1276da39aSCy Schubert #include "config.h" 268ba7e87SXin LI 3276da39aSCy Schubert #include "sntptest.h" 4276da39aSCy Schubert #include "networking.h" 5276da39aSCy Schubert #include "ntp_stdlib.h" 6276da39aSCy Schubert #include "unity.h" 7276da39aSCy Schubert 809100258SXin LI #define CMAC "AES128CMAC" 909100258SXin LI #define CMAC_LENGTH 16 1009100258SXin LI 119034852cSGleb Smirnoff 12f391d6bcSXin LI /* Hacks into the key database. */ 13276da39aSCy Schubert extern struct key* key_ptr; 14276da39aSCy Schubert extern int key_cnt; 15276da39aSCy Schubert 16276da39aSCy Schubert 179034852cSGleb Smirnoff void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq); 189034852cSGleb Smirnoff void setUp(void); 199034852cSGleb Smirnoff void tearDown(void); 209034852cSGleb Smirnoff void test_TooShortLength(void); 219034852cSGleb Smirnoff void test_LengthNotMultipleOfFour(void); 229034852cSGleb Smirnoff void test_TooShortExtensionFieldLength(void); 239034852cSGleb Smirnoff void test_UnauthenticatedPacketReject(void); 249034852cSGleb Smirnoff void test_CryptoNAKPacketReject(void); 259034852cSGleb Smirnoff void test_AuthenticatedPacketInvalid(void); 269034852cSGleb Smirnoff void test_AuthenticatedPacketUnknownKey(void); 279034852cSGleb Smirnoff void test_ServerVersionTooOld(void); 289034852cSGleb Smirnoff void test_ServerVersionTooNew(void); 299034852cSGleb Smirnoff void test_NonWantedMode(void); 309034852cSGleb Smirnoff void test_KoDRate(void); 319034852cSGleb Smirnoff void test_KoDDeny(void); 329034852cSGleb Smirnoff void test_RejectUnsyncedServer(void); 339034852cSGleb Smirnoff void test_RejectWrongResponseServerMode(void); 349034852cSGleb Smirnoff void test_AcceptNoSentPacketBroadcastMode(void); 359034852cSGleb Smirnoff void test_CorrectUnauthenticatedPacket(void); 369034852cSGleb Smirnoff void test_CorrectAuthenticatedPacketMD5(void); 37*f5f40dd6SCy Schubert void test_CorrectAuthenticatedPacketSHAKE128(void); 389034852cSGleb Smirnoff void test_CorrectAuthenticatedPacketSHA1(void); 3909100258SXin LI void test_CorrectAuthenticatedPacketCMAC(void); 409034852cSGleb Smirnoff 41f391d6bcSXin LI /* [Bug 2998] There are some issues whith the definition of 'struct pkt' 42f391d6bcSXin LI * when AUTOKEY is undefined -- the formal struct is too small to hold 43f391d6bcSXin LI * all the extension fields that are going to be tested. We have to make 44*f5f40dd6SCy Schubert * sure we have the extra bytes, or the test yields undefined results due 45f391d6bcSXin LI * to buffer overrun. 46f391d6bcSXin LI */ 47f391d6bcSXin LI #ifndef AUTOKEY 48f391d6bcSXin LI # define EXTRA_BUFSIZE 256 49f391d6bcSXin LI #else 50f391d6bcSXin LI # define EXTRA_BUFSIZE 0 51f391d6bcSXin LI #endif 529034852cSGleb Smirnoff 53f391d6bcSXin LI union tpkt { 54f391d6bcSXin LI struct pkt p; 55f391d6bcSXin LI u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE]; 56f391d6bcSXin LI }; 57f391d6bcSXin LI 58f391d6bcSXin LI static union tpkt testpkt; 59f391d6bcSXin LI static union tpkt testspkt; 60276da39aSCy Schubert static sockaddr_u testsock; 61276da39aSCy Schubert bool restoreKeyDb; 62276da39aSCy Schubert 639034852cSGleb Smirnoff 649034852cSGleb Smirnoff void 6568ba7e87SXin LI PrepareAuthenticationTest( 6668ba7e87SXin LI int key_id, 67276da39aSCy Schubert int key_len, 68276da39aSCy Schubert const char * type, 6968ba7e87SXin LI const void * key_seq 7068ba7e87SXin LI ) 7168ba7e87SXin LI { 72276da39aSCy Schubert char str[25]; 73*f5f40dd6SCy Schubert 