2 Unit tests for the encrypted secrets code in encrypted_secrets.c
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2017
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 int ldb_encrypted_secrets_module_init(const char *version);
27 #define TEST_ENCRYPTED_SECRETS
28 #include "../encrypted_secrets.c"
31 struct tevent_context *ev;
32 struct ldb_context *ldb;
33 struct ldb_module *module;
36 const char *lockfile; /* lockfile is separate */
42 /* -------------------------------------------------------------------------- */
44 * Replace the dsdb helper routines used by the operational_init function
47 int dsdb_module_search_dn(
48 struct ldb_module *module,
50 struct ldb_result **_res,
51 struct ldb_dn *basedn,
52 const char * const *attrs,
54 struct ldb_request *parent)
56 struct ldb_context *ldb = ldb_module_get_ctx(module);
57 struct ldb_message *msg = ldb_msg_new(ldb);
58 struct ldb_result *res = talloc_zero(mem_ctx, struct ldb_result);
60 msg->dn = ldb_dn_new(msg, ldb, "@SAMBA_DSDB");
63 SAMBA_REQUIRED_FEATURES_ATTR,
64 SAMBA_ENCRYPTED_SECRETS_FEATURE);
66 res->msgs = talloc_array(mem_ctx, struct ldb_message*, 1);
72 int dsdb_module_reference_dn(
73 struct ldb_module *module,
76 const char *attribute,
78 struct ldb_request *parent)
82 /* -------------------------------------------------------------------------- */
84 static void unlink_old_db(struct ldbtest_ctx *test_ctx)
89 ret = unlink(test_ctx->lockfile);
90 if (ret == -1 && errno != ENOENT) {
95 ret = unlink(test_ctx->dbfile);
96 if (ret == -1 && errno != ENOENT) {
101 ret = unlink(test_ctx->keyfile);
102 if (ret == -1 && errno != ENOENT) {
107 static void write_key(void **state, DATA_BLOB key) {
109 struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
114 fp = fopen(test_ctx->keyfile, "wb");
117 written = fwrite(key.data, 1, key.length, fp);
118 assert_int_equal(written, key.length);
122 static const struct ldb_module_ops eol_ops = {
132 static int setup(void **state)
134 struct ldbtest_ctx *test_ctx = NULL;
135 struct ldb_module *eol = NULL;
138 test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
139 assert_non_null(test_ctx);
141 test_ctx->ev = tevent_context_init(test_ctx);
142 assert_non_null(test_ctx->ev);
144 test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
145 assert_non_null(test_ctx->ldb);
149 test_ctx->module = ldb_module_new(
153 &ldb_encrypted_secrets_module_ops);
154 assert_non_null(test_ctx->module);
155 eol = ldb_module_new(test_ctx, test_ctx->ldb, "eol", &eol_ops);
156 assert_non_null(eol);
157 ldb_module_set_next(test_ctx->module, eol);
159 test_ctx->dbfile = talloc_strdup(test_ctx, "apitest.ldb");
160 assert_non_null(test_ctx->dbfile);
162 test_ctx->lockfile = talloc_asprintf(test_ctx, "%s-lock",
164 assert_non_null(test_ctx->lockfile);
166 test_ctx->keyfile = talloc_strdup(test_ctx, SECRETS_KEY_FILE);
167 assert_non_null(test_ctx->keyfile);
169 test_ctx->dbpath = talloc_asprintf(test_ctx,
170 TEST_BE"://%s", test_ctx->dbfile);
171 assert_non_null(test_ctx->dbpath);
173 unlink_old_db(test_ctx);
175 rc = ldb_connect(test_ctx->ldb, test_ctx->dbpath, 0, NULL);
176 assert_int_equal(rc, 0);
181 static int setup_with_key(void **state)
183 struct ldbtest_ctx *test_ctx = NULL;
184 DATA_BLOB key = data_blob_null;
185 uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
186 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
191 key.length = sizeof(key_data);
193 write_key(state, key);
195 test_ctx = talloc_get_type_abort(*state, struct ldbtest_ctx);
197 struct ldb_message *msg = ldb_msg_new(test_ctx->ldb);
198 msg->dn = ldb_dn_new(msg, test_ctx->ldb, "@SAMBA_DSDB");
201 SAMBA_REQUIRED_FEATURES_ATTR,
202 SAMBA_ENCRYPTED_SECRETS_FEATURE);
203 ldb_add(test_ctx->ldb, msg);
206 rc = es_init(test_ctx->module);
207 assert_int_equal(rc, LDB_SUCCESS);
212 static int teardown(void **state)
214 struct ldbtest_ctx *test_ctx = talloc_get_type_abort(*state,
217 unlink_old_db(test_ctx);
218 talloc_free(test_ctx);
222 * No key file present.
