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(imap)))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); @@ -141,14 +141,14 @@ START_TEST (check_users_meta_invalid_s) { } // The verification token is XOR'ed with the master key, which should result in a failure. - if (auth && !(meta_get(auth->usernum, auth->username, st_xor(auth->keys.master, auth->tokens.verification, MANAGEDBUF(64)), + if (auth && !(meta_get(auth->usernum, auth->username, auth->seasoning.salt, st_xor(auth->keys.master, auth->tokens.verification, MANAGEDBUF(64)), auth->tokens.verification, META_PROTOCOL_POP, META_GET_MESSAGES | META_GET_KEYS, &(user)))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); result = false; } - else if (!(meta_get(auth->usernum, auth->username, auth->keys.master, st_xor(auth->keys.master, auth->tokens.verification, + else if (!(meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, st_xor(auth->keys.master, auth->tokens.verification, MANAGEDBUF(64)), META_PROTOCOL_POP, META_GET_MESSAGES | META_GET_KEYS, &(user)))) { st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username = %.*s / password = %.*s }", st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i])); |