74*f5f40dd6SCy Schubert snprintf(str, sizeof(str), "%d", key_id); 75276da39aSCy Schubert ActivateOption("-a", str); 76276da39aSCy Schubert 77276da39aSCy Schubert key_cnt = 1; 78*f5f40dd6SCy Schubert if (NULL == key_ptr) { 79*f5f40dd6SCy Schubert key_ptr = emalloc(sizeof(*key_ptr)); 80*f5f40dd6SCy Schubert } 81276da39aSCy Schubert key_ptr->next = NULL; 82276da39aSCy Schubert key_ptr->key_id = key_id; 83276da39aSCy Schubert key_ptr->key_len = key_len; 84*f5f40dd6SCy Schubert strncpy(key_ptr->typen, type, sizeof(key_ptr->typen)); 85276da39aSCy Schubert 86276da39aSCy Schubert TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq)); 87276da39aSCy Schubert 88*f5f40dd6SCy Schubert memcpy(key_ptr->key_seq, key_seq, 89*f5f40dd6SCy Schubert min(key_len, sizeof(key_ptr->key_seq))); 90276da39aSCy Schubert restoreKeyDb = true; 91276da39aSCy Schubert } 92276da39aSCy Schubert 939034852cSGleb Smirnoff 949034852cSGleb Smirnoff void 9568ba7e87SXin LI setUp(void) 9668ba7e87SXin LI { 97276da39aSCy Schubert 98276da39aSCy Schubert sntptest(); 99276da39aSCy Schubert restoreKeyDb = false; 100276da39aSCy Schubert 101276da39aSCy Schubert /* Initialize the test packet and socket, 10268ba7e87SXin LI * so they contain at least some valid data. 10368ba7e87SXin LI */ 104f391d6bcSXin LI testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION, 105276da39aSCy Schubert MODE_SERVER); 106f391d6bcSXin LI testpkt.p.stratum = STRATUM_REFCLOCK; 107f391d6bcSXin LI memcpy(&testpkt.p.refid, "GPS\0", 4); 108276da39aSCy Schubert 109276da39aSCy Schubert /* Set the origin timestamp of the received packet to the 11068ba7e87SXin LI * same value as the transmit timestamp of the sent packet. 11168ba7e87SXin LI */ 112276da39aSCy Schubert l_fp tmp; 113276da39aSCy Schubert tmp.l_ui = 1000UL; 114276da39aSCy Schubert tmp.l_uf = 0UL; 115276da39aSCy Schubert 116f391d6bcSXin LI HTONL_FP(&tmp, &testpkt.p.org); 117f391d6bcSXin LI HTONL_FP(&tmp, &testspkt.p.xmt); 118276da39aSCy Schubert } 119276da39aSCy Schubert 1209034852cSGleb Smirnoff 1219034852cSGleb Smirnoff void 12268ba7e87SXin LI tearDown(void) 12368ba7e87SXin LI { 124276da39aSCy Schubert if (restoreKeyDb) { 125276da39aSCy Schubert key_cnt = 0; 126276da39aSCy Schubert free(key_ptr); 127276da39aSCy Schubert key_ptr = NULL; 128276da39aSCy Schubert } 129276da39aSCy Schubert 13068ba7e87SXin LI sntptest_destroy(); /* only on the final test!! if counter == 0 etc... */ 131276da39aSCy Schubert } 132276da39aSCy Schubert 133276da39aSCy Schubert 1349034852cSGleb Smirnoff void 13568ba7e87SXin LI test_TooShortLength(void) 13668ba7e87SXin LI { 137276da39aSCy Schubert TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 138f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC - 1, 139f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 140276da39aSCy Schubert TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 141f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC - 1, 142f391d6bcSXin LI MODE_BROADCAST, &testspkt.p, "UnitTest")); 143276da39aSCy Schubert } 144276da39aSCy Schubert 1459034852cSGleb Smirnoff 1469034852cSGleb Smirnoff void 14768ba7e87SXin LI test_LengthNotMultipleOfFour(void) 14868ba7e87SXin LI { 149276da39aSCy Schubert TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 150f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC + 6, 151f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 152276da39aSCy Schubert TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 