src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2024-05-10 15:15:56 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2024-05-26 22:55:52 +0000
commit	1f833b3fc9968c3dd7ed79ccf0525ebf16c891ad (patch)
tree	85801af20e3b694584668aeb39ecec75ee71f72c /sntp/tests
parent	ab1f1aa8333369a83ff284848fc3fc2e52d5f29f (diff)

vendor/ntp/4.2.8p18 vendor/ntp

Diffstat (limited to 'sntp/tests')

-rw-r--r--

sntp/tests/Makefile.in

-rw-r--r--

sntp/tests/crypto.c

235

-rw-r--r--

sntp/tests/fileHandlingTest.h.in

-rw-r--r--

sntp/tests/packetHandling.c

-rw-r--r--

sntp/tests/packetProcessing.c

168

-rw-r--r--

sntp/tests/run-crypto.c

-rw-r--r--

sntp/tests/run-packetProcessing.c

7 files changed, 342 insertions, 202 deletions

diff --git a/sntp/tests/Makefile.in b/sntp/tests/Makefile.in
index 2e52ab0b27ca..4363ed10d34e 100644
--- a/sntp/tests/Makefile.in
+++ b/sntp/tests/Makefile.in

@@ -97,6 +97,7 @@ check_PROGRAMS = test-crypto$(EXEEXT) test-keyFile$(EXEEXT) \

@BUILD_TEST_KODDATABASE_TRUE@am__append_1 = test-kodDatabase

@BUILD_TEST_KODFILE_TRUE@am__append_2 = test-kodFile

@NTP_CROSSCOMPILE_FALSE@am__append_3 = $(check_PROGRAMS)

+@LIBNTP_SUBMAKES_TRUE@am__append_4 = check-libntp

subdir = tests

ACLOCAL_M4 = $(top_srcdir)/aclocal.m4

am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \

@@ -107,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \

$(top_srcdir)/m4/ntp_cacheversion.m4 \

$(top_srcdir)/m4/ntp_compiler.m4 \

$(top_srcdir)/m4/ntp_crosscompile.m4 \

+ $(top_srcdir)/m4/ntp_crypto_rand.m4 \

$(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \

$(top_srcdir)/m4/ntp_facilitynames.m4 \

$(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \

@@ -675,6 +677,7 @@ PACKAGE_STRING = @PACKAGE_STRING@

PACKAGE_TARNAME = @PACKAGE_TARNAME@

PACKAGE_URL = @PACKAGE_URL@

PACKAGE_VERSION = @PACKAGE_VERSION@

+PATH_OPENSSL = @PATH_OPENSSL@

PATH_RUBY = @PATH_RUBY@

PATH_SEPARATOR = @PATH_SEPARATOR@

PKG_CONFIG = @PKG_CONFIG@

@@ -768,7 +771,7 @@ BUILT_SOURCES = $(srcdir)/run-crypto.c $(srcdir)/run-keyFile.c \

$(srcdir)/run-kodDatabase.c $(srcdir)/run-kodFile.c \

$(srcdir)/run-networking.c $(srcdir)/run-packetHandling.c \

$(srcdir)/run-packetProcessing.c $(srcdir)/run-utilities.c \

- $(NULL) check-libntp check-libsntp check-libunity .deps-ver

+ $(NULL) $(am__append_4) check-libsntp check-libunity .deps-ver

# data CLEANFILES down below

CLEANFILES = debug-output-lfp-bin debug-output-lfp-dec \

@@ -777,8 +780,7 @@ CLEANFILES = debug-output-lfp-bin debug-output-lfp-dec \

version.c $(NULL) data/kod-output-multiple \

data/kod-output-single data/debug-output-pkt \

data/debug-output-lfp-dec data/kod-output-blank \

- data/debug-output-lfp-bin $(NULL) check-libntp check-libsntp \

- check-libunity .deps-ver

+ data/debug-output-lfp-bin $(NULL) check-libunity .deps-ver

DISTCLEANFILES = kod-output-blank kod-output-single \

kod-output-multiple testLogfile.log testLogfile2.log $(NULL) \

$(DEPDIR)/deps-ver

@@ -1614,20 +1616,17 @@ FRC.scm-rev:

always out-of-date causing targets which depend on it to also \

be outdated so their rules to fire each time they are built.