224 * The key should be empty and encrypt_secrets should be false.
226 static void test_no_key_file(void **state)
228 struct ldbtest_ctx *test_ctx =
229 talloc_get_type_abort(*state, struct ldbtest_ctx);
230 struct es_data *data = NULL;
234 rc = es_init(test_ctx->module);
235 assert_int_equal(rc, LDB_SUCCESS);
237 data = talloc_get_type(ldb_module_get_private(test_ctx->module),
240 assert_false(data->encrypt_secrets);
241 assert_int_equal(0, data->keys[0].length);
248 * The key should be loaded and encrypt secrets should be true;
250 static void test_key_file(void **state)
252 struct ldbtest_ctx *test_ctx =
253 talloc_get_type_abort(*state, struct ldbtest_ctx);
254 struct es_data *data = NULL;
256 DATA_BLOB key = data_blob_null;
257 uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
258 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
261 key.length = sizeof(key_data);
263 write_key(state, key);
266 rc = es_init(test_ctx->module);
267 assert_int_equal(rc, LDB_SUCCESS);
269 data = talloc_get_type(ldb_module_get_private(test_ctx->module),
272 assert_true(data->encrypt_secrets);
273 assert_int_equal(16, data->keys[0].length);
274 assert_int_equal(0, data_blob_cmp(&key, &data->keys[0]));
279 * Key file present, short key.
281 * The key should be not be loaded and an error returned.
283 static void test_key_file_short_key(void **state)
285 struct ldbtest_ctx *test_ctx =
286 talloc_get_type_abort(*state, struct ldbtest_ctx);
288 DATA_BLOB key = data_blob_null;
289 uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
290 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e};
293 key.length = sizeof(key_data);
295 write_key(state, key);
298 rc = es_init(test_ctx->module);
299 assert_int_equal(rc, LDB_ERR_OPERATIONS_ERROR);
303 * Key file present, long key.
305 * Only the first 16 bytes of the key should be loaded.
307 static void test_key_file_long_key(void **state)
309 struct ldbtest_ctx *test_ctx =
310 talloc_get_type_abort(*state, struct ldbtest_ctx);
311 struct es_data *data = NULL;
313 DATA_BLOB key = data_blob_null;
314 uint8_t key_data[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0xf,
319 key.length = sizeof(key_data);
321 write_key(state, key);
323 rc = es_init(test_ctx->module);
324 assert_int_equal(rc, LDB_SUCCESS);
326 data = talloc_get_type(ldb_module_get_private(test_ctx->module),
329 assert_true(data->encrypt_secrets);
330 assert_int_equal(16, data->keys[0].length);
333 * Should have only read the first 16 bytes of the written key
336 assert_int_equal(0, data_blob_cmp(&key, &data->keys[0]));
340 * Test gnutls_encryption and decryption.
342 static void test_gnutls_value_decryption(void **state)
344 struct ldbtest_ctx *test_ctx =
345 talloc_get_type_abort(*state, struct ldbtest_ctx);
346 const struct ldb_val plain_text =
347 data_blob_string_const("A text value");
348 unsigned char iv_data[] = {
349 0xe7, 0xa3, 0x85, 0x17, 0x45, 0x73, 0xf4, 0x25,
350 0xa5, 0x56, 0xde, 0x4c,
352 unsigned char encrypted_data[] = {
353 0xac, 0x13, 0x86, 0x94, 0x3b, 0xed, 0xf2, 0x51,
354 0xec, 0x85, 0x4d, 0x00, 0x37, 0x81, 0x46, 0x15,
355 0x42, 0x13, 0xb1, 0x69, 0x49, 0x10, 0xe7, 0x9e,
356 0x15, 0xbd, 0x95, 0x75, 0x6b, 0x0c, 0xc0, 0xa4,
358 struct EncryptedSecret es = {
361 .length = sizeof(iv_data),
364 .magic = ENCRYPTED_SECRET_MAGIC_VALUE,
365 .version = SECRET_ATTRIBUTE_VERSION,
366 .algorithm = ENC_SECRET_AES_128_AEAD,
369 .data = encrypted_data,
370 .length = sizeof(encrypted_data),
373 unsigned char es_keys_blob[] = {
374 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
375 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
377 struct es_data data = {
378 .encrypt_secrets = true,
380 .data = es_keys_blob,
381 .length = sizeof(es_keys_blob),
383 .encryption_algorithm = GNUTLS_CIPHER_AES_128_GCM,
385 struct PlaintextSecret *decrypted =
386 talloc_zero(test_ctx, struct PlaintextSecret);
387 int err = LDB_SUCCESS;
389 gnutls_decrypt_aead(&err,
395 assert_int_equal(LDB_SUCCESS, err);
396 assert_int_equal(plain_text.length, decrypted->cleartext.length);
397 assert_int_equal(0, data_blob_cmp(&decrypted->cleartext, &plain_text));
401 * Test gnutls_encryption and decryption.
