---
+* [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org>
* [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe.
<hart@ntp.org>
* [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org>
ascii.h \
audio.h \
binio.h \
+ c99_snprintf.h \
declcond.h \
gps.h \
hopf6039.h \
#define MIN_V4_PKT_LEN (12 * sizeof(u_int32)) /* min header length */
#define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */
#define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */
-#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */
-#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* SHA */
+#define MD5_LENGTH 16
+#define SHAKE128_LENGTH 16
+#define CMAC_LENGTH 16
+#define SHA1_LENGTH 20
#define KEY_MAC_LEN sizeof(u_int32) /* key ID in MAC */
+#define MAX_MD5_LEN (KEY_MAC_LEN + MD5_LENGTH)
+#define MAX_SHAKE128_LEN (KEY_MAC_LEN + SHAKE128_LENGTH)
+#define MAX_SHA1_LEN (KEY_MAC_LEN + SHA1_LENGTH)
+#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* any MAC */
#define MAX_MDG_LEN (MAX_MAC_LEN-KEY_MAC_LEN) /* max. digest len */
/*
#else
if (!EVP_DigestInit(digest_ctx, EVP_get_digestbynid(nid))) {
msyslog(LOG_ERR, "%s init failed", OBJ_nid2sn(nid));
- exit(1);
+ return NULL;
}
return digest_ctx;
/*
* MD5authencrypt - generate message digest
*
- * Returns length of MAC including key ID and digest.
+ * Returns 0 on failure or length of MAC including key ID.
*/
size_t
MD5authencrypt(
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
robuffT msgb = { pkt, length };
- size_t dlen = 0;
+ size_t dlen;
dlen = make_mac(&digb, type, &keyb, &msgb);
- /* If the MAC is longer than the MAX then truncate it. */
- if (dlen > MAX_MDG_LEN)
- dlen = MAX_MDG_LEN;
- memcpy((u_char *)pkt + length + KEY_MAC_LEN, digest, dlen);
+ if (0 == dlen) {
+ return 0;
+ }
+ memcpy((u_char *)pkt + length + KEY_MAC_LEN, digest,
+ min(dlen, MAX_MDG_LEN));
return (dlen + KEY_MAC_LEN);
}
size_t dlen = 0;
dlen = make_mac(&digb, type, &keyb, &msgb);
-
- /* If the MAC is longer than the MAX then truncate it. */
- if (dlen > MAX_MDG_LEN)
- dlen = MAX_MDG_LEN;
- if (size != (size_t)dlen + KEY_MAC_LEN) {
+ if (0 == dlen || size != dlen + KEY_MAC_LEN) {
msyslog(LOG_ERR,
- "MAC decrypt: MAC length error: len=%u key=%d",
- (u_int)size, keyno);
- return (0);
+ "MAC decrypt: MAC length error: %u not %u for key %u",
+ (u_int)size, (u_int)(dlen + KEY_MAC_LEN), keyno);
+ return FALSE;
}
return !isc_tsmemcmp(digest,
(u_char *)pkt + length + KEY_MAC_LEN, dlen);
/*
* The key is found and trusted. Initialize the key cache.
+ * The cache really should be a struct savekey to streamline
+ * this code. Using a sk pointer would be even faster but more
+ * fragile around pointing to freed memory.