153f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC + 3, 154f391d6bcSXin LI MODE_BROADCAST, &testspkt.p, "UnitTest")); 155276da39aSCy Schubert } 156276da39aSCy Schubert 1579034852cSGleb Smirnoff 1589034852cSGleb Smirnoff void 15968ba7e87SXin LI test_TooShortExtensionFieldLength(void) 16068ba7e87SXin LI { 161f391d6bcSXin LI /* [Bug 2998] We have to get around the formal specification of 162f391d6bcSXin LI * the extension field if AUTOKEY is undefined. (At least CLANG 163f391d6bcSXin LI * issues a warning in this case. It's just a warning, but 164f391d6bcSXin LI * still... 165f391d6bcSXin LI */ 166f391d6bcSXin LI uint32_t * pe = testpkt.p.exten + 7; 167f391d6bcSXin LI 168276da39aSCy Schubert /* The lower 16-bits are the length of the extension field. 169276da39aSCy Schubert * This lengths must be multiples of 4 bytes, which gives 17068ba7e87SXin LI * a minimum of 4 byte extension field length. 17168ba7e87SXin LI */ 172f391d6bcSXin LI *pe = htonl(3); /* 3 bytes is too short. */ 173276da39aSCy Schubert 174276da39aSCy Schubert /* We send in a pkt_len of header size + 4 byte extension 175276da39aSCy Schubert * header + 24 byte MAC, this prevents the length error to 17668ba7e87SXin LI * be caught at an earlier stage 17768ba7e87SXin LI */ 178276da39aSCy Schubert int pkt_len = LEN_PKT_NOMAC + 4 + 24; 179276da39aSCy Schubert 180276da39aSCy Schubert TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 181f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 182f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 183276da39aSCy Schubert } 184276da39aSCy Schubert 1859034852cSGleb Smirnoff 1869034852cSGleb Smirnoff void 18768ba7e87SXin LI test_UnauthenticatedPacketReject(void) 18868ba7e87SXin LI { 18968ba7e87SXin LI /* Activate authentication option */ 190276da39aSCy Schubert ActivateOption("-a", "123"); 191276da39aSCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 192276da39aSCy Schubert 193276da39aSCy Schubert int pkt_len = LEN_PKT_NOMAC; 194276da39aSCy Schubert 19568ba7e87SXin LI /* We demand authentication, but no MAC header is present. */ 196276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 197f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 198f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 199276da39aSCy Schubert } 200276da39aSCy Schubert 2019034852cSGleb Smirnoff 2029034852cSGleb Smirnoff void 20368ba7e87SXin LI test_CryptoNAKPacketReject(void) 20468ba7e87SXin LI { 20568ba7e87SXin LI /* Activate authentication option */ 206276da39aSCy Schubert ActivateOption("-a", "123"); 207276da39aSCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 208276da39aSCy Schubert 20968ba7e87SXin LI int pkt_len = LEN_PKT_NOMAC + 4; /* + 4 byte MAC = Crypto-NAK */ 210276da39aSCy Schubert 211276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 212f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 213f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 214276da39aSCy Schubert } 215276da39aSCy Schubert 2169034852cSGleb Smirnoff 2179034852cSGleb Smirnoff void 21868ba7e87SXin LI test_AuthenticatedPacketInvalid(void) 21968ba7e87SXin LI { 220*f5f40dd6SCy Schubert #ifdef OPENSSL 221*f5f40dd6SCy Schubert size_t pkt_len = LEN_PKT_NOMAC; 222*f5f40dd6SCy Schubert size_t mac_len; 223*f5f40dd6SCy Schubert 22468ba7e87SXin LI /* Activate authentication option */ 225*f5f40dd6SCy Schubert PrepareAuthenticationTest(50, 9, "SHAKE128", "123456789"); 226276da39aSCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 