aboutsummaryrefslogtreecommitdiff
path: root/sntp/tests/packetProcessing.c
diff options
context:
space:
mode:
Diffstat (limited to 'sntp/tests/packetProcessing.c')
-rw-r--r--sntp/tests/packetProcessing.c168
1 files changed, 113 insertions, 55 deletions
diff --git a/sntp/tests/packetProcessing.c b/sntp/tests/packetProcessing.c
index 53c454a9f064..0e7fedee271c 100644
--- a/sntp/tests/packetProcessing.c
+++ b/sntp/tests/packetProcessing.c
@@ -15,7 +15,6 @@ extern int key_cnt;
void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq);
-void PrepareAuthenticationTestMD5(int key_id,int key_len,const void* key_seq);
void setUp(void);
void tearDown(void);
void test_TooShortLength(void);
@@ -35,14 +34,15 @@ void test_RejectWrongResponseServerMode(void);
void test_AcceptNoSentPacketBroadcastMode(void);
void test_CorrectUnauthenticatedPacket(void);
void test_CorrectAuthenticatedPacketMD5(void);
+void test_CorrectAuthenticatedPacketSHAKE128(void);
void test_CorrectAuthenticatedPacketSHA1(void);
void test_CorrectAuthenticatedPacketCMAC(void);
/* [Bug 2998] There are some issues whith the definition of 'struct pkt'
* when AUTOKEY is undefined -- the formal struct is too small to hold
* all the extension fields that are going to be tested. We have to make
- * sure we have the extra bytes, or the test yield undefined results due
- * to buffer overrun.
+ * sure we have the extra bytes, or the test yields undefined results due
+ * to buffer overrun.
*/
#ifndef AUTOKEY
# define EXTRA_BUFSIZE 256
@@ -53,7 +53,7 @@ void test_CorrectAuthenticatedPacketCMAC(void);
union tpkt {
struct pkt p;
u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE];
-};
+};
static union tpkt testpkt;
static union tpkt testspkt;
@@ -70,35 +70,28 @@ PrepareAuthenticationTest(
)
{
char str[25];
- snprintf(str, 25, "%d", key_id);
+
+ snprintf(str, sizeof(str), "%d", key_id);
ActivateOption("-a", str);
key_cnt = 1;
- key_ptr = emalloc(sizeof(struct key));
+ if (NULL == key_ptr) {
+ key_ptr = emalloc(sizeof(*key_ptr));
+ }
key_ptr->next = NULL;
key_ptr->key_id = key_id;
key_ptr->key_len = key_len;
- memcpy(key_ptr->typen, type, strlen(type) + 1);
+ strncpy(key_ptr->typen, type, sizeof(key_ptr->typen));
TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));
- memcpy(key_ptr->key_seq, key_seq, key_ptr->key_len);
+ memcpy(key_ptr->key_seq, key_seq,
+ min(key_len, sizeof(key_ptr->key_seq)));
restoreKeyDb = true;
}
void
-PrepareAuthenticationTestMD5(
- int key_id,
- int key_len,
- const void * key_seq
- )
-{
- PrepareAuthenticationTest(key_id, key_len, "MD5", key_seq);
-}
-
-
-void
setUp(void)
{
@@ -109,7 +102,7 @@ setUp(void)
* so they contain at least some valid data.
*/
testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION,
- MODE_SERVER);
+ MODE_SERVER);
testpkt.p.stratum = STRATUM_REFCLOCK;
memcpy(&testpkt.p.refid, "GPS\0", 4);
@@ -127,7 +120,7 @@ setUp(void)
void
tearDown(void)
-{
+{
if (restoreKeyDb) {
key_cnt = 0;
free(key_ptr);
@@ -171,7 +164,7 @@ test_TooShortExtensionFieldLength(void)
* still...
*/
uint32_t * pe = testpkt.p.exten + 7;
-
+
/* The lower 16-bits are the length of the extension field.
* This lengths must be multiples of 4 bytes, which gives
* a minimum of 4 byte extension field length.