*/
cache_keyid = sk->keyid;
cache_type = sk->type;
}
INIT_SSL();
}
-
-#else /* !OPENSSL */
-# define MD5_LENGTH 16
#endif /* OPENSSL */
int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
struct sockaddr_nl sa;
#else
- int fd = socket(PF_ROUTE, SOCK_RAW, 0);
+ int fd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
#endif
if (fd < 0) {
msyslog(LOG_ERR,
typedef struct key Key_T;
-static u_int
+static size_t
compute_mac(
- u_char digest[EVP_MAX_MD_SIZE],
+ u_char * digest,
+ size_t dig_sz,
char const * macname,
void const * pkt_data,
- u_int pkt_size,
+ size_t pkt_len,
void const * key_data,
- u_int key_size
+ size_t key_size
)
{
u_int len = 0;
EVP_aes_128_cbc(), NULL)) {
msyslog(LOG_ERR, "make_mac: CMAC %s Init failed.", CMAC);
}
- else if (!CMAC_Update(ctx, pkt_data, (size_t)pkt_size)) {
+ else if (!CMAC_Update(ctx, pkt_data, pkt_len)) {
msyslog(LOG_ERR, "make_mac: CMAC %s Update failed.", CMAC);
}
else if (!CMAC_Final(ctx, digest, &slen)) {
macname);
goto mac_fail;
}
- if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) {
+ if (!EVP_DigestUpdate(ctx, pkt_data, pkt_len)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.",
macname);
goto mac_fail;
goto mac_fail;
}
EVP_DigestUpdate(ctx, key_data, key_size);
- EVP_DigestUpdate(ctx, pkt_data, pkt_size);
+ EVP_DigestUpdate(ctx, pkt_data, pkt_len);
EVP_DigestFinal(ctx, digest, &len);
#endif
mac_fail:
return len;
}
-int
+
+size_t
make_mac(
const void * pkt_data,
- int pkt_size,
- int mac_size,
+ size_t pkt_len,
Key_T const * cmp_key,
- void * digest
+ void * digest,
+ size_t dig_sz
)
{
u_int len;
u_char dbuf[EVP_MAX_MD_SIZE];
- if (cmp_key->key_len > 64 || mac_size <= 0)
- return 0;
- if (pkt_size % 4 != 0)
+ if (cmp_key->key_len > 64 || pkt_len % 4 != 0) {
return 0;
-
- len = compute_mac(dbuf, cmp_key->typen,
- pkt_data, (u_int)pkt_size,
- cmp_key->key_seq, (u_int)cmp_key->key_len);
-
-
- if (len) {
- if (len > (u_int)mac_size)
- len = (u_int)mac_size;
- memcpy(digest, dbuf, len);
}
- return (int)len;
+ len = compute_mac(dbuf, sizeof(dbuf), cmp_key->typen, pkt_data,
+ pkt_len, cmp_key->key_seq, cmp_key->key_len);
+ INSIST(len <= dig_sz);
+ memcpy(digest, dbuf, len);
+
+ return len;
}
int
auth_md5(
void const * pkt_data,
- int pkt_size,
- int mac_size,
+ size_t pkt_len,
+ size_t mac_len,
Key_T const * cmp_key
)
{
u_char const * pkt_ptr = pkt_data;
u_char dbuf[EVP_MAX_MD_SIZE];
- if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf))
+ if (0 == mac_len || mac_len > sizeof(dbuf)) {
return FALSE;
+ }
+ len = compute_mac(dbuf, sizeof(dbuf), cmp_key->typen,
+ pkt_ptr, pkt_len, cmp_key->key_seq,
+ cmp_key->key_len);
- len = compute_mac(dbuf, cmp_key->typen,
- pkt_ptr, (u_int)pkt_size,
- cmp_key->key_seq, (u_int)cmp_key->key_len);
-
- pkt_ptr += pkt_size + 4;
- if (len > (u_int)mac_size)
- len = (u_int)mac_size;
+ pkt_ptr += pkt_len + sizeof(keyid_t);
/* isc_tsmemcmp will be better when its easy to link with. sntp
* is a 1-shot program, so snooping for timing attacks is
* Harder.