-check-libntp: $(top_builddir)/../libntp/libntp.a

- @: avoid default SCCS get by some make implementations

+.PHONY: check-libntp

-$(top_builddir)/../libntp/libntp.a:

- cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

+@LIBNTP_SUBMAKES_TRUE@check-libntp:

+@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

-check-libsntp: $(top_builddir)/sntp/libsntp.a

- @: avoid default SCCS get by some make implementations

-$(top_builddir)/sntp/libsntp.a:

+.PHONY: check-libsntp

+check-libsntp:

cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) libsntp.a

check-libunity: $(top_builddir)/unity/libunity.a

- @: avoid default SCCS get by some make implementations

+ @echo stamp > $@

$(top_builddir)/unity/libunity.a:

cd $(top_builddir)/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a

diff --git a/sntp/tests/crypto.c b/sntp/tests/crypto.c
index 8ecd74368011..509efe79c3a2 100644
--- a/sntp/tests/crypto.c
+++ b/sntp/tests/crypto.c

@@ -7,15 +7,14 @@

#define CMAC "AES128CMAC"

-#define MD5_LENGTH 16

#define SHA1_LENGTH 20

#define CMAC_LENGTH 16

-void test_MakeMd5Mac(void);

+void test_MakeSHAKE128Mac(void);

void test_MakeSHA1Mac(void);

void test_MakeCMac(void);

-void test_VerifyCorrectMD5(void);

+void test_VerifySHAKE128(void);

void test_VerifySHA1(void);

void test_VerifyCMAC(void);

void test_VerifyFailure(void);

@@ -26,26 +25,36 @@ void VerifyOpenSSLCMAC(struct key *cmac);

void

-test_MakeMd5Mac(void)

+test_MakeSHAKE128Mac(void)

{

- const char* PKT_DATA = "abcdefgh0123";

- const int PKT_LEN = strlen(PKT_DATA);

- const char* EXPECTED_DIGEST =

- "\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b";

- char actual[MD5_LENGTH];

- struct key md5;

- md5.next = NULL;

- md5.key_id = 10;

- md5.key_len = 6;

- memcpy(&md5.key_seq, "md5seq", md5.key_len);

- strlcpy(md5.typen, "MD5", sizeof(md5.typen));

- md5.typei = keytype_from_text(md5.typen, NULL);

- TEST_ASSERT_EQUAL(MD5_LENGTH,

- make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));

- TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);

+#ifdef OPENSSL

+ const char KEY[] = "SHAKE128 unit test key";

+ const u_char PAYLOAD[] = "packettestdata16";

+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;

+ const u_char EXPECTED_DIGEST[] =

+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"

+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";

+ u_char actual[sizeof(EXPECTED_DIGEST) - 1];

+ struct key sk;

+ sk.next = NULL;

+ sk.key_id = 10;

+ sk.key_len = sizeof(KEY) - 1;

+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));

+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));

+ sk.typei = keytype_from_text(sk.typen, NULL);

+ TEST_ASSERT_EQUAL(sizeof(actual),

+ make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,

+ sizeof(actual)));

+ TEST_ASSERT_EQUAL_HEX8_ARRAY(EXPECTED_DIGEST, actual, sizeof(actual));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

+#endif /* OPENSSL */

}

@@ -70,14 +79,15 @@ test_MakeSHA1Mac(void)

sha1.typei = keytype_from_text(sha1.typen, NULL);

TEST_ASSERT_EQUAL(SHA1_LENGTH,

- make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual));

+ make_mac(PKT_DATA, PKT_LEN, &sha1, actual,

+ SHA1_LENGTH));

TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);

#else

TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

#endif /* OPENSSL */

}

@@ -93,8 +103,8 @@ test_MakeCMac(void)

"\xdd\x35\xd5\xf5\x14\x23\xd9\xd6"

"\x38\x5d\x29\x80\xfe\x51\xb9\x6b";

char actual[CMAC_LENGTH];

struct key cmac;

cmac.next = NULL;

cmac.key_id = 30;

cmac.key_len = CMAC_LENGTH;

@@ -102,37 +112,53 @@ test_MakeCMac(void)

memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);

TEST_ASSERT_EQUAL(CMAC_LENGTH,

- make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual));

+ make_mac(PKT_DATA, PKT_LEN, &cmac, actual, CMAC_LENGTH));

TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);

#else

- TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

+ TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");

#endif /* OPENSSL */

}

void

-test_VerifyCorrectMD5(void)

