4 #include "networking.h"
5 #include "ntp_stdlib.h"
8 #define CMAC "AES128CMAC"
12 const char * Version = "stub unit test Version string";
14 /* Hacks into the key database. */
15 extern struct key* key_ptr;
19 void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq);
20 void PrepareAuthenticationTestMD5(int key_id,int key_len,const void* key_seq);
23 void test_TooShortLength(void);
24 void test_LengthNotMultipleOfFour(void);
25 void test_TooShortExtensionFieldLength(void);
26 void test_UnauthenticatedPacketReject(void);
27 void test_CryptoNAKPacketReject(void);
28 void test_AuthenticatedPacketInvalid(void);
29 void test_AuthenticatedPacketUnknownKey(void);
30 void test_ServerVersionTooOld(void);
31 void test_ServerVersionTooNew(void);
32 void test_NonWantedMode(void);
33 void test_KoDRate(void);
34 void test_KoDDeny(void);
35 void test_RejectUnsyncedServer(void);
36 void test_RejectWrongResponseServerMode(void);
37 void test_AcceptNoSentPacketBroadcastMode(void);
38 void test_CorrectUnauthenticatedPacket(void);
39 void test_CorrectAuthenticatedPacketMD5(void);
40 void test_CorrectAuthenticatedPacketSHA1(void);
41 void test_CorrectAuthenticatedPacketCMAC(void);
43 /* [Bug 2998] There are some issues whith the definition of 'struct pkt'
44 * when AUTOKEY is undefined -- the formal struct is too small to hold
45 * all the extension fields that are going to be tested. We have to make
46 * sure we have the extra bytes, or the test yield undefined results due
50 # define EXTRA_BUFSIZE 256
52 # define EXTRA_BUFSIZE 0
57 u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE];
60 static union tpkt testpkt;
61 static union tpkt testspkt;
62 static sockaddr_u testsock;
67 PrepareAuthenticationTest(
75 snprintf(str, 25, "%d", key_id);
76 ActivateOption("-a", str);
79 key_ptr = emalloc(sizeof(struct key));
81 key_ptr->key_id = key_id;
82 key_ptr->key_len = key_len;
83 memcpy(key_ptr->typen, type, strlen(type) + 1);
85 TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));
87 memcpy(key_ptr->key_seq, key_seq, key_ptr->key_len);
93 PrepareAuthenticationTestMD5(
99 PrepareAuthenticationTest(key_id, key_len, "MD5", key_seq);
108 restoreKeyDb = false;
110 /* Initialize the test packet and socket,
111 * so they contain at least some valid data.
113 testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION,
115 testpkt.p.stratum = STRATUM_REFCLOCK;
116 memcpy(&testpkt.p.refid, "GPS\0", 4);
118 /* Set the origin timestamp of the received packet to the
119 * same value as the transmit timestamp of the sent packet.
125 HTONL_FP(&tmp, &testpkt.p.org);
126 HTONL_FP(&tmp, &testspkt.p.xmt);
139 sntptest_destroy(); /* only on the final test!! if counter == 0 etc... */
144 test_TooShortLength(void)
146 TEST_ASSERT_EQUAL(PACKET_UNUSEABLE,
147 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC - 1,
148 MODE_SERVER, &testspkt.p, "UnitTest"));
149 TEST_ASSERT_EQUAL(PACKET_UNUSEABLE,
150 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC - 1,
151 MODE_BROADCAST, &testspkt.p, "UnitTest"));
156 test_LengthNotMultipleOfFour(void)
158 TEST_ASSERT_EQUAL(PACKET_UNUSEABLE,
159 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC + 6,
160 MODE_SERVER, &testspkt.p, "UnitTest"));
161 TEST_ASSERT_EQUAL(PACKET_UNUSEABLE,
162 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC + 3,
163 MODE_BROADCAST, &testspkt.p, "UnitTest"));
168 test_TooShortExtensionFieldLength(void)
170 /* [Bug 2998] We have to get around the formal specification of
171 * the extension field if AUTOKEY is undefined. (At least CLANG
172 * issues a warning in this case. It's just a warning, but
175 uint32_t * pe = testpkt.p.exten + 7;
177 /* The lower 16-bits are the length of the extension field.