*/
- return ((u_int)mac_size == len) && !memcmp(dbuf, pkt_ptr, len);
+ return mac_len == len && !memcmp(dbuf, pkt_ptr, mac_len);
}
static int
*/
void
get_key(
- int key_id,
- struct key **d_key
+ keyid_t key_id,
+ struct key ** d_key
)
{
struct key *itr_key;
- if (key_cnt == 0)
+ if (key_cnt == 0) {
return;
+ }
for (itr_key = key_ptr; itr_key; itr_key = itr_key->next) {
if (itr_key->key_id == key_id) {
*d_key = itr_key;
struct key {
struct key * next;
- int key_id;
- int key_len;
+ keyid_t key_id;
+ size_t key_len;
int typei;
char typen[20];
char key_seq[64];
};
extern int auth_init(const char *keyfile, struct key **keys);
-extern void get_key(int key_id, struct key **d_key);
-extern int make_mac(const void *pkt_data, int pkt_size, int mac_size,
- const struct key *cmp_key, void *digest);
-extern int auth_md5(const void *pkt_data, int pkt_size, int mac_size,
- const struct key *cmp_key);
+extern void get_key(keyid_t key_id, struct key **d_key);
+extern size_t make_mac(const void *pkt_data, size_t pkt_len,
+ const struct key *cmp_key, void *digest,
+ size_t dig_sz);
+extern int auth_md5(const void *pkt_data, size_t pkt_len,
+ size_t dig_len, const struct key *cmp_key);
#endif
sock6 = INVALID_SOCKET;
}
if (INVALID_SOCKET != bsock4) {
- closesocket(sock4);
- sock4 = INVALID_SOCKET;
+ closesocket(bsock4);
+ bsock4 = INVALID_SOCKET;
}
if (INVALID_SOCKET != bsock6) {
- closesocket(sock6);
- sock6 = INVALID_SOCKET;
+ closesocket(bsock6);
+ bsock6 = INVALID_SOCKET;
}
}
#endif
{
blocking_child * c;
- DEBUG_INSIST(EV_READ & what);
+ REQUIRE(EV_READ & what);
c = ctx;
- DEBUG_INSIST(fd == c->resp_read_pipe);
+ INSIST(fd == c->resp_read_pipe);
process_blocking_resp(c);
}
ev_worker_timeout = event_new(base, -1,
EV_TIMEOUT | EV_PERSIST,
&worker_timeout, NULL);
- DEBUG_INSIST(NULL != ev_worker_timeout);
+ INSIST(NULL != ev_worker_timeout);
} else {
event_del(ev_worker_timeout);
}
UNUSED_ARG(fd);
UNUSED_ARG(ctx);
- DEBUG_REQUIRE(EV_TIMEOUT & what);
+ REQUIRE(EV_TIMEOUT & what);
worker_idle_timer_fired();
}
}
if (pkt_key != NULL) {
x_pkt->exten[0] = htonl(key_id);
- mac_size = make_mac(x_pkt, pkt_len, MAX_MDG_LEN,
- pkt_key, (char *)&x_pkt->exten[1]);
+ mac_size = make_mac(x_pkt, pkt_len, pkt_key,
+ (char *)&x_pkt->exten[1], MAX_MDG_LEN);
if (mac_size > 0)
pkt_len += mac_size + KEY_MAC_LEN;
#ifdef DEBUG
#define CMAC "AES128CMAC"
-#define MD5_LENGTH 16
#define SHA1_LENGTH 20
#define CMAC_LENGTH 16
-void test_MakeMd5Mac(void);
+void test_MakeSHAKE128Mac(void);
void test_MakeSHA1Mac(void);
void test_MakeCMac(void);
-void test_VerifyCorrectMD5(void);
+void test_VerifySHAKE128(void);
void test_VerifySHA1(void);
void test_VerifyCMAC(void);
void test_VerifyFailure(void);
void
-test_MakeMd5Mac(void)
+test_MakeSHAKE128Mac(void)
{
- const char* PKT_DATA = "abcdefgh0123";
- const int PKT_LEN = strlen(PKT_DATA);
- const char* EXPECTED_DIGEST =
- "\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b";
- char actual[MD5_LENGTH];
+#ifdef OPENSSL
- struct key md5;
- md5.next = NULL;
- md5.key_id = 10;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5seq", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata16";
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ u_char actual[sizeof(EXPECTED_DIGEST) - 1];
+ struct key sk;
+
+ sk.next = NULL;
+ sk.key_id = 10;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ TEST_ASSERT_EQUAL(sizeof(actual),
+ make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,
+ sizeof(actual)));
+
+ TEST_ASSERT_EQUAL_HEX8_ARRAY(EXPECTED_DIGEST, actual, sizeof(actual));
+#else
- TEST_ASSERT_EQUAL(MD5_LENGTH,
- make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
- TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);
