1 1.4 christos /* $NetBSD: packetProcessing.c,v 1.5 2024/08/18 20:47:26 christos Exp $ */ 2 1.2 christos 3 1.1 christos #include "config.h" 4 1.2 christos 5 1.1 christos #include "sntptest.h" 6 1.1 christos #include "networking.h" 7 1.1 christos #include "ntp_stdlib.h" 8 1.1 christos #include "unity.h" 9 1.1 christos 10 1.2 christos #define CMAC "AES128CMAC" 11 1.2 christos #define CMAC_LENGTH 16 12 1.2 christos 13 1.2 christos 14 1.2 christos /* Hacks into the key database. */ 15 1.1 christos extern struct key* key_ptr; 16 1.1 christos extern int key_cnt; 17 1.1 christos 18 1.1 christos 19 1.2 christos void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq); 20 1.2 christos void setUp(void); 21 1.2 christos void tearDown(void); 22 1.2 christos void test_TooShortLength(void); 23 1.2 christos void test_LengthNotMultipleOfFour(void); 24 1.2 christos void test_TooShortExtensionFieldLength(void); 25 1.2 christos void test_UnauthenticatedPacketReject(void); 26 1.2 christos void test_CryptoNAKPacketReject(void); 27 1.2 christos void test_AuthenticatedPacketInvalid(void); 28 1.2 christos void test_AuthenticatedPacketUnknownKey(void); 29 1.2 christos void test_ServerVersionTooOld(void); 30 1.2 christos void test_ServerVersionTooNew(void); 31 1.2 christos void test_NonWantedMode(void); 32 1.2 christos void test_KoDRate(void); 33 1.2 christos void test_KoDDeny(void); 34 1.2 christos void test_RejectUnsyncedServer(void); 35 1.2 christos void test_RejectWrongResponseServerMode(void); 36 1.2 christos void test_AcceptNoSentPacketBroadcastMode(void); 37 1.2 christos void test_CorrectUnauthenticatedPacket(void); 38 1.2 christos void test_CorrectAuthenticatedPacketMD5(void); 39 1.5 christos void test_CorrectAuthenticatedPacketSHAKE128(void); 40 1.2 christos void test_CorrectAuthenticatedPacketSHA1(void); 41 1.2 christos void test_CorrectAuthenticatedPacketCMAC(void); 42 1.2 christos 43 1.2 christos /* [Bug 2998] There are some issues whith the definition of 'struct pkt' 44 1.2 christos * when AUTOKEY is undefined -- the formal struct is too small to hold 45 1.2 christos * all the extension fields that are going to be tested. We have to make 46 1.5 christos * sure we have the extra bytes, or the test yields undefined results due 47 1.5 christos * to buffer overrun. 48 1.2 christos */ 49 1.2 christos #ifndef AUTOKEY 50 1.2 christos # define EXTRA_BUFSIZE 256 51 1.2 christos #else 52 1.2 christos # define EXTRA_BUFSIZE 0 53 1.2 christos #endif 54 1.2 christos 55 1.2 christos union tpkt { 56 1.2 christos struct pkt p; 57 1.2 christos u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE]; 58 1.5 christos }; 59 1.2 christos 60 1.2 christos static union tpkt testpkt; 61 1.2 christos static union tpkt testspkt; 62 1.1 christos static sockaddr_u testsock; 63 1.1 christos bool restoreKeyDb; 64 1.1 christos 65 1.2 christos 66 1.2 christos void 67 1.2 christos PrepareAuthenticationTest( 68 1.2 christos int key_id, 69 1.2 christos int key_len, 70 1.2 christos const char * type, 71 1.2 christos const void * key_seq 72 1.2 christos ) 73 1.2 christos { 74 1.1 christos char str[25]; 75 1.5 christos 76 1.5 christos snprintf(str, sizeof(str), "%d", key_id); 77 1.1 christos ActivateOption("-a", str); 78 1.1 christos 79 1.1 christos key_cnt = 1; 80 1.5 christos if (NULL == key_ptr) { 81 1.5 christos key_ptr = emalloc(sizeof(*key_ptr)); 82 1.5 christos } 83 1.1 christos key_ptr->next = NULL; 84 1.1 christos key_ptr->key_id = key_id; 85 1.1 christos key_ptr->key_len = key_len; 86 1.5 christos strncpy(key_ptr->typen, type, sizeof(key_ptr->typen)); 87 1.1 christos 88 1.1 christos TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq)); 89 1.1 christos 90 1.5 christos memcpy(key_ptr->key_seq, key_seq, 91 1.5 christos min(key_len, sizeof(key_ptr->key_seq))); 92 1.1 christos restoreKeyDb = true; 93 1.1 christos } 94 1.1 christos 95 1.2 christos 96 1.2 christos void 97 1.2 christos setUp(void) 98 1.2 christos { 99 1.1 christos 100 1.1 christos sntptest(); 101 1.1 christos restoreKeyDb = false; 102 1.1 christos 103 1.1 christos /* Initialize the test packet and socket, 104 1.2 christos * so they contain at least some valid data. 105 1.2 christos */ 106 1.2 christos testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION, 107 1.5 christos MODE_SERVER); 108 1.2 christos testpkt.p.stratum = STRATUM_REFCLOCK; 109 1.2 christos memcpy(&testpkt.p.refid, "GPS\0", 4); 110 1.1 christos 111 1.1 christos /* Set the origin timestamp of the received packet to the 112 1.2 christos * same value as the transmit timestamp of the sent packet. 