lib-auth: scram - Add test to ensure invalid client proof is rejected

diff --git a/src/lib-auth/test-auth-scram.c b/src/lib-auth/test-auth-scram.c
index 5f13d5495acd1f2f95b5b8b314481ea723626a7b..88a0d965ea2c4299c6c27cc05467138efc9d9fad 100644 (file)
--- a/src/lib-auth/test-auth-scram.c
+++ b/src/lib-auth/test-auth-scram.c
@@ -173,6 +173,15 @@ test_auth_client_output(struct backend_context *bctx,
                case 21:
                        output = "n,,n=frop,r=0980923401388";
                        break;
+               case 22:
+                       output = "p";
+                       break;
+               case 23:
+                       output = "p=";
+                       break;
+               case 24:
+                       output = "p.a";
+                       break;
                default:
                        auth_scram_client_output(&bctx->asclient, output_r,
                                                 output_len_r);
@@ -219,6 +228,18 @@ test_auth_client_output(struct backend_context *bctx,
                                             "q=frop",
                                             NULL);
                        break;
+               case 25:
+                       output = t_strconcat(parts[0], ",", parts[1], ",",
+                                            "p", NULL);
+                       break;
+               case 26:
+                       output = t_strconcat(parts[0], ",", parts[1], ",",
+                                            "p=", NULL);
+                       break;
+               case 27:
+                       output = t_strconcat(parts[0], ",", parts[1], ",",
+                                            "p.a", NULL);
+                       break;
                default:
                        return;
                }
@@ -542,6 +563,42 @@ static void test_auth_server_error(void)
                &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_REQUIRED,
                AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 21);
        test_end();
+
+       test_begin("auth server error sha1 - invalid client proof (missing '=' and payload)");
+       test_auth_server_error_one(
+               &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_AVAILABLE,
+               AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 22);
+       test_end();
+
+       test_begin("auth server error sha1 - invalid client proof (missing payload)");
+       test_auth_server_error_one(
+               &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_AVAILABLE,
+               AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 23);
+       test_end();
+
+       test_begin("auth server error sha1 - invalid client proof (missing '=')");
+       test_auth_server_error_one(
+               &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_AVAILABLE,
+               AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 24);
+       test_end();
+
+       test_begin("auth server error sha1 - invalid client proof in final (missing '=' and payload)");
+       test_auth_server_error_one(
+               &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_NONE,
+               AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 25);
+       test_end();
+
+       test_begin("auth server error sha1 - invalid client proof in final (missing payload)");
+       test_auth_server_error_one(
+               &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_NONE,
+               AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 26);
+       test_end();
+
+       test_begin("auth server error sha1 - invalid client proof in final (missing '=')");
+       test_auth_server_error_one(
+               &hash_method_sha1, AUTH_SCRAM_CBIND_SERVER_SUPPORT_NONE,
+               AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION, 27);
+       test_end();
 }
 
 int main(void)