+#endif /* OPENSSL */
}
sha1.typei = keytype_from_text(sha1.typen, NULL);
TEST_ASSERT_EQUAL(SHA1_LENGTH,
- make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual));
+ make_mac(PKT_DATA, PKT_LEN, &sha1, actual,
+ SHA1_LENGTH));
TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH);
memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1);
TEST_ASSERT_EQUAL(CMAC_LENGTH,
- make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual));
+ make_mac(PKT_DATA, PKT_LEN, &cmac, actual, CMAC_LENGTH));
TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH);
void
-test_VerifyCorrectMD5(void)
+test_VerifySHAKE128(void)
{
- const char* PKT_DATA =
- "sometestdata" /* Data */
- "\0\0\0\0" /* Key-ID (unused) */
- "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */
- "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac";
- const int PKT_LEN = 12;
- struct key md5;
+#ifdef OPENSSL
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata16";
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;
+ struct key sk;
+ u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)
+ + DIGEST_LEN];
+ u_char *p;
+
+ sk.next = NULL;
+ sk.key_id = 0;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ p = PKT_DATA;
+ memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;
+ memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);
+ memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;
+ TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);
+
+ TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));
+#else
- md5.next = NULL;
- md5.key_id = 0;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5key", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
- TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
+#endif /* OPENSSL */
}
void
test_VerifyFailure(void)
{
- /* We use a copy of the MD5 verification code, but modify the
- * last bit to make sure verification fails.
+ /*
+ * We use a copy of test_VerifySHAKE128(), but modify the
+ * last packet octet to make sure verification fails.
*/
- const char* PKT_DATA =
- "sometestdata" /* Data */
- "\0\0\0\0" /* Key-ID (unused) */
- "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */
- "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */
- const int PKT_LEN = 12;
- struct key md5;
+#ifdef OPENSSL
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata1_";
+ /* last packet byte different */
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1;
+ struct key sk;
+ u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id)
+ + DIGEST_LEN];
+ u_char *p;
+
+ sk.next = NULL;
+ sk.key_id = 0;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ p = PKT_DATA;
+ memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN;
+ memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id);
+ memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN;
+ TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA);
+
+ TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk));
+#else
- md5.next = NULL;
- md5.key_id = 0;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5key", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
- TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
+#endif /* OPENSSL */
}
void
test_PacketSizeNotMultipleOfFourBytes(void)
{
- const char* PKT_DATA = "123456";
- const int PKT_LEN = 6;
- char actual[MD5_LENGTH];
- struct key md5;
-
- md5.next = NULL;
- md5.key_id = 10;
- md5.key_len = 6;
- memcpy(&md5.key_seq, "md5seq", md5.key_len);
- strlcpy(md5.typen, "MD5", sizeof(md5.typen));
- md5.typei = keytype_from_text(md5.typen, NULL);
-
- TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual));
+ /*
+ * We use a copy of test_MakeSHAKE128Mac(), but modify
+ * the packet length to 17.