227276da39aSCy Schubert 22868ba7e87SXin LI /* Prepare the packet. */ 229f391d6bcSXin LI testpkt.p.exten[0] = htonl(50); 230*f5f40dd6SCy Schubert mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 231*f5f40dd6SCy Schubert &testpkt.p.exten[1], MAX_MDG_LEN); 232276da39aSCy Schubert 233*f5f40dd6SCy Schubert pkt_len += KEY_MAC_LEN + mac_len; 234276da39aSCy Schubert 23568ba7e87SXin LI /* Now, alter the MAC so it becomes invalid. */ 236f391d6bcSXin LI testpkt.p.exten[1] += 1; 237276da39aSCy Schubert 238276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 239f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 240f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 241*f5f40dd6SCy Schubert 242*f5f40dd6SCy Schubert #else 243*f5f40dd6SCy Schubert 244*f5f40dd6SCy Schubert TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 245*f5f40dd6SCy Schubert 246*f5f40dd6SCy Schubert #endif 247276da39aSCy Schubert } 248276da39aSCy Schubert 2499034852cSGleb Smirnoff 2509034852cSGleb Smirnoff void 25168ba7e87SXin LI test_AuthenticatedPacketUnknownKey(void) 25268ba7e87SXin LI { 253*f5f40dd6SCy Schubert #ifdef OPENSSL 254*f5f40dd6SCy Schubert size_t pkt_len = LEN_PKT_NOMAC; 255*f5f40dd6SCy Schubert size_t mac_len; 256*f5f40dd6SCy Schubert 25768ba7e87SXin LI /* Activate authentication option */ 258*f5f40dd6SCy Schubert PrepareAuthenticationTest(30, 9, "SHAKE128", "123456789"); 259276da39aSCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 260276da39aSCy Schubert 26168ba7e87SXin LI /* Prepare the packet. Note that the Key-ID expected is 30, but 26268ba7e87SXin LI * the packet has a key id of 50. 26368ba7e87SXin LI */ 264f391d6bcSXin LI testpkt.p.exten[0] = htonl(50); 265*f5f40dd6SCy Schubert mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 266*f5f40dd6SCy Schubert &testpkt.p.exten[1], MAX_MDG_LEN); 26709100258SXin LI pkt_len += KEY_MAC_LEN + mac_len; 268276da39aSCy Schubert 269276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 270f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 271f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 272*f5f40dd6SCy Schubert 273*f5f40dd6SCy Schubert #else 274*f5f40dd6SCy Schubert 275*f5f40dd6SCy Schubert TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 276*f5f40dd6SCy Schubert 277*f5f40dd6SCy Schubert #endif 278276da39aSCy Schubert } 279276da39aSCy Schubert 2809034852cSGleb Smirnoff 2819034852cSGleb Smirnoff void 28268ba7e87SXin LI test_ServerVersionTooOld(void) 28368ba7e87SXin LI { 284276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 285276da39aSCy Schubert 286f391d6bcSXin LI testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 287276da39aSCy Schubert NTP_OLDVERSION - 1, 288276da39aSCy Schubert MODE_CLIENT); 289f391d6bcSXin LI TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION); 290276da39aSCy Schubert 291276da39aSCy Schubert int pkt_len = LEN_PKT_NOMAC; 292276da39aSCy Schubert 293276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 294f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 295f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 296276da39aSCy Schubert } 297276da39aSCy Schubert 2989034852cSGleb Smirnoff 2999034852cSGleb Smirnoff void 30068ba7e87SXin LI test_ServerVersionTooNew(void) 30168ba7e87SXin LI { 302276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 303276da39aSCy Schubert 304f391d6bcSXin LI testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 305276da39aSCy