178 * This lengths must be multiples of 4 bytes, which gives
179 * a minimum of 4 byte extension field length.
181 *pe = htonl(3); /* 3 bytes is too short. */
183 /* We send in a pkt_len of header size + 4 byte extension
184 * header + 24 byte MAC, this prevents the length error to
185 * be caught at an earlier stage
187 int pkt_len = LEN_PKT_NOMAC + 4 + 24;
189 TEST_ASSERT_EQUAL(PACKET_UNUSEABLE,
190 process_pkt(&testpkt.p, &testsock, pkt_len,
191 MODE_SERVER, &testspkt.p, "UnitTest"));
196 test_UnauthenticatedPacketReject(void)
198 /* Activate authentication option */
199 ActivateOption("-a", "123");
200 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
202 int pkt_len = LEN_PKT_NOMAC;
204 /* We demand authentication, but no MAC header is present. */
205 TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
206 process_pkt(&testpkt.p, &testsock, pkt_len,
207 MODE_SERVER, &testspkt.p, "UnitTest"));
212 test_CryptoNAKPacketReject(void)
214 /* Activate authentication option */
215 ActivateOption("-a", "123");
216 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
218 int pkt_len = LEN_PKT_NOMAC + 4; /* + 4 byte MAC = Crypto-NAK */
220 TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
221 process_pkt(&testpkt.p, &testsock, pkt_len,
222 MODE_SERVER, &testspkt.p, "UnitTest"));
227 test_AuthenticatedPacketInvalid(void)
229 /* Activate authentication option */
230 PrepareAuthenticationTestMD5(50, 9, "123456789");
231 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
233 /* Prepare the packet. */
234 int pkt_len = LEN_PKT_NOMAC;
236 testpkt.p.exten[0] = htonl(50);
237 int mac_len = make_mac(&testpkt.p, pkt_len,
238 MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
239 &testpkt.p.exten[1]);
241 pkt_len += 4 + mac_len;
243 /* Now, alter the MAC so it becomes invalid. */
244 testpkt.p.exten[1] += 1;
246 TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
247 process_pkt(&testpkt.p, &testsock, pkt_len,
248 MODE_SERVER, &testspkt.p, "UnitTest"));
253 test_AuthenticatedPacketUnknownKey(void)
255 /* Activate authentication option */
256 PrepareAuthenticationTestMD5(30, 9, "123456789");
257 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
259 /* Prepare the packet. Note that the Key-ID expected is 30, but
260 * the packet has a key id of 50.
262 int pkt_len = LEN_PKT_NOMAC;
264 testpkt.p.exten[0] = htonl(50);
265 int mac_len = make_mac(&testpkt.p, pkt_len,
266 MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
267 &testpkt.p.exten[1]);
268 pkt_len += KEY_MAC_LEN + mac_len;
270 TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
271 process_pkt(&testpkt.p, &testsock, pkt_len,
272 MODE_SERVER, &testspkt.p, "UnitTest"));
277 test_ServerVersionTooOld(void)
279 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
281 testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING,
284 TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION);
286 int pkt_len = LEN_PKT_NOMAC;
288 TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,
289 process_pkt(&testpkt.p, &testsock, pkt_len,
290 MODE_SERVER, &testspkt.p, "UnitTest"));
295 test_ServerVersionTooNew(void)
297 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
299 testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING,
302 TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) > NTP_VERSION);
304 int pkt_len = LEN_PKT_NOMAC;
306 TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,
307 process_pkt(&testpkt.p, &testsock, pkt_len,
308 MODE_SERVER, &testspkt.p, "UnitTest"));
313 test_NonWantedMode(void)
315 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
317 testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING,