+test_VerifySHAKE128(void)

{

- const char* PKT_DATA =

- "sometestdata" /* Data */

- "\0\0\0\0" /* Key-ID (unused) */

- "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */

- "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac";

- const int PKT_LEN = 12;

+#ifdef OPENSSL

+ const char KEY[] = "SHAKE128 unit test key";

+ const u_char PAYLOAD[] = "packettestdata16";

+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;

+ const u_char EXPECTED_DIGEST[] =

+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"

+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";

+ const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;

+ struct key sk;

+ u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)

+ + DIGEST_LEN];

+ u_char *p;

+ sk.next = NULL;

+ sk.key_id = 0;

+ sk.key_len = sizeof(KEY) - 1;

+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));

+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));

+ sk.typei = keytype_from_text(sk.typen, NULL);

+ p = PKT_DATA;

+ memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;

+ memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);

+ memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;

+ TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);

+ TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));

+#else

- struct key md5;

- md5.next = NULL;

- md5.key_id = 0;

- md5.key_len = 6;

- memcpy(&md5.key_seq, "md5key", md5.key_len);

- strlcpy(md5.typen, "MD5", sizeof(md5.typen));

- md5.typei = keytype_from_text(md5.typen, NULL);

+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

- TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));

+#endif /* OPENSSL */

}

@@ -147,21 +173,21 @@ test_VerifySHA1(void)

"\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce" /* MAC */

"\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1";

const int PKT_LEN = 12;

struct key sha1;

sha1.next = NULL;

sha1.key_id = 0;

sha1.key_len = 7;

memcpy(&sha1.key_seq, "sha1key", sha1.key_len);

- strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));

+ strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));

sha1.typei = keytype_from_text(sha1.typen, NULL);

TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1));

#else

TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

#endif /* OPENSSL */

}

@@ -169,12 +195,6 @@ test_VerifySHA1(void)

void

test_VerifyCMAC(void)

{

- const char* PKT_DATA =

- "sometestdata" /* Data */

- "\0\0\0\0" /* Key-ID (unused) */

- "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf" /* MAC */

- "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b";

- const int PKT_LEN = 12;

struct key cmac;

cmac.next = NULL;

@@ -198,9 +218,9 @@ VerifyOpenSSLCMAC(struct key *cmac)

TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping...");

#else

- TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

+ TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");

#endif /* OPENSSL */

return;

}

@@ -222,42 +242,77 @@ VerifyLocalCMAC(struct key *cmac)

void

test_VerifyFailure(void)

{

- /* We use a copy of the MD5 verification code, but modify the

- * last bit to make sure verification fails.

+ /*

+ * We use a copy of test_VerifySHAKE128(), but modify the

+ * last packet octet to make sure verification fails.

- const char* PKT_DATA =

- "sometestdata" /* Data */

- "\0\0\0\0" /* Key-ID (unused) */

- "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */

- "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */

- const int PKT_LEN = 12;

+#ifdef OPENSSL

+ const char KEY[] = "SHAKE128 unit test key";

+ const u_char PAYLOAD[] = "packettestdata1_";

+ /* last packet byte different */

+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;

+ const u_char EXPECTED_DIGEST[] =

+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"

+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";

+ const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;

+ struct key sk;

+ u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)

+ + DIGEST_LEN];

+ u_char *p;

+ sk.next = NULL;

+ sk.key_id = 0;

+ sk.key_len = sizeof(KEY) - 1;

+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));

+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));

+ sk.typei = keytype_from_text(sk.typen, NULL);

+ p = PKT_DATA;

+ memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;

+ memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);

+ memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;

+ TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);

+ TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));

+#else

- struct key md5;

- md5.next = NULL;

- md5.key_id = 0;

- md5.key_len = 6;

- memcpy(&md5.key_seq, "md5key", md5.key_len);

- strlcpy(md5.typen, "MD5", sizeof(md5.typen));

- md5.typei = keytype_from_text(md5.typen, NULL);

+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

- TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));

+#endif /* OPENSSL */

}

void

test_PacketSizeNotMultipleOfFourBytes(void)

{

- const char* PKT_DATA = "123456";

- const int PKT_LEN = 6;

- char actual[MD5_LENGTH];

- struct key md5;

- md5.next = NULL;

- md5.key_id = 10;

- md5.key_len = 6;

- memcpy(&md5.key_seq, "md5seq", md5.key_len);

- strlcpy(md5.typen, "MD5", sizeof(md5.typen));

- md5.typei = keytype_from_text(md5.typen, NULL);

- TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));

+ /*

+ * We use a copy of test_MakeSHAKE128Mac(), but modify

+ * the packet length to 17.

