diff options
Diffstat (limited to 'contrib/ntp/sntp/tests/crypto.c')
-rw-r--r-- | contrib/ntp/sntp/tests/crypto.c | 114 |
1 files changed, 107 insertions, 7 deletions
diff --git a/contrib/ntp/sntp/tests/crypto.c b/contrib/ntp/sntp/tests/crypto.c index fb2dc62981f3..64c784dc74b0 100644 --- a/contrib/ntp/sntp/tests/crypto.c +++ b/contrib/ntp/sntp/tests/crypto.c @@ -5,17 +5,25 @@ #include "sntptest.h" #include "crypto.h" +#define CMAC "AES128CMAC" + #define MD5_LENGTH 16 #define SHA1_LENGTH 20 +#define CMAC_LENGTH 16 void test_MakeMd5Mac(void); void test_MakeSHA1Mac(void); +void test_MakeCMac(void); void test_VerifyCorrectMD5(void); void test_VerifySHA1(void); +void test_VerifyCMAC(void); void test_VerifyFailure(void); void test_PacketSizeNotMultipleOfFourBytes(void); +void VerifyLocalCMAC(struct key *cmac); +void VerifyOpenSSLCMAC(struct key *cmac); + void test_MakeMd5Mac(void) @@ -31,8 +39,9 @@ test_MakeMd5Mac(void) md5.key_id = 10; md5.key_len = 6; memcpy(&md5.key_seq, "md5seq", md5.key_len); - memcpy(&md5.type, "MD5", 4); - + strlcpy(md5.typen, "MD5", sizeof(md5.typen)); + md5.typei = keytype_from_text(md5.typen, NULL); + TEST_ASSERT_EQUAL(MD5_LENGTH, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual)); @@ -57,7 +66,8 @@ test_MakeSHA1Mac(void) sha1.key_id = 20; sha1.key_len = 7; memcpy(&sha1.key_seq, "sha1seq", sha1.key_len); - memcpy(&sha1.type, "SHA1", 5); + strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen)); + sha1.typei = keytype_from_text(sha1.typen, NULL); TEST_ASSERT_EQUAL(SHA1_LENGTH, make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual)); @@ -73,6 +83,38 @@ test_MakeSHA1Mac(void) void +test_MakeCMac(void) +{ +#ifdef OPENSSL + + const char* PKT_DATA = "abcdefgh0123"; + const int PKT_LEN = strlen(PKT_DATA); + const char* EXPECTED_DIGEST = + "\xdd\x35\xd5\xf5\x14\x23\xd9\xd6" + "\x38\x5d\x29\x80\xfe\x51\xb9\x6b"; + char actual[CMAC_LENGTH]; + + struct key cmac; + cmac.next = NULL; + cmac.key_id = 30; + cmac.key_len = CMAC_LENGTH; + memcpy(&cmac.key_seq, "aes-128-cmac-seq", cmac.key_len); + memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1); + + TEST_ASSERT_EQUAL(CMAC_LENGTH, + make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual)); + + TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); + +#endif /* OPENSSL */ +} + + +void test_VerifyCorrectMD5(void) { const char* PKT_DATA = @@ -87,7 +129,8 @@ test_VerifyCorrectMD5(void) md5.key_id = 0; md5.key_len = 6; memcpy(&md5.key_seq, "md5key", md5.key_len); - memcpy(&md5.type, "MD5", 4); + strlcpy(md5.typen, "MD5", sizeof(md5.typen)); + md5.typei = keytype_from_text(md5.typen, NULL); TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5)); } @@ -110,7 +153,8 @@ test_VerifySHA1(void) sha1.key_id = 0; sha1.key_len = 7; memcpy(&sha1.key_seq, "sha1key", sha1.key_len); - memcpy(&sha1.type, "SHA1", 5); + strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen)); + sha1.typei = keytype_from_text(sha1.typen, NULL); TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1)); @@ -121,6 +165,60 @@ test_VerifySHA1(void) #endif /* OPENSSL */ } + +void +test_VerifyCMAC(void) +{ + const char* PKT_DATA = + "sometestdata" /* Data */ + "\0\0\0\0" /* Key-ID (unused) */ + "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf" /* MAC */ + "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b"; + const int PKT_LEN = 12; + struct key cmac; + + cmac.next = NULL; + cmac.key_id = 0; + cmac.key_len = CMAC_LENGTH; + memcpy(&cmac.key_seq, "aes-128-cmac-key", cmac.key_len); + memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1); + + VerifyOpenSSLCMAC(&cmac); + VerifyLocalCMAC(&cmac); +} + + +void +VerifyOpenSSLCMAC(struct key *cmac) +{ +#ifdef OPENSSL + + /* XXX: HMS: auth_md5 must be renamed/incorrect. */ + // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac)); + TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping..."); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); + +#endif /* OPENSSL */ + return; +} + + +void +VerifyLocalCMAC(struct key *cmac) +{ + + /* XXX: HMS: auth_md5 must be renamed/incorrect. */ + // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac)); + + TEST_IGNORE_MESSAGE("Hook in the local AES-128-CMAC check!"); + + return; +} + + void test_VerifyFailure(void) { @@ -139,7 +237,8 @@ test_VerifyFailure(void) md5.key_id = 0; md5.key_len = 6; memcpy(&md5.key_seq, "md5key", md5.key_len); - memcpy(&md5.type, "MD5", 4); + strlcpy(md5.typen, "MD5", sizeof(md5.typen)); + md5.typei = keytype_from_text(md5.typen, NULL); TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5)); } @@ -157,7 +256,8 @@ test_PacketSizeNotMultipleOfFourBytes(void) md5.key_id = 10; md5.key_len = 6; memcpy(&md5.key_seq, "md5seq", md5.key_len); - memcpy(&md5.type, "MD5", 4); + strlcpy(md5.typen, "MD5", sizeof(md5.typen)); + md5.typei = keytype_from_text(md5.typen, NULL); TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual)); } |