crypto.c revision 338531 
1#include "config.h"
2#include "unity.h"
3#include "ntp_types.h"
4
5#include "sntptest.h"
6#include "crypto.h"
7
8#define CMAC "AES128CMAC"
9
10#define MD5_LENGTH 16
11#define SHA1_LENGTH 20
12#define CMAC_LENGTH 16
13
14
15void test_MakeMd5Mac(void);
16void test_MakeSHA1Mac(void);
17void test_MakeCMac(void);
18void test_VerifyCorrectMD5(void);
19void test_VerifySHA1(void);
20void test_VerifyCMAC(void);
21void test_VerifyFailure(void);
22void test_PacketSizeNotMultipleOfFourBytes(void);
23
24void VerifyLocalCMAC(struct key *cmac);
25void VerifyOpenSSLCMAC(struct key *cmac);
26
27
28void
29test_MakeMd5Mac(void)
30{
31	const char* PKT_DATA = "abcdefgh0123";
32	const int PKT_LEN = strlen(PKT_DATA);
33	const char* EXPECTED_DIGEST =
34		"\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b";
35	char actual[MD5_LENGTH];
36
37	struct key md5;
38	md5.next = NULL;
39	md5.key_id = 10;
40	md5.key_len = 6;
41	memcpy(&md5.key_seq, "md5seq", md5.key_len);
42	strlcpy(md5.typen, "MD5", sizeof(md5.typen));
43	md5.typei = keytype_from_text(md5.typen, NULL);
44
45	TEST_ASSERT_EQUAL(MD5_LENGTH,
46			  make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
47
48	TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);
49}
50
51
52void
53test_MakeSHA1Mac(void)
54{
55#ifdef OPENSSL
56
57	const char* PKT_DATA = "abcdefgh0123";
58	const int PKT_LEN = strlen(PKT_DATA);
59	const char* EXPECTED_DIGEST =
60		"\x17\xaa\x82\x97\xc7\x17\x13\x6a\x9b\xa9"
61		"\x63\x85\xb4\xce\xbe\x94\xa0\x97\x16\x1d";
62	char actual[SHA1_LENGTH];
63
64	struct key sha1;
65	sha1.next = NULL;
66	sha1.key_id = 20;
67	sha1.key_len = 7;
68	memcpy(&sha1.key_seq, "sha1seq", sha1.key_len);
69	strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
70	sha1.typei = keytype_from_text(sha1.typen, NULL);
71
72	TEST_ASSERT_EQUAL(SHA1_LENGTH,
73			  make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual));
74
75	TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);
76
77#else
78
79	TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
80
81#endif	/* OPENSSL */
82}
83
84
85void
86test_MakeCMac(void)
87{
88#if defined(OPENSSL) && defined(ENABLE_CMAC)
89
90	const char* PKT_DATA = "abcdefgh0123";
91	const int PKT_LEN = strlen(PKT_DATA);
92	const char* EXPECTED_DIGEST =
93		"\xdd\x35\xd5\xf5\x14\x23\xd9\xd6"
94		"\x38\x5d\x29\x80\xfe\x51\xb9\x6b";
95	char actual[CMAC_LENGTH];
96
97	struct key cmac;
98	cmac.next = NULL;
99	cmac.key_id = 30;
100	cmac.key_len = CMAC_LENGTH;
101	memcpy(&cmac.key_seq, "aes-128-cmac-seq", cmac.key_len);
102	memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
103
104	TEST_ASSERT_EQUAL(CMAC_LENGTH,
105		    make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual));
106
107	TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);
108
109#else
110
111	TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
112
113#endif	/* OPENSSL */
114}
115
116
117void
118test_VerifyCorrectMD5(void)
119{
120	const char* PKT_DATA =
121	    "sometestdata"			/* Data */
122	    "\0\0\0\0"				/* Key-ID (unused) */
123	    "\xc7\x58\x99\xdd\x99\x32\x0f\x71"	/* MAC */
124	    "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac";
125	const int PKT_LEN = 12;
126
127	struct key md5;
128	md5.next = NULL;
129	md5.key_id = 0;
130	md5.key_len = 6;
131	memcpy(&md5.key_seq, "md5key", md5.key_len);
132	strlcpy(md5.typen, "MD5", sizeof(md5.typen));
