1 #include "config.h"
2 #include "unity.h"
3 #include "ntp_types.h"
4
5 #include "sntptest.h"
6 #include "crypto.h"
7
8 #define CMAC "AES128CMAC"
9
10 #define SHA1_LENGTH 20
11 #define CMAC_LENGTH 16
12
13
14 void test_MakeSHAKE128Mac(void);
15 void test_MakeSHA1Mac(void);
16 void test_MakeCMac(void);
17 void test_VerifySHAKE128(void);
18 void test_VerifySHA1(void);
19 void test_VerifyCMAC(void);
20 void test_VerifyFailure(void);
21 void test_PacketSizeNotMultipleOfFourBytes(void);
22
23 void VerifyLocalCMAC(struct key *cmac);
24 void VerifyOpenSSLCMAC(struct key *cmac);
25
26
27 void
test_MakeSHAKE128Mac(void)28 test_MakeSHAKE128Mac(void)
29 {
30 #ifdef OPENSSL
31
32 const char KEY[] = "SHAKE128 unit test key";
33 const u_char PAYLOAD[] = "packettestdata16";
34 const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
35 const u_char EXPECTED_DIGEST[] =
36 "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
37 "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
38 u_char actual[sizeof(EXPECTED_DIGEST) - 1];
39 struct key sk;
40
41 sk.next = NULL;
42 sk.key_id = 10;
43 sk.key_len = sizeof(KEY) - 1;
44 memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
45 strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
46 sk.typei = keytype_from_text(sk.typen, NULL);
47
48 TEST_ASSERT_EQUAL(sizeof(actual),
49 make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,
50 sizeof(actual)));
51
52 TEST_ASSERT_EQUAL_HEX8_ARRAY(EXPECTED_DIGEST, actual, sizeof(actual));
53 #else
54
55 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
56
57 #endif /* OPENSSL */
58 }
59
60
61 void
test_MakeSHA1Mac(void)62 test_MakeSHA1Mac(void)
63 {
64 #ifdef OPENSSL
65
66 const char* PKT_DATA = "abcdefgh0123";
67 const int PKT_LEN = strlen(PKT_DATA);
68 const char* EXPECTED_DIGEST =
69 "\x17\xaa\x82\x97\xc7\x17\x13\x6a\x9b\xa9"
70 "\x63\x85\xb4\xce\xbe\x94\xa0\x97\x16\x1d";
71 char actual[SHA1_LENGTH];
72
73 struct key sha1;
74 sha1.next = NULL;
75 sha1.key_id = 20;
76 sha1.key_len = 7;
77 memcpy(&sha1.key_seq, "sha1seq", sha1.key_len);
78 strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
79 sha1.typei = keytype_from_text(sha1.typen, NULL);
80
81 TEST_ASSERT_EQUAL(SHA1_LENGTH,
82 make_mac(PKT_DATA, PKT_LEN, &sha1, actual,
83 SHA1_LENGTH));
84
85 TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);
86
87 #else
88
89 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
90
91 #endif /* OPENSSL */
92 }
93
94
95 void
test_MakeCMac(void)96 test_MakeCMac(void)
97 {
98 #if defined(OPENSSL) && defined(ENABLE_CMAC)
99
100 const char* PKT_DATA = "abcdefgh0123";
101 const int PKT_LEN = strlen(PKT_DATA);
102 const char* EXPECTED_DIGEST =
103 "\xdd\x35\xd5\xf5\x14\x23\xd9\xd6"
104 "\x38\x5d\x29\x80\xfe\x51\xb9\x6b";
105 char actual[CMAC_LENGTH];
106 struct key cmac;
107
108 cmac.next = NULL;
109 cmac.key_id = 30;
110 cmac.key_len = CMAC_LENGTH;
111 memcpy(&cmac.key_seq, "aes-128-cmac-seq", cmac.key_len);
112 memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
113
114 TEST_ASSERT_EQUAL(CMAC_LENGTH,
115 make_mac(PKT_DATA, PKT_LEN, &cmac, actual, CMAC_LENGTH));
116
117 TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);
118
119 #else
120
121 TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");
122
123 #endif /* OPENSSL */
124 }
125
126
127 void
test_VerifySHAKE128(void)128 test_VerifySHAKE128(void)
129 {
130 #ifdef OPENSSL
131 const char KEY[] = "SHAKE128 unit test key";
132 const u_char PAYLOAD[] = "packettestdata16";
133 const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
134 const u_char EXPECTED_DIGEST[] =
135 "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
136 "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
137 const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;
138 struct key sk;
139 u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)
140 + DIGEST_LEN];
141 u_char *p;
142
143 sk.next = NULL;
144 sk.key_id = 0;
145 sk.key_len = sizeof(KEY) - 1;
146 memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
147 strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
148 sk.typei = keytype_from_text(sk.typen, NULL);
149
150 p = PKT_DATA;
151 memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;
152 memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);
153 memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;
154 TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);
155
156 TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));
157 #else
158
159 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
