10eaf192dSyasuoka #include "incs.h" 20eaf192dSyasuoka 30eaf192dSyasuoka #include <openssl/hmac.h> 40eaf192dSyasuoka 50eaf192dSyasuoka /* 60eaf192dSyasuoka * Message-Authenticator attribute 70eaf192dSyasuoka */ 80eaf192dSyasuoka 90eaf192dSyasuoka void test23(void) 100eaf192dSyasuoka { 110eaf192dSyasuoka RADIUS_PACKET *packet; 120eaf192dSyasuoka RADIUS_PACKET *response; 13a6a31120Stb HMAC_CTX *ctx; 140eaf192dSyasuoka 150eaf192dSyasuoka uint8_t packetdata[] = { 160eaf192dSyasuoka RADIUS_CODE_ACCESS_REQUEST, 0x7f, 0, 48, 170eaf192dSyasuoka 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */ 180eaf192dSyasuoka RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19*3922ab9dSyasuoka 10, 10, 'h', 'o', 'g', 'e', 'f', 'u', 'g', 'a', 200eaf192dSyasuoka }; 210eaf192dSyasuoka uint8_t responsedata[] = { 220eaf192dSyasuoka RADIUS_CODE_ACCESS_ACCEPT, 0x7f, 0, 49, 230eaf192dSyasuoka 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* auth */ 240eaf192dSyasuoka RADIUS_TYPE_MESSAGE_AUTHENTICATOR, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 25*3922ab9dSyasuoka 10, 11, 'f', 'o', 'o', 'b', 'a', 'r', 'b', 'a', 'z', 260eaf192dSyasuoka }; 270eaf192dSyasuoka 280eaf192dSyasuoka packet = radius_new_request_packet(RADIUS_CODE_ACCESS_REQUEST); 290eaf192dSyasuoka radius_set_id(packet, 0x7f); 300eaf192dSyasuoka radius_put_string_attr(packet, 10, "hogefuga"); 310eaf192dSyasuoka radius_put_message_authenticator(packet, "sharedsecret"); 320eaf192dSyasuoka 330eaf192dSyasuoka radius_get_authenticator(packet, packetdata + 4); 34*3922ab9dSyasuoka HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + 22, NULL); 350eaf192dSyasuoka 360eaf192dSyasuoka CHECK(radius_get_length(packet) == sizeof(packetdata)); 370eaf192dSyasuoka CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0); 380eaf192dSyasuoka CHECK(radius_check_message_authenticator(packet, "sharedsecret") == 0); 390eaf192dSyasuoka 400eaf192dSyasuoka response = radius_new_response_packet(RADIUS_CODE_ACCESS_ACCEPT, packet); 410eaf192dSyasuoka radius_put_string_attr(response, 10, "foobarbaz"); 420eaf192dSyasuoka radius_put_message_authenticator(response, "sharedsecret"); 430eaf192dSyasuoka 440eaf192dSyasuoka radius_get_authenticator(response, responsedata + 4); 45a6a31120Stb ctx = HMAC_CTX_new(); 46a6a31120Stb HMAC_Init_ex(ctx, "sharedsecret", 12, EVP_md5(), NULL); 47a6a31120Stb HMAC_Update(ctx, responsedata, 4); 48a6a31120Stb HMAC_Update(ctx, packetdata + 4, 16); 49a6a31120Stb HMAC_Update(ctx, responsedata + 20, sizeof(responsedata) - 20); 50*3922ab9dSyasuoka HMAC_Final(ctx, responsedata + 22, NULL); 51a6a31120Stb HMAC_CTX_free(ctx); 520eaf192dSyasuoka 530eaf192dSyasuoka CHECK(radius_get_length(response) == sizeof(responsedata)); 540eaf192dSyasuoka CHECK(memcmp(radius_get_data(response), responsedata, sizeof(responsedata)) == 0); 550eaf192dSyasuoka CHECK(radius_check_message_authenticator(response, "sharedsecret") == 0); 560eaf192dSyasuoka 570eaf192dSyasuoka radius_set_raw_attr(packet, 10, "hogefuge", 8); 580eaf192dSyasuoka CHECK(radius_check_message_authenticator(packet, "sharedsecret") != 0); 590eaf192dSyasuoka radius_set_raw_attr(response, 10, "zapzapzap", 9); 600eaf192dSyasuoka CHECK(radius_check_message_authenticator(response, "sharedsecret") != 0); 610eaf192dSyasuoka 620eaf192dSyasuoka radius_set_raw_attr(packet, 10, "hogefuga", 8); 630eaf192dSyasuoka radius_set_id(packet, 0xff); 640eaf192dSyasuoka radius_set_message_authenticator(packet, "sharedsecret"); 650eaf192dSyasuoka packetdata[1] = 0xff; 66*3922ab9dSyasuoka memset(packetdata + 22, 0, 16); 67*3922ab9dSyasuoka HMAC(EVP_md5(), "sharedsecret", 12, packetdata, sizeof(packetdata), packetdata + 22, NULL); 680eaf192dSyasuoka CHECK(memcmp(radius_get_data(packet), packetdata, sizeof(packetdata)) == 0); 690eaf192dSyasuoka } 700eaf192dSyasuoka 710eaf192dSyasuoka ADD_TEST(test23) 72