Schubert NTP_VERSION + 1, 306276da39aSCy Schubert MODE_CLIENT); 307f391d6bcSXin LI TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) > NTP_VERSION); 308276da39aSCy Schubert 309276da39aSCy Schubert int pkt_len = LEN_PKT_NOMAC; 310276da39aSCy Schubert 311276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 312f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 313f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 314276da39aSCy Schubert } 315276da39aSCy Schubert 3169034852cSGleb Smirnoff 3179034852cSGleb Smirnoff void 31868ba7e87SXin LI test_NonWantedMode(void) 31968ba7e87SXin LI { 320276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 321276da39aSCy Schubert 322f391d6bcSXin LI testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 323276da39aSCy Schubert NTP_VERSION, 324276da39aSCy Schubert MODE_CLIENT); 325276da39aSCy Schubert 32668ba7e87SXin LI /* The packet has a mode of MODE_CLIENT, but process_pkt expects 32768ba7e87SXin LI * MODE_SERVER 32868ba7e87SXin LI */ 329276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 330f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 331f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 332276da39aSCy Schubert } 333276da39aSCy Schubert 3349034852cSGleb Smirnoff 335276da39aSCy Schubert /* Tests bug 1597 */ 3369034852cSGleb Smirnoff void 33768ba7e87SXin LI test_KoDRate(void) 33868ba7e87SXin LI { 339276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 340276da39aSCy Schubert 341f391d6bcSXin LI testpkt.p.stratum = STRATUM_PKT_UNSPEC; 342f391d6bcSXin LI memcpy(&testpkt.p.refid, "RATE", 4); 343276da39aSCy Schubert 344276da39aSCy Schubert TEST_ASSERT_EQUAL(KOD_RATE, 345f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 346f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 347276da39aSCy Schubert } 348276da39aSCy Schubert 3499034852cSGleb Smirnoff 3509034852cSGleb Smirnoff void 35168ba7e87SXin LI test_KoDDeny(void) 35268ba7e87SXin LI { 353276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 354276da39aSCy Schubert 355f391d6bcSXin LI testpkt.p.stratum = STRATUM_PKT_UNSPEC; 356f391d6bcSXin LI memcpy(&testpkt.p.refid, "DENY", 4); 357276da39aSCy Schubert 358276da39aSCy Schubert TEST_ASSERT_EQUAL(KOD_DEMOBILIZE, 359f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 360f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 361276da39aSCy Schubert } 362276da39aSCy Schubert 3639034852cSGleb Smirnoff 3649034852cSGleb Smirnoff void 36568ba7e87SXin LI test_RejectUnsyncedServer(void) 36668ba7e87SXin LI { 367276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 368276da39aSCy Schubert 369f391d6bcSXin LI testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC, 370276da39aSCy Schubert NTP_VERSION, 371276da39aSCy Schubert MODE_SERVER); 372276da39aSCy Schubert 373276da39aSCy Schubert TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 374f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 375f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 376276da39aSCy Schubert } 377276da39aSCy Schubert 3789034852cSGleb Smirnoff 3799034852cSGleb Smirnoff void 38068ba7e87SXin LI test_RejectWrongResponseServerMode(void) 38168ba7e87SXin LI { 382276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 383276da39aSCy Schubert 384276da39aSCy Schubert l_fp tmp; 385276da39aSCy Schubert tmp.l_ui = 1000UL; 386276da39aSCy Schubert tmp.l_uf = 0UL; 387f391d6bcSXin LI HTONL_FP(&tmp, &testpkt.p.org); 388276da39aSCy Schubert 