403 static void test_gnutls_value_encryption(void **state)
405 struct ldbtest_ctx *test_ctx =
406 talloc_get_type_abort(*state, struct ldbtest_ctx);
407 struct ldb_val plain_text = data_blob_null;
408 struct ldb_val cipher_text = data_blob_null;
409 struct EncryptedSecret es;
411 struct es_data *data = talloc_get_type(
412 ldb_module_get_private(test_ctx->module),
414 int err = LDB_SUCCESS;
417 plain_text = data_blob_string_const("A text value");
418 cipher_text = gnutls_encrypt_aead(
424 assert_int_equal(LDB_SUCCESS, err);
426 rc = ndr_pull_struct_blob(
430 (ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
431 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
432 assert_true(check_header(&es));
435 struct PlaintextSecret *decrypted =
436 talloc_zero(test_ctx, struct PlaintextSecret);
444 assert_int_equal(LDB_SUCCESS, err);
447 decrypted->cleartext.length);
450 &decrypted->cleartext,
455 static void test_gnutls_altered_header(void **state)
457 struct ldbtest_ctx *test_ctx =
458 talloc_get_type_abort(*state, struct ldbtest_ctx);
459 struct ldb_val plain_text = data_blob_null;
460 struct ldb_val cipher_text = data_blob_null;
461 struct EncryptedSecret es;
463 struct es_data *data = talloc_get_type(
464 ldb_module_get_private(test_ctx->module),
466 int err = LDB_SUCCESS;
469 plain_text = data_blob_string_const("A text value");
470 cipher_text = gnutls_encrypt_aead(
476 assert_int_equal(LDB_SUCCESS, err);
478 rc = ndr_pull_struct_blob(
482 (ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
483 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
484 assert_true(check_header(&es));
487 struct PlaintextSecret *decrypted =
488 talloc_zero(test_ctx, struct PlaintextSecret);
496 assert_int_equal(LDB_SUCCESS, err);
499 decrypted->cleartext.length);
502 &decrypted->cleartext,
505 es.header.flags = es.header.flags ^ 0xffffffff;
507 struct PlaintextSecret *decrypted =
508 talloc_zero(test_ctx, struct PlaintextSecret);
516 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
520 static void test_gnutls_altered_data(void **state)
522 struct ldbtest_ctx *test_ctx =
523 talloc_get_type_abort(*state, struct ldbtest_ctx);
524 struct ldb_val plain_text = data_blob_null;
525 struct ldb_val cipher_text = data_blob_null;
526 struct EncryptedSecret es;
528 struct es_data *data = talloc_get_type(
529 ldb_module_get_private(test_ctx->module),
531 int err = LDB_SUCCESS;
534 plain_text = data_blob_string_const("A text value");
535 cipher_text = gnutls_encrypt_aead(
541 assert_int_equal(LDB_SUCCESS, err);
543 rc = ndr_pull_struct_blob(
547 (ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
548 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
549 assert_true(check_header(&es));
552 struct PlaintextSecret *decrypted =
553 talloc_zero(test_ctx, struct PlaintextSecret);
561 assert_int_equal(LDB_SUCCESS, err);
564 decrypted->cleartext.length);
567 &decrypted->cleartext,
570 es.encrypted.data[0] = es.encrypted.data[0] ^ 0xff;
572 struct PlaintextSecret *decrypted =
573 talloc_zero(test_ctx, struct PlaintextSecret);
581 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
585 static void test_gnutls_altered_iv(void **state)
587 struct ldbtest_ctx *test_ctx =
588 talloc_get_type_abort(*state, struct ldbtest_ctx);
589 struct ldb_val plain_text = data_blob_null;
590 struct ldb_val cipher_text = data_blob_null;
591 struct EncryptedSecret es;
593 struct es_data *data = talloc_get_type(
594 ldb_module_get_private(test_ctx->module),
596 int err = LDB_SUCCESS;
599 plain_text = data_blob_string_const("A text value");
600 cipher_text = gnutls_encrypt_aead(
606 assert_int_equal(LDB_SUCCESS, err);
608 rc = ndr_pull_struct_blob(
612 (ndr_pull_flags_fn_t) ndr_pull_EncryptedSecret);
613 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
614 assert_true(check_header(&es));
617 struct PlaintextSecret *decrypted =
618 talloc_zero(test_ctx, struct PlaintextSecret);
626 assert_int_equal(LDB_SUCCESS, err);
629 decrypted->cleartext.length);
632 &decrypted->cleartext,
635 es.iv.data[0] = es.iv.data[0] ^ 0xff;
637 struct PlaintextSecret *decrypted =
638 talloc_zero(test_ctx, struct PlaintextSecret);
646 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
651 * Test samba encryption and decryption and decryption.