+ */

+#ifdef OPENSSL

+ const char KEY[] = "SHAKE128 unit test key";

+ const u_char PAYLOAD[] = "packettestdata_17";

+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;

+ const u_char EXPECTED_DIGEST[] =

+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"

+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";

+ u_char actual[sizeof(EXPECTED_DIGEST) - 1];

+ struct key sk;

+ sk.next = NULL;

+ sk.key_id = 10;

+ sk.key_len = sizeof(KEY) - 1;

+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));

+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));

+ sk.typei = keytype_from_text(sk.typen, NULL);

+ TEST_ASSERT_EQUAL(0,

+ make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,

+ sizeof(actual)));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

+#endif /* OPENSSL */

}

diff --git a/sntp/tests/fileHandlingTest.h.in b/sntp/tests/fileHandlingTest.h.in
index b93ed9e90293..86c9f2c7cd0e 100644
--- a/sntp/tests/fileHandlingTest.h.in
+++ b/sntp/tests/fileHandlingTest.h.in

@@ -1,3 +1,9 @@

+/*

+ * fileHandlingTest.h[.in]

+ *

+ * @configure_input@

+ */

#ifndef FILE_HANDLING_TEST_H

#define FILE_HANDLING_TEST_H

@@ -23,4 +29,4 @@ extern int GetFileSize(FILE *file);

extern bool CompareFileContent(FILE* expected, FILE* actual);

extern void ClearFile(const char * filename) ;

-#endif // FILE_HANDLING_TEST_H

+#endif /* FILE_HANDLING_TEST_H */

diff --git a/sntp/tests/packetHandling.c b/sntp/tests/packetHandling.c
index 6787eeaa2fe9..cf52ccd60faa 100644
--- a/sntp/tests/packetHandling.c
+++ b/sntp/tests/packetHandling.c

@@ -72,26 +72,36 @@ test_GenerateUnauthenticatedPacket(void)

void

test_GenerateAuthenticatedPacket(void)

{

- static const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_MD5_LEN;

+#ifdef OPENSSL

+ const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_SHAKE128_LEN;

struct key testkey;

struct pkt testpkt;

struct timeval xmt;

l_fp expected_xmt, actual_xmt;

- char expected_mac[MAX_MD5_LEN];

+ const char key[] = "123456789";

+ size_t mac_sz;

+ const u_char expected_mac[] = {

+ 0x46, 0x79, 0x81, 0x6b,

+ 0x22, 0xe3, 0xa7, 0xaf,

+ 0x1d, 0x63, 0x20, 0xfb,

+ 0xc7, 0xd6, 0x87, 0x2c

+ };

testkey.next = NULL;

testkey.key_id = 30;

- testkey.key_len = 9;

- memcpy(testkey.key_seq, "123456789", testkey.key_len);

- strlcpy(testkey.typen, "MD5", sizeof(testkey.typen));

+ strlcpy(testkey.key_seq, key, sizeof(testkey.key_seq));

+ testkey.key_len = strlen(testkey.key_seq);

+ strlcpy(testkey.typen, "SHAKE128", sizeof(testkey.typen));

testkey.typei = keytype_from_text(testkey.typen, NULL);

- GETTIMEOFDAY(&xmt, NULL);

- xmt.tv_sec += JAN_1970;

+ xmt.tv_sec = JAN_1970;

+ xmt.tv_usec = 0;

TEST_ASSERT_EQUAL(EXPECTED_PKTLEN,

- generate_pkt(&testpkt, &xmt, testkey.key_id, &testkey));

+ generate_pkt(&testpkt, &xmt, testkey.key_id,

+ &testkey));

TEST_ASSERT_EQUAL(LEAP_NOTINSYNC, PKT_LEAP(testpkt.li_vn_mode));

TEST_ASSERT_EQUAL(NTP_VERSION, PKT_VERSION(testpkt.li_vn_mode));

@@ -105,10 +115,20 @@ test_GenerateAuthenticatedPacket(void)

TEST_ASSERT_TRUE(LfpEquality(expected_xmt, actual_xmt));