113 1.2 christos */ 114 1.1 christos l_fp tmp; 115 1.1 christos tmp.l_ui = 1000UL; 116 1.1 christos tmp.l_uf = 0UL; 117 1.1 christos 118 1.2 christos HTONL_FP(&tmp, &testpkt.p.org); 119 1.2 christos HTONL_FP(&tmp, &testspkt.p.xmt); 120 1.2 christos } 121 1.1 christos 122 1.1 christos 123 1.2 christos void 124 1.2 christos tearDown(void) 125 1.5 christos { 126 1.1 christos if (restoreKeyDb) { 127 1.1 christos key_cnt = 0; 128 1.1 christos free(key_ptr); 129 1.1 christos key_ptr = NULL; 130 1.1 christos } 131 1.1 christos 132 1.2 christos sntptest_destroy(); /* only on the final test!! if counter == 0 etc... */ 133 1.1 christos } 134 1.1 christos 135 1.1 christos 136 1.2 christos void 137 1.2 christos test_TooShortLength(void) 138 1.2 christos { 139 1.1 christos TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 140 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC - 1, 141 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 142 1.1 christos TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 143 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC - 1, 144 1.2 christos MODE_BROADCAST, &testspkt.p, "UnitTest")); 145 1.1 christos } 146 1.1 christos 147 1.2 christos 148 1.2 christos void 149 1.2 christos test_LengthNotMultipleOfFour(void) 150 1.2 christos { 151 1.1 christos TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 152 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC + 6, 153 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 154 1.1 christos TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 155 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC + 3, 156 1.2 christos MODE_BROADCAST, &testspkt.p, "UnitTest")); 157 1.1 christos } 158 1.1 christos 159 1.2 christos 160 1.2 christos void 161 1.2 christos test_TooShortExtensionFieldLength(void) 162 1.2 christos { 163 1.2 christos /* [Bug 2998] We have to get around the formal specification of 164 1.2 christos * the extension field if AUTOKEY is undefined. (At least CLANG 165 1.2 christos * issues a warning in this case. It's just a warning, but 166 1.2 christos * still... 167 1.2 christos */ 168 1.2 christos uint32_t * pe = testpkt.p.exten + 7; 169 1.5 christos 170 1.1 christos /* The lower 16-bits are the length of the extension field. 171 1.1 christos * This lengths must be multiples of 4 bytes, which gives 172 1.2 christos * a minimum of 4 byte extension field length. 173 1.2 christos */ 174 1.2 christos *pe = htonl(3); /* 3 bytes is too short. */ 175 1.1 christos 176 1.1 christos /* We send in a pkt_len of header size + 4 byte extension 177 1.1 christos * header + 24 byte MAC, this prevents the length error to 178 1.2 christos * be caught at an earlier stage 179 1.2 christos */ 180 1.1 christos int pkt_len = LEN_PKT_NOMAC + 4 + 24; 181 1.1 christos 182 1.1 christos TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 183 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 184 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 185 1.1 christos } 186 1.1 christos 187 1.2 christos 188 1.2 christos void 189 1.2 christos test_UnauthenticatedPacketReject(void) 190 1.2 christos { 191 1.2 christos /* Activate authentication option */ 192 1.1 christos ActivateOption("-a", "123"); 193 1.1 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 194 1.1 christos 195 1.1 christos int pkt_len = LEN_PKT_NOMAC; 196 1.1 christos 197 1.2 christos /* We demand authentication, but no MAC header is present. */ 198 1.1 christos TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 199 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 200 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 201 1.1 christos } 202 1.1 christos 203 1.2 christos 204 1.2 christos void 205 1.2 christos test_CryptoNAKPacketReject(void) 206 1.2 christos { 207 1.2 christos /* Activate authentication option */ 208 1.1 christos ActivateOption("-a", "123"); 209 1.1 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 210 1.1 christos 211 1.2 christos int pkt_len = LEN_PKT_NOMAC + 4; /* + 4 byte MAC = Crypto-NAK */ 212 1.1 christos 213 1.1 christos TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 214 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 215 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 216 1.1 christos } 217 1.1 christos 218 1.2 christos 219 1.2 christos void 220 1.2 christos test_AuthenticatedPacketInvalid(void) 221 1.2 christos { 222 1.5 christos #ifdef OPENSSL 223 1.5 christos size_t pkt_len = LEN_PKT_NOMAC; 224 1.5 christos size_t mac_len; 225 1.5 christos 226 1.2 christos /* Activate authentication option */ 227 1.5 christos PrepareAuthenticationTest(50, 9, "SHAKE128", "123456789"); 228 1.1 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 229 1.5 christos 230 1.2 christos /* Prepare the packet. */ 231 1.2 christos testpkt.p.exten[0] = htonl(50); 232 1.5 christos mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 233 1.5 christos &testpkt.p.exten[1], MAX_MDG_LEN); 234 1.1 christos 235 1.5 christos pkt_len += KEY_MAC_LEN + mac_len; 236 1.1 christos 237 1.2 christos /* Now, alter the MAC so it becomes invalid. */ 238 1.2 christos testpkt.p.exten[1] += 1; 239 1.1 christos 240 1.1 christos TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 241 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 242 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 243 1.5 christos 244 1.5 christos #else 245 1.5 christos 246 1.5 christos TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 247 1.5 christos 248 1.5 christos #endif 249 1.1 christos } 250 1.1 christos 251 1.2 christos 252 1.2 christos void 253 1.2 christos test_AuthenticatedPacketUnknownKey(void) 254 1.2 christos { 255 1.5 christos #ifdef OPENSSL 256 1.5 christos size_t pkt_len = LEN_PKT_NOMAC; 257 1.5 christos size_t mac_len; 258 1.5 christos 259 1.2 christos /* Activate authentication option */ 260 1.5 christos PrepareAuthenticationTest(30, 9, "SHAKE128", "123456789"); 261 1.1 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 262 1.5 christos 263 1.2 christos /* Prepare the packet. Note that the Key-ID expected is 30, but 264 1.2 christos * the packet has a key id of 50. 265 1.2 christos */ 266 1.2 christos testpkt.p.exten[0] = htonl(50); 267 1.5 christos mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 268 1.5 christos &testpkt.p.exten[1], MAX_MDG_LEN); 269 1.2 christos pkt_len += KEY_MAC_LEN + mac_len; 270 1.1 christos 271 1.1 christos TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, 272 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 273 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 274 1.5 christos 275 1.5 christos #else 276 1.5 christos 277 1.5 christos TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 278 1.5 christos 279 1.5 christos #endif 280 1.1 christos } 281 1.1 christos 282 1.2 christos 283 1.2 christos void 284 1.2 christos test_ServerVersionTooOld(void) 285 1.2 christos { 286 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 287 1.1 christos 288 1.2 christos testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 289 1.2 christos NTP_OLDVERSION - 1, 290 1.2 christos MODE_CLIENT); 291 1.2 christos TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION); 292 1.1 christos 293 1.1 christos int pkt_len = LEN_PKT_NOMAC; 294 1.5 christos 295 1.1 christos TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 296 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 297 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 298 1.1 christos } 299 1.1 christos 300 1.2 christos 301 1.2 christos void 302 1.2 christos test_ServerVersionTooNew(void) 303 1.2 christos { 304 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 305 1.1 christos 306 1.2 christos testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 307 1.2 christos NTP_VERSION + 1, 308 1.2 christos MODE_CLIENT); 309 1.2 christos TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) > NTP_VERSION); 310 1.1 christos 311 1.1 christos int pkt_len = LEN_PKT_NOMAC; 312 1.1 christos 313 1.1 christos TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 314 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 315 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 316 1.1 christos } 317 1.1 christos 318 1.2 christos 319 1.2 christos void 320 1.2 christos test_NonWantedMode(void) 