389276da39aSCy Schubert tmp.l_ui = 2000UL; 390276da39aSCy Schubert tmp.l_uf = 0UL; 391f391d6bcSXin LI HTONL_FP(&tmp, &testspkt.p.xmt); 392276da39aSCy Schubert 393276da39aSCy Schubert TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 394f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 395f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 396276da39aSCy Schubert } 397276da39aSCy Schubert 3989034852cSGleb Smirnoff 3999034852cSGleb Smirnoff void 40068ba7e87SXin LI test_AcceptNoSentPacketBroadcastMode(void) 40168ba7e87SXin LI { 402276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 403276da39aSCy Schubert 404f391d6bcSXin LI testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 405276da39aSCy Schubert NTP_VERSION, 406276da39aSCy Schubert MODE_BROADCAST); 407276da39aSCy Schubert 408276da39aSCy Schubert TEST_ASSERT_EQUAL(LEN_PKT_NOMAC, 409f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 410276da39aSCy Schubert MODE_BROADCAST, NULL, "UnitTest")); 411276da39aSCy Schubert } 412276da39aSCy Schubert 4139034852cSGleb Smirnoff 4149034852cSGleb Smirnoff void 41568ba7e87SXin LI test_CorrectUnauthenticatedPacket(void) 41668ba7e87SXin LI { 417276da39aSCy Schubert TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 418276da39aSCy Schubert 419276da39aSCy Schubert TEST_ASSERT_EQUAL(LEN_PKT_NOMAC, 420f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 421f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 422276da39aSCy Schubert } 423276da39aSCy Schubert 4249034852cSGleb Smirnoff 4259034852cSGleb Smirnoff void 42668ba7e87SXin LI test_CorrectAuthenticatedPacketMD5(void) 42768ba7e87SXin LI { 428*f5f40dd6SCy Schubert #ifdef OPENSSL 429*f5f40dd6SCy Schubert 430*f5f40dd6SCy Schubert keyid_t k_id = 10; 431*f5f40dd6SCy Schubert int pkt_len = LEN_PKT_NOMAC; 432*f5f40dd6SCy Schubert int mac_len; 433*f5f40dd6SCy Schubert 434*f5f40dd6SCy Schubert PrepareAuthenticationTest(k_id, 15, "MD5", "123456789abcdef"); 435276da39aSCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 436276da39aSCy Schubert 43768ba7e87SXin LI /* Prepare the packet. */ 438*f5f40dd6SCy Schubert testpkt.p.exten[0] = htonl(k_id); 439*f5f40dd6SCy Schubert mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 440*f5f40dd6SCy Schubert &testpkt.p.exten[1], MAX_MDG_LEN); 441*f5f40dd6SCy Schubert 442*f5f40dd6SCy Schubert /* TODO: Should not expect failure if non-FIPS OpenSSL */ 443*f5f40dd6SCy Schubert TEST_EXPECT_FAIL_MESSAGE("FIPS OpenSSL bars MD5"); 444276da39aSCy Schubert 44509100258SXin LI pkt_len += KEY_MAC_LEN + mac_len; 446276da39aSCy Schubert 447276da39aSCy Schubert TEST_ASSERT_EQUAL(pkt_len, 448f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 449f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 450*f5f40dd6SCy Schubert 451*f5f40dd6SCy Schubert #else 452*f5f40dd6SCy Schubert 453*f5f40dd6SCy Schubert TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 454*f5f40dd6SCy Schubert 455*f5f40dd6SCy Schubert #endif 456*f5f40dd6SCy Schubert } 457*f5f40dd6SCy Schubert 458*f5f40dd6SCy Schubert 459*f5f40dd6SCy Schubert void 460*f5f40dd6SCy Schubert test_CorrectAuthenticatedPacketSHAKE128(void) 461*f5f40dd6SCy Schubert { 462*f5f40dd6SCy Schubert #ifdef OPENSSL 463*f5f40dd6SCy Schubert 464*f5f40dd6SCy Schubert keyid_t k_id = 10; 465*f5f40dd6SCy Schubert int pkt_len = LEN_PKT_NOMAC; 466*f5f40dd6SCy Schubert int mac_len; 467*f5f40dd6SCy Schubert 468*f5f40dd6SCy Schubert PrepareAuthenticationTest(k_id, 