1#!/usr/bin/env bash 2 3. ./test.common 4 5test_start "NTP authentication" 6 7server_conf="keyfile tmp/server.keys" 8client_conf="keyfile tmp/client.keys" 9 10cat > tmp/server.keys <<-EOF 111 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E 122 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E 133 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E 144 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E 15EOF 16 17cat > tmp/client.keys <<-EOF 181 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^ 192 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^ 203 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^ 214 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E 22EOF 23 24keys=4 25 26types="MD5" 27check_config_h 'FEAT_SECHASH 1' && types="$types SHA1 SHA256 SHA384 SHA512" 28check_config_h 'HAVE_CMAC 1' && types="$types AES128 AES256" 29 30for type in $types; do 31 keys=$[$keys + 1] 32 case $type in 33 AES128) length=16;; 34 AES256) length=32;; 35 *) length=$[$RANDOM % 32 + 1];; 36 esac 37 38 key=$(echo $keys $type HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null | \ 39 head -c $[$length * 2])) 40 echo "$key" >> tmp/server.keys 41 echo "$key" >> tmp/client.keys 42done 43 44for version in 3 4; do 45 for key in $(seq $keys); do 46 client_server_options="version $version key $key" 47 run_test || test_fail 48 check_chronyd_exit || test_fail 49 check_source_selection || test_fail 50 check_packet_interval || test_fail 51 check_sync || test_fail 52 done 53done 54 55server_conf="" 56 57run_test || test_fail 58check_chronyd_exit || test_fail 59# This check must fail as the server doesn't know the key 60check_sync && test_fail 61check_packet_interval || test_fail 62 63server_conf="keyfile tmp/server.keys" 64client_conf="" 65 66run_test || test_fail 67check_chronyd_exit || test_fail 68# This check must fail as the client doesn't know the key 69check_sync && test_fail 70check_packet_interval || test_fail 71 72client_conf="keyfile tmp/client.keys" 73clients=2 74peers=2 75max_sync_time=500 76base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))" 77 78for versions in "3 3" "3 4" "4 3" "4 4"; do 79 for key in 1 $keys; do 80 client_lpeer_options="version ${versions% *} key $key" 81 client_rpeer_options="version ${versions#* } key $key" 82 run_test || test_fail 83 check_chronyd_exit || test_fail 84 check_sync || test_fail 85 done 86done 87 88client_lpeer_options="key 1" 89client_rpeer_options="key 2" 90 91run_test || test_fail 92check_chronyd_exit || test_fail 93# This check must fail as the peers are using different keys" 94check_sync && test_fail 95 96test_pass 97