TEST_ASSERT_EQUAL(testkey.key_id, ntohl(testpkt.exten[0]));

- TEST_ASSERT_EQUAL(MAX_MD5_LEN - 4, /* Remove the key_id, only keep the mac. */

- make_mac(&testpkt, LEN_PKT_NOMAC, MAX_MD5_LEN-4, &testkey, expected_mac));

- TEST_ASSERT_EQUAL_MEMORY(expected_mac, (char*)&testpkt.exten[1], MAX_MD5_LEN -4);

+ TEST_ASSERT_EQUAL(sizeof(expected_mac), SHAKE128_LENGTH);

+ mac_sz = make_mac(&testpkt, LEN_PKT_NOMAC, &testkey,

+ &testpkt.exten[1], MAX_MDG_LEN);

+ TEST_ASSERT_EQUAL(mac_sz, SHAKE128_LENGTH);

+ TEST_ASSERT_EQUAL_MEMORY(expected_mac, (void *)&testpkt.exten[1],

+ SHAKE128_LENGTH);

+#else /* !OPENSSL follows */

+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");

+#endif

}

@@ -169,7 +189,7 @@ test_OffsetCalculationNegativeOffset(void)

rpkt.precision = -1;

rpkt.rootdelay = HTONS_FP(DTOUFP(0.5));

rpkt.rootdisp = HTONS_FP(DTOUFP(0.5));

/* Synch Distance is (0.5+0.5)/2.0, or 0.5 */

get_systime(&reftime);

HTONL_FP(&reftime, &rpkt.reftime);

diff --git a/sntp/tests/packetProcessing.c b/sntp/tests/packetProcessing.c
index 53c454a9f064..0e7fedee271c 100644
--- a/sntp/tests/packetProcessing.c
+++ b/sntp/tests/packetProcessing.c

@@ -15,7 +15,6 @@ extern int key_cnt;

void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq);

-void PrepareAuthenticationTestMD5(int key_id,int key_len,const void* key_seq);

void setUp(void);

void tearDown(void);

void test_TooShortLength(void);

@@ -35,14 +34,15 @@ void test_RejectWrongResponseServerMode(void);

void test_AcceptNoSentPacketBroadcastMode(void);

void test_CorrectUnauthenticatedPacket(void);

void test_CorrectAuthenticatedPacketMD5(void);

+void test_CorrectAuthenticatedPacketSHAKE128(void);

void test_CorrectAuthenticatedPacketSHA1(void);

void test_CorrectAuthenticatedPacketCMAC(void);

/* [Bug 2998] There are some issues whith the definition of 'struct pkt'

* when AUTOKEY is undefined -- the formal struct is too small to hold

* all the extension fields that are going to be tested. We have to make

- * sure we have the extra bytes, or the test yield undefined results due

- * to buffer overrun.

+ * sure we have the extra bytes, or the test yields undefined results due

+ * to buffer overrun.

#ifndef AUTOKEY

# define EXTRA_BUFSIZE 256

@@ -53,7 +53,7 @@ void test_CorrectAuthenticatedPacketCMAC(void);

union tpkt {

struct pkt p;

u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE];

-};

+};

static union tpkt testpkt;

static union tpkt testspkt;

@@ -70,35 +70,28 @@ PrepareAuthenticationTest(

)

{

char str[25];

- snprintf(str, 25, "%d", key_id);

+ snprintf(str, sizeof(str), "%d", key_id);

ActivateOption("-a", str);

key_cnt = 1;

- key_ptr = emalloc(sizeof(struct key));

+ if (NULL == key_ptr) {

+ key_ptr = emalloc(sizeof(*key_ptr));

+ }

key_ptr->next = NULL;

key_ptr->key_id = key_id;

key_ptr->key_len = key_len;

- memcpy(key_ptr->typen, type, strlen(type) + 1);

+ strncpy(key_ptr->typen, type, sizeof(key_ptr->typen));

TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));

- memcpy(key_ptr->key_seq, key_seq, key_ptr->key_len);

+ memcpy(key_ptr->key_seq, key_seq,

+ min(key_len, sizeof(key_ptr->key_seq)));

restoreKeyDb = true;

}

void

-PrepareAuthenticationTestMD5(

- int key_id,

- int key_len,

- const void * key_seq

- )

- PrepareAuthenticationTest(key_id, key_len, "MD5", key_seq);

-void

setUp(void)

{

@@ -109,7 +102,7 @@ setUp(void)

* so they contain at least some valid data.

testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION,

- MODE_SERVER);

+ MODE_SERVER);

testpkt.p.stratum = STRATUM_REFCLOCK;

memcpy(&testpkt.p.refid, "GPS\0", 4);

@@ -127,7 +120,7 @@ setUp(void)

void

tearDown(void)

if (restoreKeyDb) {

key_cnt = 0;

free(key_ptr);

@@ -171,7 +164,7 @@ test_TooShortExtensionFieldLength(void)

* still...

uint32_t * pe = testpkt.p.exten + 7;

/* The lower 16-bits are the length of the extension field.

