1 #include "incs.h"
2
3 #include <openssl/hmac.h>
4
5 /*
6 * Message-Authenticator attribute
7 */
8
test23(void)9 void test23(void)
10 {
11 RADIUS_PACKET *packet;
12 RADIUS_PACKET *response;
13 HMAC_CTX *ctx;
14
15 uint8_t packetdata[] = {
16 RADIUS_CODE_ACCESS_REQUEST, 0x7f, 0, 48,
17 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */
18 RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
19 10, 10, 'h', 'o', 'g', 'e', 'f', 'u', 'g', 'a',
20 };
21 uint8_t responsedata[] = {
22 RADIUS_CODE_ACCESS_ACCEPT, 0x7f, 0, 49,
23 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */
24 RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
25 10, 11, 'f', 'o', 'o', 'b', 'a', 'r', 'b', 'a', 'z',
26 };
27
28 packet = radius_new_request_packet(RADIUS_CODE_ACCESS_REQUEST);
29 radius_set_id(packet, 0x7f);
30 radius_put_string_attr(packet, 10, "hogefuga");
31 radius_put_message_authenticator(packet, "sharedsecret");
32
33 radius_get_authenticator(packet, packetdata + 4);
34 HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + 22, NULL);
35
36 CHECK(radius_get_length(packet) == sizeof(packetdata));
37 CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0);
38 CHECK(radius_check_message_authenticator(packet, "sharedsecret") == 0);
39
40 response = radius_new_response_packet(RADIUS_CODE_ACCESS_ACCEPT, packet);
41 radius_put_string_attr(response, 10, "foobarbaz");
42 radius_put_message_authenticator(response, "sharedsecret");
43
44 radius_get_authenticator(response, responsedata + 4);
45 ctx = HMAC_CTX_new();
46 HMAC_Init_ex(ctx, "sharedsecret", 12, EVP_md5(), NULL);
47 HMAC_Update(ctx, responsedata, 4);
48 HMAC_Update(ctx, packetdata + 4, 16);
49 HMAC_Update(ctx, responsedata + 20, sizeof(responsedata) - 20);
50 HMAC_Final(ctx, responsedata + 22, NULL);
51 HMAC_CTX_free(ctx);
52
53 CHECK(radius_get_length(response) == sizeof(responsedata));
54 CHECK(memcmp(radius_get_data(response), responsedata, sizeof(responsedata)) == 0);
55 CHECK(radius_check_message_authenticator(response, "sharedsecret") == 0);
56
57 radius_set_raw_attr(packet, 10, "hogefuge", 8);
58 CHECK(radius_check_message_authenticator(packet, "sharedsecret") != 0);
59 radius_set_raw_attr(response, 10, "zapzapzap", 9);
60 CHECK(radius_check_message_authenticator(response, "sharedsecret") != 0);
61
62 radius_set_raw_attr(packet, 10, "hogefuga", 8);
63 radius_set_id(packet, 0xff);
64 radius_set_message_authenticator(packet, "sharedsecret");
65 packetdata[1] = 0xff;
66 memset(packetdata + 22, 0, 16);
67 HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + 22, NULL);
68 CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0);
69 }
70
71 ADD_TEST(test23)
72