@@ -224,19 +217,20 @@ test_CryptoNAKPacketReject(void)
void
test_AuthenticatedPacketInvalid(void)
{
+#ifdef OPENSSL
+ size_t pkt_len = LEN_PKT_NOMAC;
+ size_t mac_len;
+
/* Activate authentication option */
- PrepareAuthenticationTestMD5(50, 9, "123456789");
+ PrepareAuthenticationTest(50, 9, "SHAKE128", "123456789");
TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
-
- /* Prepare the packet. */
- int pkt_len = LEN_PKT_NOMAC;
+ /* Prepare the packet. */
testpkt.p.exten[0] = htonl(50);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MDG_LEN);
- pkt_len += 4 + mac_len;
+ pkt_len += KEY_MAC_LEN + mac_len;
/* Now, alter the MAC so it becomes invalid. */
testpkt.p.exten[1] += 1;
@@ -244,30 +238,43 @@ test_AuthenticatedPacketInvalid(void)
TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
void
test_AuthenticatedPacketUnknownKey(void)
{
+#ifdef OPENSSL
+ size_t pkt_len = LEN_PKT_NOMAC;
+ size_t mac_len;
+
/* Activate authentication option */
- PrepareAuthenticationTestMD5(30, 9, "123456789");
+ PrepareAuthenticationTest(30, 9, "SHAKE128", "123456789");
TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
-
+
/* Prepare the packet. Note that the Key-ID expected is 30, but
* the packet has a key id of 50.
*/
- int pkt_len = LEN_PKT_NOMAC;
-
testpkt.p.exten[0] = htonl(50);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MDG_LEN);
pkt_len += KEY_MAC_LEN + mac_len;
TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
@@ -282,7 +289,7 @@ test_ServerVersionTooOld(void)
TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION);
int pkt_len = LEN_PKT_NOMAC;
-
+
TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
@@ -418,44 +425,96 @@ test_CorrectUnauthenticatedPacket(void)
void
test_CorrectAuthenticatedPacketMD5(void)
{
- PrepareAuthenticationTestMD5(10, 15, "123456789abcdef");
+#ifdef OPENSSL
+
+ keyid_t k_id = 10;
+ int pkt_len = LEN_PKT_NOMAC;
+ int mac_len;
+
+ PrepareAuthenticationTest(k_id, 15, "MD5", "123456789abcdef");
TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
+ /* Prepare the packet. */
+ testpkt.p.exten[0] = htonl(k_id);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MDG_LEN);
+
+ /* TODO: Should not expect failure if non-FIPS OpenSSL */
+ TEST_EXPECT_FAIL_MESSAGE("FIPS OpenSSL bars MD5");
+
+ pkt_len += KEY_MAC_LEN + mac_len;
+
+ TEST_ASSERT_EQUAL(pkt_len,
+ process_pkt(&testpkt.p, &testsock, pkt_len,
+ MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
+}
+
+
+void
+test_CorrectAuthenticatedPacketSHAKE128(void)
+{
+#ifdef OPENSSL
+
+ keyid_t k_id = 10;
int pkt_len = LEN_PKT_NOMAC;
+ int mac_len;
+
+ PrepareAuthenticationTest(k_id, 15, "SHAKE128", "123456789abcdef");
+ TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
/* Prepare the packet. */
- testpkt.p.exten[0] = htonl(10);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ testpkt.p.exten[0] = htonl(k_id);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1],
+ SHAKE128_LENGTH);
pkt_len += KEY_MAC_LEN + mac_len;
TEST_ASSERT_EQUAL(pkt_len,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
void
test_CorrectAuthenticatedPacketSHA1(void)
{
- PrepareAuthenticationTest(20, 15, "SHA1", "abcdefghijklmno");
- TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
+#ifdef OPENSSL
+ keyid_t k_id = 20;
int pkt_len = LEN_PKT_NOMAC;
+ int mac_len;
+
+ PrepareAuthenticationTest(k_id, 15, "SHA1", "abcdefghijklmno");
+ TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
/* Prepare the packet. */
- testpkt.p.exten[0] = htonl(20);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MDG_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ testpkt.p.exten[0] = htonl(k_id);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1],
+ SHA1_LENGTH);
pkt_len += KEY_MAC_LEN + mac_len;
TEST_ASSERT_EQUAL(pkt_len,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
@@ -471,9 +530,8 @@ test_CorrectAuthenticatedPacketCMAC(void)
/* Prepare the packet. */
testpkt.p.exten[0] = htonl(30);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ int mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MAC_LEN);
pkt_len += 4 + mac_len;
@@ -482,9 +540,9 @@ test_CorrectAuthenticatedPacketCMAC(void)
MODE_SERVER, &testspkt.p, "UnitTest"));
#else
-
- TEST_IGNORE_MESSAGE("OpenSSL CMAC not used, skipping...");
-
+
+ TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");
+
#endif /* OPENSSL */
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 12:13:37 +0000