321 1.2 christos { 322 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 323 1.1 christos 324 1.2 christos testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 325 1.2 christos NTP_VERSION, 326 1.2 christos MODE_CLIENT); 327 1.2 christos 328 1.2 christos /* The packet has a mode of MODE_CLIENT, but process_pkt expects 329 1.2 christos * MODE_SERVER 330 1.2 christos */ 331 1.1 christos TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 332 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 333 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 334 1.1 christos } 335 1.1 christos 336 1.2 christos 337 1.1 christos /* Tests bug 1597 */ 338 1.2 christos void 339 1.2 christos test_KoDRate(void) 340 1.2 christos { 341 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 342 1.1 christos 343 1.2 christos testpkt.p.stratum = STRATUM_PKT_UNSPEC; 344 1.2 christos memcpy(&testpkt.p.refid, "RATE", 4); 345 1.1 christos 346 1.1 christos TEST_ASSERT_EQUAL(KOD_RATE, 347 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 348 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 349 1.1 christos } 350 1.1 christos 351 1.2 christos 352 1.2 christos void 353 1.2 christos test_KoDDeny(void) 354 1.2 christos { 355 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 356 1.1 christos 357 1.2 christos testpkt.p.stratum = STRATUM_PKT_UNSPEC; 358 1.2 christos memcpy(&testpkt.p.refid, "DENY", 4); 359 1.1 christos 360 1.1 christos TEST_ASSERT_EQUAL(KOD_DEMOBILIZE, 361 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 362 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 363 1.1 christos } 364 1.1 christos 365 1.2 christos 366 1.2 christos void 367 1.2 christos test_RejectUnsyncedServer(void) 368 1.2 christos { 369 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 370 1.1 christos 371 1.2 christos testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC, 372 1.2 christos NTP_VERSION, 373 1.2 christos MODE_SERVER); 374 1.1 christos 375 1.1 christos TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, 376 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 377 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 378 1.1 christos } 379 1.1 christos 380 1.2 christos 381 1.2 christos void 382 1.2 christos test_RejectWrongResponseServerMode(void) 383 1.2 christos { 384 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 385 1.1 christos 386 1.1 christos l_fp tmp; 387 1.1 christos tmp.l_ui = 1000UL; 388 1.1 christos tmp.l_uf = 0UL; 389 1.2 christos HTONL_FP(&tmp, &testpkt.p.org); 390 1.1 christos 391 1.1 christos tmp.l_ui = 2000UL; 392 1.1 christos tmp.l_uf = 0UL; 393 1.2 christos HTONL_FP(&tmp, &testspkt.p.xmt); 394 1.1 christos 395 1.1 christos TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, 396 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 397 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 398 1.1 christos } 399 1.1 christos 400 1.2 christos 401 1.2 christos void 402 1.2 christos test_AcceptNoSentPacketBroadcastMode(void) 403 1.2 christos { 404 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 405 1.1 christos 406 1.2 christos testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, 407 1.2 christos NTP_VERSION, 408 1.2 christos MODE_BROADCAST); 409 1.1 christos 410 1.1 christos TEST_ASSERT_EQUAL(LEN_PKT_NOMAC, 411 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 412 1.1 christos MODE_BROADCAST, NULL, "UnitTest")); 413 1.1 christos } 414 1.1 christos 415 1.2 christos 416 1.2 christos void 417 1.2 christos test_CorrectUnauthenticatedPacket(void) 418 1.2 christos { 419 1.1 christos TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION)); 420 1.1 christos 421 1.1 christos TEST_ASSERT_EQUAL(LEN_PKT_NOMAC, 422 1.2 christos process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC, 423 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 424 1.1 christos } 425 1.1 christos 426 1.2 christos 427 1.2 christos void 428 1.2 christos test_CorrectAuthenticatedPacketMD5(void) 429 1.2 christos { 430 1.5 christos #ifdef OPENSSL 431 1.5 christos 432 1.5 christos keyid_t k_id = 10; 433 1.5 christos int pkt_len = LEN_PKT_NOMAC; 434 1.5 christos int mac_len; 435 1.5 christos 436 1.5 christos PrepareAuthenticationTest(k_id, 15, "MD5", "123456789abcdef"); 437 1.1 