655 * Test message encryption.
656 * Test the secret attributes of a message are encrypted and decrypted.
657 * Test that the non secret attributes are not encrypted.
660 static void test_message_encryption_decryption(void **state)
662 struct ldbtest_ctx *test_ctx =
663 talloc_get_type_abort(*state, struct ldbtest_ctx);
664 struct ldb_context *ldb = test_ctx->ldb;
665 const char * const secrets[] = {DSDB_SECRET_ATTRIBUTES};
666 const size_t num_secrets
667 = (sizeof(secrets)/sizeof(secrets[0]));
668 struct ldb_message *msg = ldb_msg_new(ldb);
669 const struct ldb_message *encrypted_msg = NULL;
670 struct es_data *data = talloc_get_type(
671 ldb_module_get_private(test_ctx->module),
673 struct ldb_message_element *el = NULL;
674 int ret = LDB_SUCCESS;
678 msg->dn = ldb_dn_new(msg, ldb, "dc=test");
679 ldb_msg_add_string(msg, "cmocka_test_name01", "value01");
680 for (i=0; i < num_secrets; i++) {
686 ldb_msg_add_string(msg, "cmocka_test_name02", "value02");
688 encrypted_msg = encrypt_secret_attributes(
694 assert_int_equal(LDB_SUCCESS, ret);
697 * Check that all the secret attributes have been encrypted
700 for (i=0; i < num_secrets; i++) {
701 el = ldb_msg_find_element(encrypted_msg, secrets[i]);
703 for (j = 0; j < el->num_values; j++) {
704 int rc = LDB_SUCCESS;
705 struct ldb_val dc = decrypt_value(
711 assert_int_equal(LDB_SUCCESS, rc);
716 TALLOC_FREE(dc.data);
721 * Check that the normal attributes have not been encrypted
723 el = ldb_msg_find_element(encrypted_msg, "cmocka_test_name01");
728 el->values[0].length);
730 el = ldb_msg_find_element(encrypted_msg, "cmocka_test_name02");
735 el->values[0].length);
738 * Now decrypt the message
740 ret = decrypt_secret_attributes(test_ctx->ldb,
741 discard_const(encrypted_msg),
743 assert_int_equal(LDB_SUCCESS, ret);
746 * Check that all the secret attributes have been decrypted
748 for (i=0; i < num_secrets; i++) {
749 el = ldb_msg_find_element(encrypted_msg, secrets[i]);
751 for (j = 0; j < el->num_values; j++) {
755 el->values[j].length);
760 * Check that the normal attributes are intact
762 el = ldb_msg_find_element(msg, "cmocka_test_name01");
767 el->values[0].length);
769 el = ldb_msg_find_element(msg, "cmocka_test_name02");
774 el->values[0].length);
778 static void test_check_header(void **state)
780 struct ldbtest_ctx *test_ctx =
781 talloc_get_type_abort(*state, struct ldbtest_ctx);
783 struct ldb_val enc = data_blob_null;
784 struct EncryptedSecret *es = NULL;
788 * Valid EncryptedSecret
790 es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
791 rc = ndr_push_struct_blob(
795 (ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
796 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
797 assert_true(check_header(es));
798 TALLOC_FREE(enc.data);
802 * invalid magic value
804 es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
805 es->header.magic = 0xca5cadee;
806 rc = ndr_push_struct_blob(
810 (ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
811 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
812 assert_false(check_header(es));
813 TALLOC_FREE(enc.data);
819 es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
820 es->header.version = SECRET_ATTRIBUTE_VERSION + 1;
821 rc = ndr_push_struct_blob(
825 (ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
826 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
827 assert_false(check_header(es));
828 TALLOC_FREE(enc.data);