+ */
+#ifdef OPENSSL
+
+ const char KEY[] = "SHAKE128 unit test key";
+ const u_char PAYLOAD[] = "packettestdata_17";
+ const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1;
+ const u_char EXPECTED_DIGEST[] =
+ "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6"
+ "\x73\x62\x68\x8D\x11\xB8\x42\xBB";
+ u_char actual[sizeof(EXPECTED_DIGEST) - 1];
+ struct key sk;
+
+ sk.next = NULL;
+ sk.key_id = 10;
+ sk.key_len = sizeof(KEY) - 1;
+ memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len));
+ strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen));
+ sk.typei = keytype_from_text(sk.typen, NULL);
+
+ TEST_ASSERT_EQUAL(0,
+ make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual,
+ sizeof(actual)));
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
+
+#endif /* OPENSSL */
}
void
test_GenerateAuthenticatedPacket(void)
{
- static const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_MD5_LEN;
-
+#ifdef OPENSSL
+
+ const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_SHAKE128_LEN;
+
struct key testkey;
struct pkt testpkt;
struct timeval xmt;
l_fp expected_xmt, actual_xmt;
- char expected_mac[MAX_MD5_LEN];
-
+ const char key[] = "123456789";
+ size_t mac_sz;
+ const u_char expected_mac[] = {
+ 0x46, 0x79, 0x81, 0x6b,
+ 0x22, 0xe3, 0xa7, 0xaf,
+ 0x1d, 0x63, 0x20, 0xfb,
+ 0xc7, 0xd6, 0x87, 0x2c
+ };
+
testkey.next = NULL;
testkey.key_id = 30;
- testkey.key_len = 9;
- memcpy(testkey.key_seq, "123456789", testkey.key_len);
- strlcpy(testkey.typen, "MD5", sizeof(testkey.typen));
+ strlcpy(testkey.key_seq, key, sizeof(testkey.key_seq));
+ testkey.key_len = strlen(testkey.key_seq);
+ strlcpy(testkey.typen, "SHAKE128", sizeof(testkey.typen));
testkey.typei = keytype_from_text(testkey.typen, NULL);
- GETTIMEOFDAY(&xmt, NULL);
- xmt.tv_sec += JAN_1970;
+ xmt.tv_sec = JAN_1970;
+ xmt.tv_usec = 0;
TEST_ASSERT_EQUAL(EXPECTED_PKTLEN,
- generate_pkt(&testpkt, &xmt, testkey.key_id, &testkey));
+ generate_pkt(&testpkt, &xmt, testkey.key_id,
+ &testkey));
TEST_ASSERT_EQUAL(LEAP_NOTINSYNC, PKT_LEAP(testpkt.li_vn_mode));
TEST_ASSERT_EQUAL(NTP_VERSION, PKT_VERSION(testpkt.li_vn_mode));
TEST_ASSERT_TRUE(LfpEquality(expected_xmt, actual_xmt));
TEST_ASSERT_EQUAL(testkey.key_id, ntohl(testpkt.exten[0]));
-
- TEST_ASSERT_EQUAL(MAX_MD5_LEN - 4, /* Remove the key_id, only keep the mac. */
- make_mac(&testpkt, LEN_PKT_NOMAC, MAX_MD5_LEN-4, &testkey, expected_mac));
- TEST_ASSERT_EQUAL_MEMORY(expected_mac, (char*)&testpkt.exten[1], MAX_MD5_LEN -4);
+
+ TEST_ASSERT_EQUAL(sizeof(expected_mac), SHAKE128_LENGTH);
+ mac_sz = make_mac(&testpkt, LEN_PKT_NOMAC, &testkey,
+ &testpkt.exten[1], MAX_MDG_LEN);
+ TEST_ASSERT_EQUAL(mac_sz, SHAKE128_LENGTH);
+
+ TEST_ASSERT_EQUAL_MEMORY(expected_mac, (void *)&testpkt.exten[1],
+ SHAKE128_LENGTH);
+
+#else /* !OPENSSL follows */
+
+ TEST_IGNORE_MESSAGE("OpenSSL not found, skipping...");
+
+#endif
}
rpkt.precision = -1;
rpkt.rootdelay = HTONS_FP(DTOUFP(0.5));
rpkt.rootdisp = HTONS_FP(DTOUFP(0.5));
-
+
/* Synch Distance is (0.5+0.5)/2.0, or 0.5 */
get_systime(&reftime);
HTONL_FP(&reftime, &rpkt.reftime);
void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq);
-void PrepareAuthenticationTestMD5(int key_id,int key_len,const void* key_seq);
void setUp(void);
void tearDown(void);
void test_TooShortLength(void);
void test_AcceptNoSentPacketBroadcastMode(void);
void test_CorrectUnauthenticatedPacket(void);
void test_CorrectAuthenticatedPacketMD5(void);
+void test_CorrectAuthenticatedPacketSHAKE128(void);
void test_CorrectAuthenticatedPacketSHA1(void);
void test_CorrectAuthenticatedPacketCMAC(void);
/* [Bug 2998] There are some issues whith the definition of 'struct pkt'
* when AUTOKEY is undefined -- the formal struct is too small to hold
* all the extension fields that are going to be tested. We have to make
- * sure we have the extra bytes, or the test yield undefined results due
- * to buffer overrun.