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 438 1.1 christos 439 1.5 christos /* Prepare the packet. */ 440 1.5 christos testpkt.p.exten[0] = htonl(k_id); 441 1.5 christos mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 442 1.5 christos &testpkt.p.exten[1], MAX_MDG_LEN); 443 1.5 christos 444 1.5 christos /* TODO: Should not expect failure if non-FIPS OpenSSL */ 445 1.5 christos TEST_EXPECT_FAIL_MESSAGE("FIPS OpenSSL bars MD5"); 446 1.5 christos 447 1.5 christos pkt_len += KEY_MAC_LEN + mac_len; 448 1.5 christos 449 1.5 christos TEST_ASSERT_EQUAL(pkt_len, 450 1.5 christos process_pkt(&testpkt.p, &testsock, pkt_len, 451 1.5 christos MODE_SERVER, &testspkt.p, "UnitTest")); 452 1.5 christos 453 1.5 christos #else 454 1.5 christos 455 1.5 christos TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 456 1.5 christos 457 1.5 christos #endif 458 1.5 christos } 459 1.5 christos 460 1.5 christos 461 1.5 christos void 462 1.5 christos test_CorrectAuthenticatedPacketSHAKE128(void) 463 1.5 christos { 464 1.5 christos #ifdef OPENSSL 465 1.5 christos 466 1.5 christos keyid_t k_id = 10; 467 1.1 christos int pkt_len = LEN_PKT_NOMAC; 468 1.5 christos int mac_len; 469 1.5 christos 470 1.5 christos PrepareAuthenticationTest(k_id, 15, "SHAKE128", "123456789abcdef"); 471 1.5 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 472 1.1 christos 473 1.2 christos /* Prepare the packet. */ 474 1.5 christos testpkt.p.exten[0] = htonl(k_id); 475 1.5 christos mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1], 476 1.5 christos SHAKE128_LENGTH); 477 1.1 christos 478 1.2 christos pkt_len += KEY_MAC_LEN + mac_len; 479 1.1 christos 480 1.1 christos TEST_ASSERT_EQUAL(pkt_len, 481 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 482 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 483 1.5 christos 484 1.5 christos #else 485 1.5 christos 486 1.5 christos TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 487 1.5 christos 488 1.5 christos #endif 489 1.2 christos } 490 1.1 christos 491 1.2 christos 492 1.2 christos void 493 1.2 christos test_CorrectAuthenticatedPacketSHA1(void) 494 1.2 christos { 495 1.5 christos #ifdef OPENSSL 496 1.2 christos 497 1.5 christos keyid_t k_id = 20; 498 1.2 christos int pkt_len = LEN_PKT_NOMAC; 499 1.5 christos int mac_len; 500 1.5 christos 501 1.5 christos PrepareAuthenticationTest(k_id, 15, "SHA1", "abcdefghijklmno"); 502 1.5 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 503 1.2 christos 504 1.2 christos /* Prepare the packet. */ 505 1.5 christos testpkt.p.exten[0] = htonl(k_id); 506 1.5 christos mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1], 507 1.5 christos SHA1_LENGTH); 508 1.2 christos 509 1.2 christos pkt_len += KEY_MAC_LEN + mac_len; 510 1.2 christos 511 1.2 christos TEST_ASSERT_EQUAL(pkt_len, 512 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 513 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 514 1.5 christos 515 1.5 christos #else 516 1.5 christos 517 1.5 christos TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); 518 1.5 christos 519 1.5 christos #endif 520 1.1 christos } 521 1.1 christos 522 1.2 christos 523 1.2 christos void 524 1.2 christos test_CorrectAuthenticatedPacketCMAC(void) 525 1.2 christos { 526 1.3 christos #if defined(OPENSSL) && defined(ENABLE_CMAC) 527 1.3 christos 528 1.2 christos PrepareAuthenticationTest(30, CMAC_LENGTH, CMAC, "abcdefghijklmnop"); 529 1.1 christos TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); 530 1.1 christos 531 1.1 christos int pkt_len = LEN_PKT_NOMAC; 532 1.1 christos 533 1.2 christos /* Prepare the packet. */ 534 1.2 christos testpkt.p.exten[0] = htonl(30); 535 1.5 christos int mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, 536 1.5 christos &testpkt.p.exten[1], MAX_MAC_LEN); 537 1.1 christos 538 1.1 christos pkt_len += 4 + mac_len; 539 1.1 christos 540 1.1 christos TEST_ASSERT_EQUAL(pkt_len, 541 1.2 christos process_pkt(&testpkt.p, &testsock, pkt_len, 542 1.2 christos MODE_SERVER, &testspkt.p, "UnitTest")); 543 1.3 christos 544 1.3 christos #else 545 1.5 christos 546 1.5 christos TEST_IGNORE_MESSAGE("CMAC not enabled, skipping..."); 547 1.5 christos 548 1.3 christos #endif /* OPENSSL */ 549 1.1 christos } 550 1.2 christos 551
Indexes created Mon Mar 16 00:23:04 UTC 2026