1 /* $NetBSD: a_md5encrypt.c,v 1.4 2024/08/18 20:47:26 christos Exp $ */ 2 3 #include "config.h" 4 #include "unity.h" 5 6 #ifdef OPENSSL 7 # include "openssl/err.h" 8 # include "openssl/rand.h" 9 # include "openssl/evp.h" 10 #endif 11 #include "ntp.h" 12 #include "ntp_stdlib.h" 13 14 15 /* 16 * Example packet with SHA1 hash calculated manually: 17 * echo -n abcdefghijklmnopqrstuvwx | openssl sha1 - 18 */ 19 #ifdef OPENSSL 20 const keyid_t keyId = 42; 21 const int keytype = NID_sha1; 22 const u_char key[] = "abcdefgh"; 23 const size_t keyLength = sizeof(key) - 1; 24 const u_char payload[] = "ijklmnopqrstuvwx"; 25 #define payloadLength (sizeof(payload) - 1) 26 #define keyIdLength (sizeof(keyid_t)) 27 #define digestLength SHA1_LENGTH 28 #define packetLength (payloadLength + keyIdLength + digestLength) 29 union { 30 u_char u8 [packetLength]; 31 uint32_t u32[1]; 32 } expectedPacket = 33 { 34 { 35 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 36 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 37 0x00, 0x00, 0x00, 0x00, 38 0xd7, 0x17, 0xe2, 0x2e, 39 0x16, 0x59, 0x30, 0x5f, 40 0xad, 0x6e, 0xf0, 0x88, 41 0x64, 0x92, 0x3d, 0xb6, 42 0x4a, 0xba, 0x9c, 0x08 43 } 44 }; 45 union { 46 u_char u8 [packetLength]; 47 uint32_t u32[1]; 48 } invalidPacket = 49 { 50 { 51 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 52 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 53 0x00, 0x00, 0x00, 0x00, 54 0xd7, 0x17, 0xe2, 0x2e, 55 0x16, 0x59, 0x30, 0x5f, 56 0xad, 0x6e, 0xf0, 0x88, 57 0x64, 0x92, 0x3d, 0xb6, 58 0x4a, 0xba, 0x9c, 0xff 59 } 60 }; /* same as expectedPacket but with last octet modified */ 61 #endif /* OPENSSL */ 62 63 u_long current_time = 4; 64 65 void test_Encrypt(void); 66 void test_DecryptValid(void); 67 void test_DecryptInvalid(void); 68 void test_IPv4AddressToRefId(void); 69 void test_IPv6AddressToRefId(void); 70 71 72 void 73 test_Encrypt(void) 74 { 75 #ifndef OPENSSL 76 TEST_IGNORE_MESSAGE("non-SSL build"); 77 #else 78 u_int32 *packetPtr; 79 size_t length; 80 81 packetPtr = emalloc_zero(packetLength); 82 memcpy(packetPtr, payload, payloadLength); 83 84 length = MD5authencrypt(keytype, key, keyLength, 85 packetPtr, payloadLength); 86 87 TEST_ASSERT_EQUAL(MAX_SHA1_LEN, length); 88 89 TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr, 90 payloadLength, MAX_SHA1_LEN, keyId)); 91 TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, packetLength); 92 93 free(packetPtr); 94 #endif /* OPENSSL */ 95 } 96 97 void 98 test_DecryptValid(void) 99 { 100 #ifndef OPENSSL 101 TEST_IGNORE_MESSAGE("non-SSL build"); 102 #else 103 TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, 104 expectedPacket.u32, payloadLength, 105 MAX_SHA1_LEN, keyId)); 106 #endif /* OPENSSL */ 107 } 108 109 void 110 test_DecryptInvalid(void) 111 { 112 #ifndef OPENSSL 113 TEST_IGNORE_MESSAGE("non-SSL build"); 114 #else 115 TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength, 116 invalidPacket.u32, payloadLength, 117 MAX_SHA1_LEN, keyId)); 118 #endif /* OPENSSL */ 119 } 120 121 void 122 test_IPv4AddressToRefId(void) 123 { 124 sockaddr_u addr; 125 u_int32 addr4n; 126 127 AF(&addr) = AF_INET; 128 SET_PORT(&addr, htons(80)); 129 addr4n = inet_addr("192.0.2.1"); 130 NSRCADR(&addr) = addr4n; 131 132 TEST_ASSERT_EQUAL_UINT32(addr4n, addr2refid(&addr)); 133 } 134 135 void 136 test_IPv6AddressToRefId(void) { 137 const int expected = 0x75cffd52; 138 const struct in6_addr address = { { { 139 0x20, 0x01, 0x0d, 0xb8, 140 0x85, 0xa3, 0x08, 0xd3, 141 0x13, 0x19, 0x8a, 0x2e, 142 0x03, 0x70, 0x73, 0x34 143 } } }; 144 sockaddr_u addr; 145 146 AF(&addr) = AF_INET6; 147 SOCK_ADDR6(&addr) = address; 148 149 TEST_ASSERT_EQUAL(expected, addr2refid(&addr)); 150 } 151