+ * sure we have the extra bytes, or the test yields undefined results due
+ * to buffer overrun.
*/
#ifndef AUTOKEY
# define EXTRA_BUFSIZE 256
union tpkt {
struct pkt p;
u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE];
-};
+};
static union tpkt testpkt;
static union tpkt testspkt;
)
{
char str[25];
- snprintf(str, 25, "%d", key_id);
+
+ snprintf(str, sizeof(str), "%d", key_id);
ActivateOption("-a", str);
key_cnt = 1;
- key_ptr = emalloc(sizeof(struct key));
+ if (NULL == key_ptr) {
+ key_ptr = emalloc(sizeof(*key_ptr));
+ }
key_ptr->next = NULL;
key_ptr->key_id = key_id;
key_ptr->key_len = key_len;
- memcpy(key_ptr->typen, type, strlen(type) + 1);
+ strncpy(key_ptr->typen, type, sizeof(key_ptr->typen));
TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));
- memcpy(key_ptr->key_seq, key_seq, key_ptr->key_len);
+ memcpy(key_ptr->key_seq, key_seq,
+ min(key_len, sizeof(key_ptr->key_seq)));
restoreKeyDb = true;
}
-void
-PrepareAuthenticationTestMD5(
- int key_id,
- int key_len,
- const void * key_seq
- )
-{
- PrepareAuthenticationTest(key_id, key_len, "MD5", key_seq);
-}
-
-
void
setUp(void)
{
* so they contain at least some valid data.
*/
testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION,
- MODE_SERVER);
+ MODE_SERVER);
testpkt.p.stratum = STRATUM_REFCLOCK;
memcpy(&testpkt.p.refid, "GPS\0", 4);
void
tearDown(void)
-{
+{
if (restoreKeyDb) {
key_cnt = 0;
free(key_ptr);
* still...
*/
uint32_t * pe = testpkt.p.exten + 7;
-
+
/* The lower 16-bits are the length of the extension field.
* This lengths must be multiples of 4 bytes, which gives
* a minimum of 4 byte extension field length.
void
test_AuthenticatedPacketInvalid(void)
{
+#ifdef OPENSSL
+ size_t pkt_len = LEN_PKT_NOMAC;
+ size_t mac_len;
+
/* Activate authentication option */
- PrepareAuthenticationTestMD5(50, 9, "123456789");
+ PrepareAuthenticationTest(50, 9, "SHAKE128", "123456789");
TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
-
- /* Prepare the packet. */
- int pkt_len = LEN_PKT_NOMAC;
+ /* Prepare the packet. */
testpkt.p.exten[0] = htonl(50);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MDG_LEN);
- pkt_len += 4 + mac_len;
+ pkt_len += KEY_MAC_LEN + mac_len;
/* Now, alter the MAC so it becomes invalid. */
testpkt.p.exten[1] += 1;
TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
void
test_AuthenticatedPacketUnknownKey(void)
{
+#ifdef OPENSSL
+ size_t pkt_len = LEN_PKT_NOMAC;
+ size_t mac_len;
+
/* Activate authentication option */
- PrepareAuthenticationTestMD5(30, 9, "123456789");
+ PrepareAuthenticationTest(30, 9, "SHAKE128", "123456789");
TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
-
+
/* Prepare the packet. Note that the Key-ID expected is 30, but
* the packet has a key id of 50.