* This lengths must be multiples of 4 bytes, which gives

* a minimum of 4 byte extension field length.

@@ -224,19 +217,20 @@ test_CryptoNAKPacketReject(void)

void

test_AuthenticatedPacketInvalid(void)

{

+#ifdef OPENSSL

+ size_t pkt_len = LEN_PKT_NOMAC;

+ size_t mac_len;

/* Activate authentication option */

- PrepareAuthenticationTestMD5(50, 9, "123456789");

+ PrepareAuthenticationTest(50, 9, "SHAKE128", "123456789");

TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

- /* Prepare the packet. */

- int pkt_len = LEN_PKT_NOMAC;

+ /* Prepare the packet. */

testpkt.p.exten[0] = htonl(50);

- int mac_len = make_mac(&testpkt.p, pkt_len,

- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,

- &testpkt.p.exten[1]);

+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,

+ &testpkt.p.exten[1], MAX_MDG_LEN);

- pkt_len += 4 + mac_len;

+ pkt_len += KEY_MAC_LEN + mac_len;

/* Now, alter the MAC so it becomes invalid. */

testpkt.p.exten[1] += 1;

@@ -244,30 +238,43 @@ test_AuthenticatedPacketInvalid(void)

TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,

process_pkt(&testpkt.p, &testsock, pkt_len,

MODE_SERVER, &testspkt.p, "UnitTest"));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");

+#endif

}

void

test_AuthenticatedPacketUnknownKey(void)

{

+#ifdef OPENSSL

+ size_t pkt_len = LEN_PKT_NOMAC;

+ size_t mac_len;

/* Activate authentication option */

- PrepareAuthenticationTestMD5(30, 9, "123456789");

+ PrepareAuthenticationTest(30, 9, "SHAKE128", "123456789");

TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

/* Prepare the packet. Note that the Key-ID expected is 30, but

* the packet has a key id of 50.

- int pkt_len = LEN_PKT_NOMAC;

testpkt.p.exten[0] = htonl(50);

- int mac_len = make_mac(&testpkt.p, pkt_len,

- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,

- &testpkt.p.exten[1]);

+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,

+ &testpkt.p.exten[1], MAX_MDG_LEN);

pkt_len += KEY_MAC_LEN + mac_len;

TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,

process_pkt(&testpkt.p, &testsock, pkt_len,

MODE_SERVER, &testspkt.p, "UnitTest"));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");

+#endif

}

@@ -282,7 +289,7 @@ test_ServerVersionTooOld(void)

TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION);

int pkt_len = LEN_PKT_NOMAC;

TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,

process_pkt(&testpkt.p, &testsock, pkt_len,

MODE_SERVER, &testspkt.p, "UnitTest"));

@@ -418,44 +425,96 @@ test_CorrectUnauthenticatedPacket(void)

void

test_CorrectAuthenticatedPacketMD5(void)

{

- PrepareAuthenticationTestMD5(10, 15, "123456789abcdef");

+#ifdef OPENSSL

+ keyid_t k_id = 10;

+ int pkt_len = LEN_PKT_NOMAC;

+ int mac_len;

+ PrepareAuthenticationTest(k_id, 15, "MD5", "123456789abcdef");

TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

+ /* Prepare the packet. */

+ testpkt.p.exten[0] = htonl(k_id);

+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,

+ &testpkt.p.exten[1], MAX_MDG_LEN);

+ /* TODO: Should not expect failure if non-FIPS OpenSSL */

+ TEST_EXPECT_FAIL_MESSAGE("FIPS OpenSSL bars MD5");

+ pkt_len += KEY_MAC_LEN + mac_len;

+ TEST_ASSERT_EQUAL(pkt_len,

+ process_pkt(&testpkt.p, &testsock, pkt_len,

+ MODE_SERVER, &testspkt.p, "UnitTest"));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");