133	md5.typei = keytype_from_text(md5.typen, NULL);
134
135	TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
136}
137
138
139void
140test_VerifySHA1(void)
141{
142#ifdef OPENSSL
143
144	const char* PKT_DATA =
145	    "sometestdata"				/* Data */
146	    "\0\0\0\0"					/* Key-ID (unused) */
147	    "\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce"	/* MAC */
148	    "\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1";
149	const int PKT_LEN = 12;
150
151	struct key sha1;
152	sha1.next = NULL;
153	sha1.key_id = 0;
154	sha1.key_len = 7;
155	memcpy(&sha1.key_seq, "sha1key", sha1.key_len);
156	strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen));
157	sha1.typei = keytype_from_text(sha1.typen, NULL);
158
159	TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1));
160
161#else
162
163	TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
164
165#endif	/* OPENSSL */
166}
167
168
169void
170test_VerifyCMAC(void)
171{
172	const char* PKT_DATA =
173	    "sometestdata"				/* Data */
174	    "\0\0\0\0"					/* Key-ID (unused) */
175	    "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf"		/* MAC */
176	    "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b";
177	const int PKT_LEN = 12;
178	struct key cmac;
179
180	cmac.next = NULL;
181	cmac.key_id = 0;
182	cmac.key_len = CMAC_LENGTH;
183	memcpy(&cmac.key_seq, "aes-128-cmac-key", cmac.key_len);
184	memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
185
186	VerifyOpenSSLCMAC(&cmac);
187	VerifyLocalCMAC(&cmac);
188}
189
190
191void
192VerifyOpenSSLCMAC(struct key *cmac)
193{
194#if defined(OPENSSL) && defined(ENABLE_CMAC)
195
196	/* XXX: HMS: auth_md5 must be renamed/incorrect. */
197	// TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac));
198	TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping...");
199
200#else
201
202	TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
203
204#endif	/* OPENSSL */
205	return;
206}
207
208
209void
210VerifyLocalCMAC(struct key *cmac)
211{
212
213	/* XXX: HMS: auth_md5 must be renamed/incorrect. */
214	// TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, CMAC_LENGTH, cmac));
215
216	TEST_IGNORE_MESSAGE("Hook in the local AES-128-CMAC check!");
217
218	return;
219}
220
221
222void
223test_VerifyFailure(void)
224{
225	/* We use a copy of the MD5 verification code, but modify the
226	 * last bit to make sure verification fails.
227	 */
228	const char* PKT_DATA =
229	    "sometestdata"			/* Data */
230	    "\0\0\0\0"				/* Key-ID (unused) */
231	    "\xc7\x58\x99\xdd\x99\x32\x0f\x71"	/* MAC */
232	    "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */
233	const int PKT_LEN = 12;
234
235	struct key md5;
236	md5.next = NULL;
237	md5.key_id = 0;
238	md5.key_len = 6;
239	memcpy(&md5.key_seq, "md5key", md5.key_len);
240	strlcpy(md5.typen, "MD5", sizeof(md5.typen));
241	md5.typei = keytype_from_text(md5.typen, NULL);
242
243	TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
244}
245
246
247void
248test_PacketSizeNotMultipleOfFourBytes(void)
249{
250	const char* PKT_DATA = "123456";
251	const int PKT_LEN = 6;
252	char actual[MD5_LENGTH];
253
254	struct key md5;
255	md5.next = NULL;
256	md5.key_id = 10;
257	md5.key_len = 6;
258	memcpy(&md5.key_seq, "md5seq", md5.key_len);
259	strlcpy(md5.typen, "MD5", sizeof(md5.typen));
260	md5.typei = keytype_from_text(md5.typen, NULL);
261
262	TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
263}
264