crypto.c revision 1.1.1.6.14.2
1 /* $NetBSD: crypto.c,v 1.1.1.6.14.2 2018/09/30 01:45:27 pgoyette Exp $ */ 2 3 #include "config.h" 4 #include "unity.h" 5 #include "ntp_types.h" 6 7 #include "sntptest.h" 8 #include "crypto.h" 9 10 #define CMAC "AES128CMAC" 11 12 #define MD5_LENGTH 16 13 #define SHA1_LENGTH 20 14 #define CMAC_LENGTH 16 15 16 17 void test_MakeMd5Mac(void); 18 void test_MakeSHA1Mac(void); 19 void test_MakeCMac(void); 20 void test_VerifyCorrectMD5(void); 21 void test_VerifySHA1(void); 22 void test_VerifyCMAC(void); 23 void test_VerifyFailure(void); 24 void test_PacketSizeNotMultipleOfFourBytes(void); 25 26 void VerifyLocalCMAC(struct key *cmac); 27 void VerifyOpenSSLCMAC(struct key *cmac); 28 29 30 void 31 test_MakeMd5Mac(void) 32 { 33 const char* PKT_DATA = "abcdefgh0123"; 34 const int PKT_LEN = strlen(PKT_DATA); 35 const char* EXPECTED_DIGEST = 36 "\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b"; 37 char actual[MD5_LENGTH]; 38 39 struct key md5; 40 md5.next = NULL; 41 md5.key_id = 10; 42 md5.key_len = 6; 43 memcpy(&md5.key_seq, "md5seq", md5.key_len); 44 strlcpy(md5.typen, "MD5", sizeof(md5.typen)); 45 md5.typei = keytype_from_text(md5.typen, NULL); 46 47 TEST_ASSERT_EQUAL(MD5_LENGTH, 48 make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual)); 49 50 TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0); 51 } 52 53 54 void 55 test_MakeSHA1Mac(void) 56 { 57 #ifdef OPENSSL 58 59 const char* PKT_DATA = "abcdefgh0123"; 60 const int PKT_LEN = strlen(PKT_DATA); 61 const char* EXPECTED_DIGEST = 62 "\x17\xaa\x82\x97\xc7\x17\x13\x6a\x9b\xa9" 63 "\x63\x85\xb4\xce\xbe\x94\xa0\x97\x16\x1d"; 64 char actual[SHA1_LENGTH]; 65 66 struct key sha1; 67 sha1.next = NULL; 68 sha1.key_id = 20; 69 sha1.key_len = 7; 70 memcpy(&sha1.key_seq, "sha1seq", sha1.key_len); 71 strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen)); 72 sha1.typei = keytype_from_text(sha1.typen, NULL); 73 74 TEST_ASSERT_EQUAL(SHA1_LENGTH, 75 make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual)); 76 77 TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH); 78 79 #else 80 81 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); 82 83 #endif /* OPENSSL */ 84 } 85 86 87 void 88 test_MakeCMac(void) 89 { 90 #if defined(OPENSSL) && defined(ENABLE_CMAC) 91 92 const char* PKT_DATA = "abcdefgh0123"; 93 const int PKT_LEN = strlen(PKT_DATA); 94 const char* EXPECTED_DIGEST = 95 "\xdd\x35\xd5\xf5\x14\x23\xd9\xd6" 96 "\x38\x5d\x29\x80\xfe\x51\xb9\x6b"; 97 char actual[CMAC_LENGTH]; 98 99 struct key cmac; 100 cmac.next = NULL; 101 cmac.key_id = 30; 102 cmac.key_len = CMAC_LENGTH; 103 memcpy(&cmac.key_seq, "aes-128-cmac-seq", cmac.key_len); 104 memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1); 105 106 TEST_ASSERT_EQUAL(CMAC_LENGTH, 107 make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual)); 108 109 TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH); 110 111 #else 112 113 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); 114 115 #endif /* OPENSSL */ 116 } 117 118 119 void 120 test_VerifyCorrectMD5(void) 121 { 122 const char* PKT_DATA = 123 "sometestdata" /* Data */ 124 "\0\0\0\0" /* Key-ID (unused) */ 125 "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */ 126 "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac"; 127 const int PKT_LEN = 12; 128 129 struct key md5; 130 md5.next = NULL; 131 md5.key_id = 0; 132 md5.key_len = 6; 133 memcpy(&md5.key_seq, "md5key", md5.key_len); 134 