xref: /openbsd-src/regress/lib/libradius/test23.c (revision 3922ab9dad99a971deeaf3c62d527df8c5b11b24) 
1 #include "incs.h"
2 
3 #include <openssl/hmac.h>
4 
5 /*
6  * Message-Authenticator attribute
7  */
8 
9 void test23(void)
10 {
11 	RADIUS_PACKET *packet;
12 	RADIUS_PACKET *response;
13 	HMAC_CTX *ctx;
14 
15 	uint8_t packetdata[] = {
16 		RADIUS_CODE_ACCESS_REQUEST, 0x7f, 0, 48,
17 		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */
18 		RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
19 		10, 10, 'h', 'o', 'g', 'e', 'f', 'u', 'g', 'a',
20 	};
21 	uint8_t responsedata[] = {
22 		RADIUS_CODE_ACCESS_ACCEPT, 0x7f, 0, 49,
23 		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */
24 		RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
25 		10, 11, 'f', 'o', 'o', 'b', 'a', 'r', 'b', 'a', 'z',
26 	};
27 
28 	packet = radius_new_request_packet(RADIUS_CODE_ACCESS_REQUEST);
29 	radius_set_id(packet, 0x7f);
30 	radius_put_string_attr(packet, 10, "hogefuga");
31 	radius_put_message_authenticator(packet, "sharedsecret");
32 
33 	radius_get_authenticator(packet, packetdata + 4);
34 	HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + 22, NULL);
35 
36 	CHECK(radius_get_length(packet) == sizeof(packetdata));
37 	CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0);
38 	CHECK(radius_check_message_authenticator(packet, "sharedsecret") == 0);
39 
40 	response = radius_new_response_packet(RADIUS_CODE_ACCESS_ACCEPT, packet);
41 	radius_put_string_attr(response, 10, "foobarbaz");
42 	radius_put_message_authenticator(response, "sharedsecret");
43 
44 	radius_get_authenticator(response, responsedata + 4);
45 	ctx = HMAC_CTX_new();
46 	HMAC_Init_ex(ctx, "sharedsecret", 12, EVP_md5(), NULL);
47 	HMAC_Update(ctx, responsedata, 4);
48 	HMAC_Update(ctx, packetdata + 4, 16);
49 	HMAC_Update(ctx, responsedata + 20, sizeof(responsedata) - 20);
50 	HMAC_Final(ctx, responsedata + 22, NULL);
51 	HMAC_CTX_free(ctx);
52 
53 	CHECK(radius_get_length(response) == sizeof(responsedata));
54 	CHECK(memcmp(radius_get_data(response), responsedata, sizeof(responsedata)) == 0);
55 	CHECK(radius_check_message_authenticator(response, "sharedsecret") == 0);
56 
57 	radius_set_raw_attr(packet, 10, "hogefuge", 8);
58 	CHECK(radius_check_message_authenticator(packet, "sharedsecret") != 0);
59 	radius_set_raw_attr(response, 10, "zapzapzap", 9);
60 	CHECK(radius_check_message_authenticator(response, "sharedsecret") != 0);
61 
62 	radius_set_raw_attr(packet, 10, "hogefuga", 8);
63 	radius_set_id(packet, 0xff);
64 	radius_set_message_authenticator(packet, "sharedsecret");
65 	packetdata[1] = 0xff;
66 	memset(packetdata + 22, 0, 16);
67 	HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + 22, NULL);
68 	CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0);
69 }
70 
71 ADD_TEST(test23)
72