160
161 #endif /* OPENSSL */
162 }
163
164
165 void
test_VerifySHA1(void)166 test_VerifySHA1(void)
167 {
168 #ifdef OPENSSL
169
170 const char* PKT_DATA =
171 "sometestdata" /* Data */
172 "\0\0\0\0" /* Key-ID (unused) */
173 "\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce" /* MAC */
174 "\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1";
175 const int PKT_LEN = 12;
176 struct key sha1;
177
178 sha1.next = NULL;
179 sha1.key_id = 0;
180 sha1.key_len = 7;
181 memcpy(&sha1.key_seq, "sha1key", sha1.key_len);
182 strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
183 sha1.typei = keytype_from_text(sha1.typen, NULL);
184
185 TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1));
186
187 #else
188
189 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
190
191 #endif /* OPENSSL */
192 }
193
194
195 void
test_VerifyCMAC(void)196 test_VerifyCMAC(void)
197 {
198 struct key cmac;
199
200 cmac.next = NULL;
201 cmac.key_id = 0;
202 cmac.key_len = CMAC_LENGTH;
203 memcpy(&cmac.key_seq, "aes-128-cmac-key", cmac.key_len);
204 memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
205
206 VerifyOpenSSLCMAC(&cmac);
207 VerifyLocalCMAC(&cmac);
208 }
209
210
211 void
VerifyOpenSSLCMAC(struct key * cmac)212 VerifyOpenSSLCMAC(struct key *cmac)
213 {
214 #if defined(OPENSSL) && defined(ENABLE_CMAC)
215
216 /* XXX: HMS: auth_md5 must be renamed/incorrect. */
217 // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac));
218 TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping...");
219
220 #else
221
222 TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");
223
224 #endif /* OPENSSL */
225 return;
226 }
227
228
229 void
VerifyLocalCMAC(struct key * cmac)230 VerifyLocalCMAC(struct key *cmac)
231 {
232
233 /* XXX: HMS: auth_md5 must be renamed/incorrect. */
234 // TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac));
235
236 TEST_IGNORE_MESSAGE("Hook in the local AES-128-CMAC check!");
237
238 return;
239 }
240
241
242 void
test_VerifyFailure(void)243 test_VerifyFailure(void)
244 {
245 /*
246 * We use a copy of test_VerifySHAKE128(), but modify the
247 * last packet octet to make sure verification fails.
248 */
249 #ifdef OPENSSL
250 const char KEY[] = "SHAKE128 unit test key";
251 const u_char PAYLOAD[] = "packettestdata1_";
252 /* last packet byte different */
253 const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
254 const u_char EXPECTED_DIGEST[] =
255 "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
256 "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
257 const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;
258 struct key sk;
259 u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)
260 + DIGEST_LEN];
261 u_char *p;
262
263 sk.next = NULL;
264 sk.key_id = 0;
265 sk.key_len = sizeof(KEY) - 1;
266 memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
267 strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
268 sk.typei = keytype_from_text(sk.typen, NULL);
269
270 p = PKT_DATA;
271 memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;
272 memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);
273 memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;
274 TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);
275
276 TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));
277 #else
278
279 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
280
281 #endif /* OPENSSL */
282 }
283
284
285 void
test_PacketSizeNotMultipleOfFourBytes(void)286 test_PacketSizeNotMultipleOfFourBytes(void)
287 {
288 /*
289 * We use a copy of test_MakeSHAKE128Mac(), but modify
290 * the packet length to 17.
291 */
292 #ifdef OPENSSL
293
294 const char KEY[] = "SHAKE128 unit test key";
295 const u_char PAYLOAD[] = "packettestdata_17";
296 const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
297 const u_char EXPECTED_DIGEST[] =
298 "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
299 "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
300 u_char actual[sizeof(EXPECTED_DIGEST) - 1];
301 struct key sk;
302
303 sk.next = NULL;
304 sk.key_id = 10;
305 sk.key_len = sizeof(KEY) - 1;
306 memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
307 strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
308 sk.typei = keytype_from_text(sk.typen, NULL);
309
310 TEST_ASSERT_EQUAL(0,
311 make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,
312 sizeof(actual)));
313 #else
314
315 TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
316
317 #endif /* OPENSSL */
318 }
319