1 #include "incs.h" 2 3 #include <openssl/hmac.h> 4 5 /* 6 * Message-Authenticator attribute 7 */ 8 9 void test23(void) 10 { 11 RADIUS_PACKET *packet; 12 RADIUS_PACKET *response; 13 HMAC_CTX ctx; 14 15 uint8_t packetdata[] = { 16 RADIUS_CODE_ACCESS_REQUEST, 0x7f, 0, 48, 17 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */ 18 10, 10, 'h', 'o', 'g', 'e', 'f', 'u', 'g', 'a', 19 RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20 }; 21 uint8_t responsedata[] = { 22 RADIUS_CODE_ACCESS_ACCEPT, 0x7f, 0, 49, 23 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */ 24 10, 11, 'f', 'o', 'o', 'b', 'a', 'r', 'b', 'a', 'z', 25 RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 26 }; 27 28 packet = radius_new_request_packet(RADIUS_CODE_ACCESS_REQUEST); 29 radius_set_id(packet, 0x7f); 30 radius_put_string_attr(packet, 10, "hogefuga"); 31 radius_put_message_authenticator(packet, "sharedsecret"); 32 33 radius_get_authenticator(packet, packetdata + 4); 34 HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + sizeof(packetdata) - 16, NULL); 35 36 CHECK(radius_get_length(packet) == sizeof(packetdata)); 37 CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0); 38 CHECK(radius_check_message_authenticator(packet, "sharedsecret") == 0); 39 40 response = radius_new_response_packet(RADIUS_CODE_ACCESS_ACCEPT, packet); 41 radius_put_string_attr(response, 10, "foobarbaz"); 42 radius_put_message_authenticator(response, "sharedsecret"); 43 44 radius_get_authenticator(response, responsedata + 4); 45 HMAC_Init(&ctx, "sharedsecret", 12, EVP_md5()); 46 HMAC_Update(&ctx, responsedata, 4); 47 HMAC_Update(&ctx, packetdata + 4, 16); 48 HMAC_Update(&ctx, responsedata + 20, sizeof(responsedata) - 20); 49 HMAC_Final(&ctx, responsedata + sizeof(responsedata) - 16, NULL); 50 HMAC_cleanup(&ctx); 51 52 CHECK(radius_get_length(response) == sizeof(responsedata)); 53 CHECK(memcmp(radius_get_data(response), responsedata, sizeof(responsedata)) == 0); 54 CHECK(radius_check_message_authenticator(response, "sharedsecret") == 0); 55 56 radius_set_raw_attr(packet, 10, "hogefuge", 8); 57 CHECK(radius_check_message_authenticator(packet, "sharedsecret") != 0); 58 radius_set_raw_attr(response, 10, "zapzapzap", 9); 59 CHECK(radius_check_message_authenticator(response, "sharedsecret") != 0); 60 61 radius_set_raw_attr(packet, 10, "hogefuga", 8); 62 radius_set_id(packet, 0xff); 63 radius_set_message_authenticator(packet, "sharedsecret"); 64 packetdata[1] = 0xff; 65 memset(packetdata + sizeof(packetdata) - 16, 0, 16); 66 HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + sizeof(packetdata) - 16, NULL); 67 CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0); 68 } 69 70 ADD_TEST(test23) 71