15, "SHAKE128", "123456789abcdef"); 469*f5f40dd6SCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 470*f5f40dd6SCy Schubert 471*f5f40dd6SCy Schubert /* Prepare the packet. */ 472*f5f40dd6SCy Schubert testpkt.p.exten[0] = htonl(k_id); 473*f5f40dd6SCy Schubert mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1], 474*f5f40dd6SCy Schubert SHAKE128_LENGTH); 475*f5f40dd6SCy Schubert 476*f5f40dd6SCy Schubert pkt_len += KEY_MAC_LEN + mac_len; 477*f5f40dd6SCy Schubert 478*f5f40dd6SCy Schubert TEST_ASSERT_EQUAL(pkt_len, 479*f5f40dd6SCy Schubert process_pkt(&testpkt.p, &testsock, pkt_len, 480*f5f40dd6SCy Schubert MODE_SERVER, &testspkt.p, "UnitTest")); 481*f5f40dd6SCy Schubert 482*f5f40dd6SCy Schubert #else 483*f5f40dd6SCy Schubert 484*f5f40dd6SCy Schubert TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 485*f5f40dd6SCy Schubert 486*f5f40dd6SCy Schubert #endif 487276da39aSCy Schubert } 488276da39aSCy Schubert 4899034852cSGleb Smirnoff 4909034852cSGleb Smirnoff void 49168ba7e87SXin LI test_CorrectAuthenticatedPacketSHA1(void) 49268ba7e87SXin LI { 493*f5f40dd6SCy Schubert #ifdef OPENSSL 494*f5f40dd6SCy Schubert 495*f5f40dd6SCy Schubert keyid_t k_id = 20; 496*f5f40dd6SCy Schubert int pkt_len = LEN_PKT_NOMAC; 497*f5f40dd6SCy Schubert int mac_len; 498*f5f40dd6SCy Schubert 499*f5f40dd6SCy Schubert PrepareAuthenticationTest(k_id, 15, "SHA1", "abcdefghijklmno"); 500276da39aSCy Schubert TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 501276da39aSCy Schubert 50268ba7e87SXin LI /* Prepare the packet. */ 503*f5f40dd6SCy Schubert testpkt.p.exten[0] = htonl(k_id); 504*f5f40dd6SCy Schubert mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1], 505*f5f40dd6SCy Schubert SHA1_LENGTH); 50609100258SXin LI 50709100258SXin LI pkt_len += KEY_MAC_LEN + mac_len; 50809100258SXin LI 50909100258SXin LI TEST_ASSERT_EQUAL(pkt_len, 51009100258SXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 51109100258SXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 512*f5f40dd6SCy Schubert 513*f5f40dd6SCy Schubert #else 514*f5f40dd6SCy Schubert 515*f5f40dd6SCy Schubert TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 516*f5f40dd6SCy Schubert 517*f5f40dd6SCy Schubert #endif 51809100258SXin LI } 51909100258SXin LI 52009100258SXin LI 52109100258SXin LI void 52209100258SXin LI test_CorrectAuthenticatedPacketCMAC(void) 52309100258SXin LI { 5244e1ef62aSXin LI #if defined(OPENSSL) && defined(ENABLE_CMAC) 5254e1ef62aSXin LI 52609100258SXin LI PrepareAuthenticationTest(30, CMAC_LENGTH, CMAC, "abcdefghijklmnop"); 52709100258SXin LI TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 52809100258SXin LI 52909100258SXin LI int pkt_len = LEN_PKT_NOMAC; 53009100258SXin LI 53109100258SXin LI /* Prepare the packet. */ 53209100258SXin LI testpkt.p.exten[0] = htonl(30); 533*f5f40dd6SCy Schubert int mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 534*f5f40dd6SCy Schubert &testpkt.p.exten[1], MAX_MAC_LEN); 535276da39aSCy Schubert 536276da39aSCy Schubert pkt_len += 4 + mac_len; 537276da39aSCy Schubert 538276da39aSCy Schubert TEST_ASSERT_EQUAL(pkt_len, 539f391d6bcSXin LI process_pkt(&testpkt.p, &testsock, pkt_len, 540f391d6bcSXin LI MODE_SERVER, &testspkt.p, "UnitTest")); 5414e1ef62aSXin LI 5424e1ef62aSXin LI #else 5434e1ef62aSXin LI 544*f5f40dd6SCy Schubert TEST_IGNORE_MESSAGE("CMAC not enabled, skipping..."); 5454e1ef62aSXin LI 5464e1ef62aSXin LI #endif /* OPENSSL */ 547276da39aSCy Schubert } 54809100258SXin LI 549