+#endif

+void

+test_CorrectAuthenticatedPacketSHAKE128(void)

+#ifdef OPENSSL

+ keyid_t k_id = 10;

int pkt_len = LEN_PKT_NOMAC;

+ int mac_len;

+ PrepareAuthenticationTest(k_id, 15, "SHAKE128", "123456789abcdef");

+ TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

/* Prepare the packet. */

- testpkt.p.exten[0] = htonl(10);

- int mac_len = make_mac(&testpkt.p, pkt_len,

- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,

- &testpkt.p.exten[1]);

+ testpkt.p.exten[0] = htonl(k_id);

+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1],

+ SHAKE128_LENGTH);

pkt_len += KEY_MAC_LEN + mac_len;

TEST_ASSERT_EQUAL(pkt_len,

process_pkt(&testpkt.p, &testsock, pkt_len,

MODE_SERVER, &testspkt.p, "UnitTest"));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");

+#endif

}

void

test_CorrectAuthenticatedPacketSHA1(void)

{

- PrepareAuthenticationTest(20, 15, "SHA1", "abcdefghijklmno");

- TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

+#ifdef OPENSSL

+ keyid_t k_id = 20;

int pkt_len = LEN_PKT_NOMAC;

+ int mac_len;

+ PrepareAuthenticationTest(k_id, 15, "SHA1", "abcdefghijklmno");

+ TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));

/* Prepare the packet. */

- testpkt.p.exten[0] = htonl(20);

- int mac_len = make_mac(&testpkt.p, pkt_len,

- MAX_MDG_LEN, key_ptr,

- &testpkt.p.exten[1]);

+ testpkt.p.exten[0] = htonl(k_id);

+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1],

+ SHA1_LENGTH);

pkt_len += KEY_MAC_LEN + mac_len;

TEST_ASSERT_EQUAL(pkt_len,

process_pkt(&testpkt.p, &testsock, pkt_len,

MODE_SERVER, &testspkt.p, "UnitTest"));

+#else

+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");

+#endif

}

@@ -471,9 +530,8 @@ test_CorrectAuthenticatedPacketCMAC(void)

/* Prepare the packet. */

testpkt.p.exten[0] = htonl(30);

- int mac_len = make_mac(&testpkt.p, pkt_len,

- MAX_MAC_LEN, key_ptr,

- &testpkt.p.exten[1]);

+ int mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,

+ &testpkt.p.exten[1], MAX_MAC_LEN);

pkt_len += 4 + mac_len;

@@ -482,9 +540,9 @@ test_CorrectAuthenticatedPacketCMAC(void)

MODE_SERVER, &testspkt.p, "UnitTest"));

#else

- TEST_IGNORE_MESSAGE("OpenSSL CMAC not used, skipping...");

+ TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");

#endif /* OPENSSL */

}

diff --git a/sntp/tests/run-crypto.c b/sntp/tests/run-crypto.c
index a486f86c4035..83e8d19434aa 100644
--- a/sntp/tests/run-crypto.c
+++ b/sntp/tests/run-crypto.c

@@ -30,10 +30,10 @@

//=======External Functions This Runner Calls=====

extern void setUp(void);

extern void tearDown(void);

-extern void test_MakeMd5Mac(void);

+extern void test_MakeSHAKE128Mac(void);

extern void test_MakeSHA1Mac(void);

extern void test_MakeCMac(void);

-extern void test_VerifyCorrectMD5(void);

+extern void test_VerifySHAKE128(void);

extern void test_VerifySHA1(void);

extern void test_VerifyCMAC(void);

extern void test_VerifyFailure(void);

@@ -66,14 +66,14 @@ int main(int argc, char *argv[])

progname = argv[0];

suite_setup();

UnityBegin("crypto.c");

- RUN_TEST(test_MakeMd5Mac, 15);

- RUN_TEST(test_MakeSHA1Mac, 16);

- RUN_TEST(test_MakeCMac, 17);

- RUN_TEST(test_VerifyCorrectMD5, 18);

- RUN_TEST(test_VerifySHA1, 19);

- RUN_TEST(test_VerifyCMAC, 20);

- RUN_TEST(test_VerifyFailure, 21);

- RUN_TEST(test_PacketSizeNotMultipleOfFourBytes, 22);