834 es = makeEncryptedSecret(test_ctx->ldb, test_ctx);
835 es->header.algorithm = SECRET_ENCRYPTION_ALGORITHM + 1;
836 rc = ndr_push_struct_blob(
840 (ndr_push_flags_fn_t) ndr_push_EncryptedSecret);
841 assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
842 assert_false(check_header(es));
843 TALLOC_FREE(enc.data);
848 * Attempt to decrypt a message containing an unencrypted secret attribute
851 static void test_unencrypted_secret(void **state)
853 struct ldbtest_ctx *test_ctx =
854 talloc_get_type_abort(*state, struct ldbtest_ctx);
855 struct ldb_context *ldb = test_ctx->ldb;
856 struct ldb_message *msg = ldb_msg_new(ldb);
857 struct es_data *data = talloc_get_type(
858 ldb_module_get_private(test_ctx->module),
860 int ret = LDB_SUCCESS;
862 msg->dn = ldb_dn_new(msg, ldb, "dc=test");
863 ldb_msg_add_string(msg, "unicodePwd", "value01");
865 ret = decrypt_secret_attributes(test_ctx->ldb, msg, data);
866 assert_int_equal(LDB_ERR_OPERATIONS_ERROR, ret);
870 * Test full decryption of a static value with static key
872 static void test_record_decryption(void **state)
874 struct ldbtest_ctx *test_ctx =
875 talloc_get_type_abort(*state, struct ldbtest_ctx);
876 unsigned char plain_data[] = {
877 0xe6, 0xa6, 0xb8, 0xff, 0xdf, 0x06, 0x6c, 0xe3,
878 0xea, 0xd0, 0x94, 0xbb, 0x79, 0xbd, 0x0a, 0x24
880 unsigned char encrypted_data[] = {
881 0x0c, 0x00, 0x00, 0x00, 0x33, 0x91, 0x74, 0x25,
882 0x26, 0xcc, 0x0b, 0x8c, 0x21, 0xc1, 0x13, 0xe2,
883 0xed, 0xad, 0x5c, 0xca, 0x01, 0x00, 0x00, 0x00,
884 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
885 0x1a, 0xdc, 0xc9, 0x11, 0x08, 0xca, 0x2c, 0xfb,
886 0xc8, 0x32, 0x6b, 0x1b, 0x25, 0x7f, 0x52, 0xbb,
887 0xae, 0x9b, 0x88, 0x52, 0xb0, 0x18, 0x6d, 0x9d,
888 0x9b, 0xdd, 0xcd, 0x1b, 0x5f, 0x4a, 0x5c, 0x29,
889 0xca, 0x0b, 0x36, 0xaa
891 struct ldb_val cipher_text
892 = data_blob_const(encrypted_data,
893 sizeof(encrypted_data));
894 unsigned char es_keys_blob[] = {
895 0x1d, 0xae, 0xf5, 0xaa, 0xa3, 0x85, 0x0d, 0x0a,
896 0x8c, 0x24, 0x5c, 0x4c, 0xa7, 0x0f, 0x81, 0x79
898 struct es_data data = {
899 .encrypt_secrets = true,
901 .data = es_keys_blob,
902 .length = sizeof(es_keys_blob),
904 .encryption_algorithm = GNUTLS_CIPHER_AES_128_GCM,
906 int err = LDB_SUCCESS;
907 struct ldb_val dec = decrypt_value(&err, test_ctx, test_ctx->ldb, cipher_text,
909 assert_int_equal(LDB_SUCCESS, err);
910 assert_int_equal(sizeof(plain_data), dec.length);
911 assert_memory_equal(dec.data, plain_data, sizeof(plain_data));
916 const struct CMUnitTest tests[] = {
917 cmocka_unit_test_setup_teardown(
921 cmocka_unit_test_setup_teardown(
925 cmocka_unit_test_setup_teardown(
926 test_key_file_short_key,
929 cmocka_unit_test_setup_teardown(
930 test_key_file_long_key,
933 cmocka_unit_test_setup_teardown(
937 cmocka_unit_test_setup_teardown(
938 test_gnutls_value_decryption,
941 cmocka_unit_test_setup_teardown(
942 test_gnutls_value_encryption,
945 cmocka_unit_test_setup_teardown(
946 test_gnutls_altered_header,
949 cmocka_unit_test_setup_teardown(
950 test_gnutls_altered_data,
953 cmocka_unit_test_setup_teardown(
954 test_gnutls_altered_iv,
957 cmocka_unit_test_setup_teardown(
958 test_message_encryption_decryption,
961 cmocka_unit_test_setup_teardown(
962 test_unencrypted_secret,
965 cmocka_unit_test_setup_teardown(
966 test_record_decryption,
971 cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
972 return cmocka_run_group_tests(tests, NULL, NULL);