321 /* The packet has a mode of MODE_CLIENT, but process_pkt expects
324 TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,
325 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
326 MODE_SERVER, &testspkt.p, "UnitTest"));
334 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
336 testpkt.p.stratum = STRATUM_PKT_UNSPEC;
337 memcpy(&testpkt.p.refid, "RATE", 4);
339 TEST_ASSERT_EQUAL(KOD_RATE,
340 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
341 MODE_SERVER, &testspkt.p, "UnitTest"));
348 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
350 testpkt.p.stratum = STRATUM_PKT_UNSPEC;
351 memcpy(&testpkt.p.refid, "DENY", 4);
353 TEST_ASSERT_EQUAL(KOD_DEMOBILIZE,
354 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
355 MODE_SERVER, &testspkt.p, "UnitTest"));
360 test_RejectUnsyncedServer(void)
362 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
364 testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC,
368 TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,
369 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
370 MODE_SERVER, &testspkt.p, "UnitTest"));
375 test_RejectWrongResponseServerMode(void)
377 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
382 HTONL_FP(&tmp, &testpkt.p.org);
386 HTONL_FP(&tmp, &testspkt.p.xmt);
388 TEST_ASSERT_EQUAL(PACKET_UNUSEABLE,
389 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
390 MODE_SERVER, &testspkt.p, "UnitTest"));
395 test_AcceptNoSentPacketBroadcastMode(void)
397 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
399 testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING,
403 TEST_ASSERT_EQUAL(LEN_PKT_NOMAC,
404 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
405 MODE_BROADCAST, NULL, "UnitTest"));
410 test_CorrectUnauthenticatedPacket(void)
412 TEST_ASSERT_FALSE(ENABLED_OPT(AUTHENTICATION));
414 TEST_ASSERT_EQUAL(LEN_PKT_NOMAC,
415 process_pkt(&testpkt.p, &testsock, LEN_PKT_NOMAC,
416 MODE_SERVER, &testspkt.p, "UnitTest"));
421 test_CorrectAuthenticatedPacketMD5(void)
423 PrepareAuthenticationTestMD5(10, 15, "123456789abcdef");
424 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
426 int pkt_len = LEN_PKT_NOMAC;
428 /* Prepare the packet. */
429 testpkt.p.exten[0] = htonl(10);
430 int mac_len = make_mac(&testpkt.p, pkt_len,
431 MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
432 &testpkt.p.exten[1]);
434 pkt_len += KEY_MAC_LEN + mac_len;
436 TEST_ASSERT_EQUAL(pkt_len,
437 process_pkt(&testpkt.p, &testsock, pkt_len,
438 MODE_SERVER, &testspkt.p, "UnitTest"));
443 test_CorrectAuthenticatedPacketSHA1(void)
445 PrepareAuthenticationTest(20, 15, "SHA1", "abcdefghijklmno");
446 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
448 int pkt_len = LEN_PKT_NOMAC;
450 /* Prepare the packet. */
451 testpkt.p.exten[0] = htonl(20);
452 int mac_len = make_mac(&testpkt.p, pkt_len,
453 MAX_MDG_LEN, key_ptr,
454 &testpkt.p.exten[1]);
456 pkt_len += KEY_MAC_LEN + mac_len;
458 TEST_ASSERT_EQUAL(pkt_len,
459 process_pkt(&testpkt.p, &testsock, pkt_len,
460 MODE_SERVER, &testspkt.p, "UnitTest"));
465 test_CorrectAuthenticatedPacketCMAC(void)
467 #if defined(OPENSSL) && defined(ENABLE_CMAC)
469 PrepareAuthenticationTest(30, CMAC_LENGTH, CMAC, "abcdefghijklmnop");
470 TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
472 int pkt_len = LEN_PKT_NOMAC;
474 /* Prepare the packet. */
475 testpkt.p.exten[0] = htonl(30);
476 int mac_len = make_mac(&testpkt.p, pkt_len,
477 MAX_MAC_LEN, key_ptr,
478 &testpkt.p.exten[1]);
480 pkt_len += 4 + mac_len;
482 TEST_ASSERT_EQUAL(pkt_len,
483 process_pkt(&testpkt.p, &testsock, pkt_len,
484 MODE_SERVER, &testspkt.p, "UnitTest"));
488 TEST_IGNORE_MESSAGE("OpenSSL CMAC not used, skipping...");