strlcpy(md5.typen, "MD5", sizeof(md5.typen)); 135 md5.typei = keytype_from_text(md5.typen, NULL); 136 137 TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5)); 138 } 139 140 141 void 142 test_VerifySHA1(void) 143 { 144 #ifdef OPENSSL 145 146 const char* PKT_DATA = 147 "sometestdata" /* Data */ 148 "\0\0\0\0" /* Key-ID (unused) */ 149 "\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce" /* MAC */ 150 "\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1"; 151 const int PKT_LEN = 12; 152 153 struct key sha1; 154 sha1.next = NULL; 155 sha1.key_id = 0; 156 sha1.key_len = 7; 157 memcpy(&sha1.key_seq, "sha1key", sha1.key_len); 158 strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen)); 159 sha1.typei = keytype_from_text(sha1.typen, NULL); 160 161 TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1)); 162 163 #else 164 165 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); 166 167 #endif /* OPENSSL */ 168 } 169 170 171 void 172 test_VerifyCMAC(void) 173 { 174 const char* PKT_DATA = 175 "sometestdata" /* Data */ 176 "\0\0\0\0" /* Key-ID (unused) */ 177 "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf" /* MAC */ 178 "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b"; 179 const int PKT_LEN = 12; 180 struct key cmac; 181 182 cmac.next = NULL; 183 cmac.key_id = 0; 184 cmac.key_len = CMAC_LENGTH; 185 memcpy(&cmac.key_seq, "aes-128-cmac-key", cmac.key_len); 186 memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1); 187 188 VerifyOpenSSLCMAC(&cmac); 189 VerifyLocalCMAC(&cmac); 190 } 191 192 193 void 194 VerifyOpenSSLCMAC(struct key *cmac) 195 { 196 #if defined(OPENSSL) && defined(ENABLE_CMAC) 197 198 /* XXX: HMS: auth_md5 must be renamed/incorrect. */ 199 // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac)); 200 TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping..."); 201 202 #else 203 204 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); 205 206 #endif /* OPENSSL */ 207 return; 208 } 209 210 211 void 212 VerifyLocalCMAC(struct key *cmac) 213 { 214 215 /* XXX: HMS: auth_md5 must be renamed/incorrect. */ 216 // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac)); 217 218 TEST_IGNORE_MESSAGE("Hook in the local AES-128-CMAC check!"); 219 220 return; 221 } 222 223 224 void 225 test_VerifyFailure(void) 226 { 227 /* We use a copy of the MD5 verification code, but modify the 228 * last bit to make sure verification fails. 229 */ 230 const char* PKT_DATA = 231 "sometestdata" /* Data */ 232 "\0\0\0\0" /* Key-ID (unused) */ 233 "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */ 234 "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */ 235 const int PKT_LEN = 12; 236 237 struct key md5; 238 md5.next = NULL; 239 md5.key_id = 0; 240 md5.key_len = 6; 241 memcpy(&md5.key_seq, "md5key", md5.key_len); 242 strlcpy(md5.typen, "MD5", sizeof(md5.typen)); 243 md5.typei = keytype_from_text(md5.typen, NULL); 244 245 TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5)); 246 } 247 248 249 void 250 test_PacketSizeNotMultipleOfFourBytes(void) 251 { 252 const char* PKT_DATA = "123456"; 253 const int PKT_LEN = 6; 254 char actual[MD5_LENGTH]; 255 256 struct key md5; 257 md5.next = NULL; 258 md5.key_id = 10; 259 md5.key_len = 6; 260 memcpy(&md5.key_seq, "md5seq", md5.key_len); 261 strlcpy(md5.typen, "MD5", sizeof(md5.typen)); 262 md5.typei = keytype_from_text(md5.typen, NULL); 263 264 TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual)); 265 } 266
Indexes created Tue Mar 24 00:24:13 UTC 2026