*/
- int pkt_len = LEN_PKT_NOMAC;
-
testpkt.p.exten[0] = htonl(50);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MDG_LEN);
pkt_len += KEY_MAC_LEN + mac_len;
TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION);
int pkt_len = LEN_PKT_NOMAC;
-
+
TEST_ASSERT_EQUAL(SERVER_UNUSEABLE,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
void
test_CorrectAuthenticatedPacketMD5(void)
{
- PrepareAuthenticationTestMD5(10, 15, "123456789abcdef");
+#ifdef OPENSSL
+
+ keyid_t k_id = 10;
+ int pkt_len = LEN_PKT_NOMAC;
+ int mac_len;
+
+ PrepareAuthenticationTest(k_id, 15, "MD5", "123456789abcdef");
TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
+ /* Prepare the packet. */
+ testpkt.p.exten[0] = htonl(k_id);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MDG_LEN);
+
+ /* TODO: Should not expect failure if non-FIPS OpenSSL */
+ TEST_EXPECT_FAIL_MESSAGE("FIPS OpenSSL bars MD5");
+
+ pkt_len += KEY_MAC_LEN + mac_len;
+
+ TEST_ASSERT_EQUAL(pkt_len,
+ process_pkt(&testpkt.p, &testsock, pkt_len,
+ MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
+}
+
+
+void
+test_CorrectAuthenticatedPacketSHAKE128(void)
+{
+#ifdef OPENSSL
+
+ keyid_t k_id = 10;
int pkt_len = LEN_PKT_NOMAC;
+ int mac_len;
+
+ PrepareAuthenticationTest(k_id, 15, "SHAKE128", "123456789abcdef");
+ TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
/* Prepare the packet. */
- testpkt.p.exten[0] = htonl(10);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MD5_LEN - KEY_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ testpkt.p.exten[0] = htonl(k_id);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1],
+ SHAKE128_LENGTH);
pkt_len += KEY_MAC_LEN + mac_len;
TEST_ASSERT_EQUAL(pkt_len,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
void
test_CorrectAuthenticatedPacketSHA1(void)
{
- PrepareAuthenticationTest(20, 15, "SHA1", "abcdefghijklmno");
- TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
+#ifdef OPENSSL
+ keyid_t k_id = 20;
int pkt_len = LEN_PKT_NOMAC;
+ int mac_len;
+
+ PrepareAuthenticationTest(k_id, 15, "SHA1", "abcdefghijklmno");
+ TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION));
/* Prepare the packet. */
- testpkt.p.exten[0] = htonl(20);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MDG_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ testpkt.p.exten[0] = htonl(k_id);
+ mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1],
+ SHA1_LENGTH);
pkt_len += KEY_MAC_LEN + mac_len;
TEST_ASSERT_EQUAL(pkt_len,
process_pkt(&testpkt.p, &testsock, pkt_len,
MODE_SERVER, &testspkt.p, "UnitTest"));
+
+#else
+
+ TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping...");
+
+#endif
}
/* Prepare the packet. */
testpkt.p.exten[0] = htonl(30);
- int mac_len = make_mac(&testpkt.p, pkt_len,
- MAX_MAC_LEN, key_ptr,
- &testpkt.p.exten[1]);
+ int mac_len = make_mac(&testpkt.p, pkt_len, key_ptr,
+ &testpkt.p.exten[1], MAX_MAC_LEN);
pkt_len += 4 + mac_len;
MODE_SERVER, &testspkt.p, "UnitTest"));
#else
-
+
TEST_IGNORE_MESSAGE("CMAC not enabled, skipping...");
-
+
#endif /* OPENSSL */
