1 #include "config.h"
2 #include "unity.h"
3 #include "ntp_types.h"
4
5 #include "sntptest.h"
6 #include "crypto.h"
7
8 #define CMAC "AES128CMAC"
9
10 #define MD5_LENGTH 16
11 #define SHA1_LENGTH 20
12 #define CMAC_LENGTH 16
13
14
15 void test_MakeMd5Mac(void);
16 void test_MakeSHA1Mac(void);
17 void test_MakeCMac(void);
18 void test_VerifyCorrectMD5(void);
19 void test_VerifySHA1(void);
20 void test_VerifyCMAC(void);
21 void test_VerifyFailure(void);
22 void test_PacketSizeNotMultipleOfFourBytes(void);
23
24 void VerifyLocalCMAC(struct key *cmac);
25 void VerifyOpenSSLCMAC(struct key *cmac);
26
27
28 void
test_MakeMd5Mac(void)29 test_MakeMd5Mac(void)
30 {
31 const char* PKT_DATA = "abcdefgh0123";
32 const int PKT_LEN = strlen(PKT_DATA);
33 const char* EXPECTED_DIGEST =
34 "\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b";
35 char actual[MD5_LENGTH];
36
37 struct key md5;
38 md5.next = NULL;
39 md5.key_id = 10;
40 md5.key_len = 6;
41 memcpy(&md5.key_seq, "md5seq", md5.key_len);
42 strlcpy(md5.typen, "MD5", sizeof(md5.typen));
43 md5.typei = keytype_from_text(md5.typen, NULL);
44
45 TEST_ASSERT_EQUAL(MD5_LENGTH,
46 make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
47
48 TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);
49 }
50
51
52 void
test_MakeSHA1Mac(void)53 test_MakeSHA1Mac(void)
54 {
55 #ifdef OPENSSL
56
57 const char* PKT_DATA = "abcdefgh0123";
58 const int PKT_LEN = strlen(PKT_DATA);
59 const char* EXPECTED_DIGEST =
60 "\x17\xaa\x82\x97\xc7\x17\x13\x6a\x9b\xa9"
61 "\x63\x85\xb4\xce\xbe\x94\xa0\x97\x16\x1d";
62 char actual[SHA1_LENGTH];
63
64 struct key sha1;
65 sha1.next = NULL;
66 sha1.key_id = 20;
67 sha1.key_len = 7;
68 memcpy(&sha1.key_seq, "sha1seq", sha1.key_len);
69 strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
70 sha1.typei = keytype_from_text(sha1.typen, NULL);
71
72 TEST_ASSERT_EQUAL(SHA1_LENGTH,
73 make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual));
74
75 TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);
76
77 #else
78
79 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
80
81 #endif /* OPENSSL */
82 }
83
84
85 void
test_MakeCMac(void)86 test_MakeCMac(void)
87 {
88 #if defined(OPENSSL) && defined(ENABLE_CMAC)
89
90 const char* PKT_DATA = "abcdefgh0123";
91 const int PKT_LEN = strlen(PKT_DATA);
92 const char* EXPECTED_DIGEST =
93 "\xdd\x35\xd5\xf5\x14\x23\xd9\xd6"
94 "\x38\x5d\x29\x80\xfe\x51\xb9\x6b";
95 char actual[CMAC_LENGTH];
96
97 struct key cmac;
98 cmac.next = NULL;
99 cmac.key_id = 30;
100 cmac.key_len = CMAC_LENGTH;
101 memcpy(&cmac.key_seq, "aes-128-cmac-seq", cmac.key_len);
102 memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
103
104 TEST_ASSERT_EQUAL(CMAC_LENGTH,
105 make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual));
106
107 TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);
108
109 #else
110
111 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
112
113 #endif /* OPENSSL */
114 }
115
116
117 void
test_VerifyCorrectMD5(void)118 test_VerifyCorrectMD5(void)
119 {
120 const char* PKT_DATA =
121 "sometestdata" /* Data */
122 "\0\0\0\0" /* Key-ID (unused) */
123 "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */
124 "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac";
125 const int PKT_LEN = 12;
126
127 struct key md5;
128 md5.next = NULL;
129 md5.key_id = 0;
130 md5.key_len = 6;
131 memcpy(&md5.key_seq, "md5key", md5.key_len);
132 strlcpy(md5.typen, "MD5", sizeof(md5.typen));
133 md5.typei = keytype_from_text(md5.typen, NULL);