+ RUN_TEST(test_MakeSHAKE128Mac, 14);

+ RUN_TEST(test_MakeSHA1Mac, 15);

+ RUN_TEST(test_MakeCMac, 16);

+ RUN_TEST(test_VerifySHAKE128, 17);

+ RUN_TEST(test_VerifySHA1, 18);

+ RUN_TEST(test_VerifyCMAC, 19);

+ RUN_TEST(test_VerifyFailure, 20);

+ RUN_TEST(test_PacketSizeNotMultipleOfFourBytes, 21);

return (UnityEnd());

}

diff --git a/sntp/tests/run-packetProcessing.c b/sntp/tests/run-packetProcessing.c
index c91a6d340a39..eeeb6f1bf2f6 100644
--- a/sntp/tests/run-packetProcessing.c
+++ b/sntp/tests/run-packetProcessing.c

@@ -47,6 +47,7 @@ extern void test_RejectWrongResponseServerMode(void);

extern void test_AcceptNoSentPacketBroadcastMode(void);

extern void test_CorrectUnauthenticatedPacket(void);

extern void test_CorrectAuthenticatedPacketMD5(void);

+extern void test_CorrectAuthenticatedPacketSHAKE128(void);

extern void test_CorrectAuthenticatedPacketSHA1(void);

extern void test_CorrectAuthenticatedPacketCMAC(void);

@@ -77,25 +78,26 @@ int main(int argc, char *argv[])

progname = argv[0];

suite_setup();

UnityBegin("packetProcessing.c");

- RUN_TEST(test_TooShortLength, 23);

- RUN_TEST(test_LengthNotMultipleOfFour, 24);

- RUN_TEST(test_TooShortExtensionFieldLength, 25);

- RUN_TEST(test_UnauthenticatedPacketReject, 26);

- RUN_TEST(test_CryptoNAKPacketReject, 27);

- RUN_TEST(test_AuthenticatedPacketInvalid, 28);

- RUN_TEST(test_AuthenticatedPacketUnknownKey, 29);

- RUN_TEST(test_ServerVersionTooOld, 30);

- RUN_TEST(test_ServerVersionTooNew, 31);

- RUN_TEST(test_NonWantedMode, 32);

- RUN_TEST(test_KoDRate, 33);

- RUN_TEST(test_KoDDeny, 34);

- RUN_TEST(test_RejectUnsyncedServer, 35);

- RUN_TEST(test_RejectWrongResponseServerMode, 36);

- RUN_TEST(test_AcceptNoSentPacketBroadcastMode, 37);

- RUN_TEST(test_CorrectUnauthenticatedPacket, 38);

- RUN_TEST(test_CorrectAuthenticatedPacketMD5, 39);

- RUN_TEST(test_CorrectAuthenticatedPacketSHA1, 40);

- RUN_TEST(test_CorrectAuthenticatedPacketCMAC, 41);

+ RUN_TEST(test_TooShortLength, 20);

+ RUN_TEST(test_LengthNotMultipleOfFour, 21);

+ RUN_TEST(test_TooShortExtensionFieldLength, 22);

+ RUN_TEST(test_UnauthenticatedPacketReject, 23);

+ RUN_TEST(test_CryptoNAKPacketReject, 24);

+ RUN_TEST(test_AuthenticatedPacketInvalid, 25);

+ RUN_TEST(test_AuthenticatedPacketUnknownKey, 26);

+ RUN_TEST(test_ServerVersionTooOld, 27);

+ RUN_TEST(test_ServerVersionTooNew, 28);

+ RUN_TEST(test_NonWantedMode, 29);

+ RUN_TEST(test_KoDRate, 30);

+ RUN_TEST(test_KoDDeny, 31);

+ RUN_TEST(test_RejectUnsyncedServer, 32);

+ RUN_TEST(test_RejectWrongResponseServerMode, 33);

+ RUN_TEST(test_AcceptNoSentPacketBroadcastMode, 34);

+ RUN_TEST(test_CorrectUnauthenticatedPacket, 35);

+ RUN_TEST(test_CorrectAuthenticatedPacketMD5, 36);

+ RUN_TEST(test_CorrectAuthenticatedPacketSHAKE128, 37);

+ RUN_TEST(test_CorrectAuthenticatedPacketSHA1, 38);

+ RUN_TEST(test_CorrectAuthenticatedPacketCMAC, 39);

return (UnityEnd());

}