aboutsummaryrefslogtreecommitdiff
path: root/sntp/tests/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'sntp/tests/crypto.c')
-rw-r--r--sntp/tests/crypto.c235
1 files changed, 145 insertions, 90 deletions
diff --git a/sntp/tests/crypto.c b/sntp/tests/crypto.c
index 8ecd74368011..509efe79c3a2 100644
--- a/sntp/tests/crypto.c
+++ b/sntp/tests/crypto.c
@@ -7,15 +7,14 @@
#define CMAC "AES128CMAC"
-#define MD5_LENGTH 16
#define SHA1_LENGTH 20
#define CMAC_LENGTH 16
-void test_MakeMd5Mac(void);
+void test_MakeSHAKE128Mac(void);
void test_MakeSHA1Mac(void);
void test_MakeCMac(void);
-void test_VerifyCorrectMD5(void);
+void test_VerifySHAKE128(void);
void test_VerifySHA1(void);
void test_VerifyCMAC(void);
void test_VerifyFailure(void);
@@ -26,26 +25,36 @@ void VerifyOpenSSLCMAC(struct key *cmac);
void
-test_MakeMd5Mac(void)
+test_MakeSHAKE128Mac(void)
{
- const char* PKT_DATA = "abcdefgh0123";
- const int PKT_LEN = strlen(PKT_DATA);
- const char* EXPECTED_DIGEST =
- "\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b";
- char actual[MD5_LENGTH];
-
- struct key md5;
- md5.next = NULL;
- md5.key_id = 10;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5seq", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
-
- TEST_ASSERT_EQUAL(MD5_LENGTH,
- make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
-
- TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);
+#ifdef OPENSSL
+
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata16";
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ u_char actual[sizeof(EXPECTED_DIGEST) - 1];
+ struct key sk;
+
+ sk.next = NULL;
+ sk.key_id = 10;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ TEST_ASSERT_EQUAL(sizeof(actual),
+ make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,
+ sizeof(actual)));
+
+ TEST_ASSERT_EQUAL_HEX8_ARRAY(EXPECTED_DIGEST, actual, sizeof(actual));
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
+
+#endif /* OPENSSL */
}
@@ -70,14 +79,15 @@ test_MakeSHA1Mac(void)
sha1.typei = keytype_from_text(sha1.typen, NULL);
TEST_ASSERT_EQUAL(SHA1_LENGTH,
- make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual));
+ make_mac(PKT_DATA, PKT_LEN, &sha1, actual,
+ SHA1_LENGTH));
TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);
-
+
#else
-
+
TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
-
+
#endif /* OPENSSL */
}
@@ -93,8 +103,8 @@ test_MakeCMac(void)
"\xdd\x35\xd5\xf5\x14\x23\xd9\xd6"
"\x38\x5d\x29\x80\xfe\x51\xb9\x6b";
char actual[CMAC_LENGTH];
-
struct key cmac;
+
cmac.next = NULL;
cmac.key_id = 30;
cmac.key_len = CMAC_LENGTH;
@@ -102,37 +112,53 @@ test_MakeCMac(void)
memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
TEST_ASSERT_EQUAL(CMAC_LENGTH,
- make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual));
+ make_mac(PKT_DATA, PKT_LEN, &cmac, actual, CMAC_LENGTH));
TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);
-
+
#else
-
- TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
-
+
+ TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");
+
#endif /* OPENSSL */
}
void
-test_VerifyCorrectMD5(void)
+test_VerifySHAKE128(void)
{
- const char* PKT_DATA =
- "sometestdata" /* Data */
- "\0\0\0\0" /* Key-ID (unused) */
- "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */
- "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac";
- const int PKT_LEN = 12;
+#ifdef OPENSSL
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata16";
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;
+ struct key sk;
+ u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)
+ + DIGEST_LEN];
+ u_char *p;
+
+ sk.next = NULL;
+ sk.key_id = 0;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ p = PKT_DATA;
+ memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;
+ memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);
+ memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;
+ TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);
+
+ TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));
+#else
- struct key md5;
- md5.next = NULL;
- md5.key_id = 0;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5key", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
- TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
+#endif /* OPENSSL */
}
@@ -147,21 +173,21 @@ test_VerifySHA1(void)
"\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce" /* MAC */
"\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1";
const int PKT_LEN = 12;
-
struct key sha1;
+
sha1.next = NULL;
sha1.key_id = 0;
sha1.key_len = 7;
memcpy(&sha1.key_seq, "sha1key", sha1.key_len);
- strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
+ strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
sha1.typei = keytype_from_text(sha1.typen, NULL);
TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1));
-
+
#else
-
+
TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
-
+
#endif /* OPENSSL */
}
@@ -169,12 +195,6 @@ test_VerifySHA1(void)
void
test_VerifyCMAC(void)
{
- const char* PKT_DATA =
- "sometestdata" /* Data */
- "\0\0\0\0" /* Key-ID (unused) */
- "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf" /* MAC */
- "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b";
- const int PKT_LEN = 12;
struct key cmac;
cmac.next = NULL;
@@ -198,9 +218,9 @@ VerifyOpenSSLCMAC(struct key *cmac)
TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping...");
#else
-
- TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
-
+
+ TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");
+
#endif /* OPENSSL */
return;
}
@@ -222,42 +242,77 @@ VerifyLocalCMAC(struct key *cmac)
void
test_VerifyFailure(void)
{
- /* We use a copy of the MD5 verification code, but modify the
- * last bit to make sure verification fails.
+ /*
+ * We use a copy of test_VerifySHAKE128(), but modify the
+ * last packet octet to make sure verification fails.
*/
- const char* PKT_DATA =
- "sometestdata" /* Data */
- "\0\0\0\0" /* Key-ID (unused) */
- "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */
- "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */
- const int PKT_LEN = 12;
+#ifdef OPENSSL
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata1_";
+ /* last packet byte different */
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;
+ struct key sk;
+ u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)
+ + DIGEST_LEN];
+ u_char *p;
+
+ sk.next = NULL;
+ sk.key_id = 0;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ p = PKT_DATA;
+ memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;
+ memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);
+ memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;
+ TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);
+
+ TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));
+#else
- struct key md5;
- md5.next = NULL;
- md5.key_id = 0;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5key", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
- TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
+#endif /* OPENSSL */
}
void
test_PacketSizeNotMultipleOfFourBytes(void)
{
- const char* PKT_DATA = "123456";
- const int PKT_LEN = 6;
- char actual[MD5_LENGTH];
-
- struct key md5;
- md5.next = NULL;
- md5.key_id = 10;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5seq", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
-
- TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
+ /*
+ * We use a copy of test_MakeSHAKE128Mac(), but modify
+ * the packet length to 17.
+ */
+#ifdef OPENSSL
+
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata_17";
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ u_char actual[sizeof(EXPECTED_DIGEST) - 1];
+ struct key sk;
+
+ sk.next = NULL;
+ sk.key_id = 10;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ TEST_ASSERT_EQUAL(0,
+ make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,
+ sizeof(actual)));
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
+
+#endif /* OPENSSL */
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 08:16:30 +0000