134
135 TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
136 }
137
138
139 void
test_VerifySHA1(void)140 test_VerifySHA1(void)
141 {
142 #ifdef OPENSSL
143
144 const char* PKT_DATA =
145 "sometestdata" /* Data */
146 "\0\0\0\0" /* Key-ID (unused) */
147 "\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce" /* MAC */
148 "\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1";
149 const int PKT_LEN = 12;
150
151 struct key sha1;
152 sha1.next = NULL;
153 sha1.key_id = 0;
154 sha1.key_len = 7;
155 memcpy(&sha1.key_seq, "sha1key", sha1.key_len);
156 strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
157 sha1.typei = keytype_from_text(sha1.typen, NULL);
158
159 TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1));
160
161 #else
162
163 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
164
165 #endif /* OPENSSL */
166 }
167
168
169 void
test_VerifyCMAC(void)170 test_VerifyCMAC(void)
171 {
172 const char* PKT_DATA =
173 "sometestdata" /* Data */
174 "\0\0\0\0" /* Key-ID (unused) */
175 "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf" /* MAC */
176 "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b";
177 const int PKT_LEN = 12;
178 struct key cmac;
179
180 cmac.next = NULL;
181 cmac.key_id = 0;
182 cmac.key_len = CMAC_LENGTH;
183 memcpy(&cmac.key_seq, "aes-128-cmac-key", cmac.key_len);
184 memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
185
186 VerifyOpenSSLCMAC(&cmac);
187 VerifyLocalCMAC(&cmac);
188 }
189
190
191 void
VerifyOpenSSLCMAC(struct key * cmac)192 VerifyOpenSSLCMAC(struct key *cmac)
193 {
194 #if defined(OPENSSL) && defined(ENABLE_CMAC)
195
196 /* XXX: HMS: auth_md5 must be renamed/incorrect. */
197 // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac));
198 TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping...");
199
200 #else
201
202 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
203
204 #endif /* OPENSSL */
205 return;
206 }
207
208
209 void
VerifyLocalCMAC(struct key * cmac)210 VerifyLocalCMAC(struct key *cmac)
211 {
212
213 /* XXX: HMS: auth_md5 must be renamed/incorrect. */
214 // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac));
215
216 TEST_IGNORE_MESSAGE("Hook in the local AES-128-CMAC check!");
217
218 return;
219 }
220
221
222 void
test_VerifyFailure(void)223 test_VerifyFailure(void)
224 {
225 /* We use a copy of the MD5 verification code, but modify the
226 * last bit to make sure verification fails.
227 */
228 const char* PKT_DATA =
229 "sometestdata" /* Data */
230 "\0\0\0\0" /* Key-ID (unused) */
231 "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */
232 "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */
233 const int PKT_LEN = 12;
234
235 struct key md5;
236 md5.next = NULL;
237 md5.key_id = 0;
238 md5.key_len = 6;
239 memcpy(&md5.key_seq, "md5key", md5.key_len);
240 strlcpy(md5.typen, "MD5", sizeof(md5.typen));
241 md5.typei = keytype_from_text(md5.typen, NULL);
242
243 TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
244 }
245
246
247 void
test_PacketSizeNotMultipleOfFourBytes(void)248 test_PacketSizeNotMultipleOfFourBytes(void)
249 {
250 const char* PKT_DATA = "123456";
251 const int PKT_LEN = 6;
252 char actual[MD5_LENGTH];
253
254 struct key md5;
255 md5.next = NULL;
256 md5.key_id = 10;
257 md5.key_len = 6;
258 memcpy(&md5.key_seq, "md5seq", md5.key_len);
259 strlcpy(md5.typen, "MD5", sizeof(md5.typen));
260 md5.typei = keytype_from_text(md5.typen, NULL);
261
262 TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
263 }
264