}
//=======External Functions This Runner Calls=====
extern void setUp(void);
extern void tearDown(void);
-extern void test_MakeMd5Mac(void);
+extern void test_MakeSHAKE128Mac(void);
extern void test_MakeSHA1Mac(void);
extern void test_MakeCMac(void);
-extern void test_VerifyCorrectMD5(void);
+extern void test_VerifySHAKE128(void);
extern void test_VerifySHA1(void);
extern void test_VerifyCMAC(void);
extern void test_VerifyFailure(void);
progname = argv[0];
suite_setup();
UnityBegin("crypto.c");
- RUN_TEST(test_MakeMd5Mac, 15);
- RUN_TEST(test_MakeSHA1Mac, 16);
- RUN_TEST(test_MakeCMac, 17);
- RUN_TEST(test_VerifyCorrectMD5, 18);
- RUN_TEST(test_VerifySHA1, 19);
- RUN_TEST(test_VerifyCMAC, 20);
- RUN_TEST(test_VerifyFailure, 21);
- RUN_TEST(test_PacketSizeNotMultipleOfFourBytes, 22);
+ RUN_TEST(test_MakeSHAKE128Mac, 14);
+ RUN_TEST(test_MakeSHA1Mac, 15);
+ RUN_TEST(test_MakeCMac, 16);
+ RUN_TEST(test_VerifySHAKE128, 17);
+ RUN_TEST(test_VerifySHA1, 18);
+ RUN_TEST(test_VerifyCMAC, 19);
+ RUN_TEST(test_VerifyFailure, 20);
+ RUN_TEST(test_PacketSizeNotMultipleOfFourBytes, 21);
return (UnityEnd());
}
extern void test_AcceptNoSentPacketBroadcastMode(void);
extern void test_CorrectUnauthenticatedPacket(void);
extern void test_CorrectAuthenticatedPacketMD5(void);
+extern void test_CorrectAuthenticatedPacketSHAKE128(void);
extern void test_CorrectAuthenticatedPacketSHA1(void);
extern void test_CorrectAuthenticatedPacketCMAC(void);
progname = argv[0];
suite_setup();
UnityBegin("packetProcessing.c");
- RUN_TEST(test_TooShortLength, 21);
- RUN_TEST(test_LengthNotMultipleOfFour, 22);
- RUN_TEST(test_TooShortExtensionFieldLength, 23);
- RUN_TEST(test_UnauthenticatedPacketReject, 24);
- RUN_TEST(test_CryptoNAKPacketReject, 25);
- RUN_TEST(test_AuthenticatedPacketInvalid, 26);
- RUN_TEST(test_AuthenticatedPacketUnknownKey, 27);
- RUN_TEST(test_ServerVersionTooOld, 28);
- RUN_TEST(test_ServerVersionTooNew, 29);
- RUN_TEST(test_NonWantedMode, 30);
- RUN_TEST(test_KoDRate, 31);
- RUN_TEST(test_KoDDeny, 32);
- RUN_TEST(test_RejectUnsyncedServer, 33);
- RUN_TEST(test_RejectWrongResponseServerMode, 34);
- RUN_TEST(test_AcceptNoSentPacketBroadcastMode, 35);
- RUN_TEST(test_CorrectUnauthenticatedPacket, 36);
- RUN_TEST(test_CorrectAuthenticatedPacketMD5, 37);
+ RUN_TEST(test_TooShortLength, 20);
+ RUN_TEST(test_LengthNotMultipleOfFour, 21);
+ RUN_TEST(test_TooShortExtensionFieldLength, 22);
+ RUN_TEST(test_UnauthenticatedPacketReject, 23);
+ RUN_TEST(test_CryptoNAKPacketReject, 24);
+ RUN_TEST(test_AuthenticatedPacketInvalid, 25);
+ RUN_TEST(test_AuthenticatedPacketUnknownKey, 26);
+ RUN_TEST(test_ServerVersionTooOld, 27);
+ RUN_TEST(test_ServerVersionTooNew, 28);
+ RUN_TEST(test_NonWantedMode, 29);
+ RUN_TEST(test_KoDRate, 30);
+ RUN_TEST(test_KoDDeny, 31);
+ RUN_TEST(test_RejectUnsyncedServer, 32);
+ RUN_TEST(test_RejectWrongResponseServerMode, 33);
+ RUN_TEST(test_AcceptNoSentPacketBroadcastMode, 34);
+ RUN_TEST(test_CorrectUnauthenticatedPacket, 35);
+ RUN_TEST(test_CorrectAuthenticatedPacketMD5, 36);
+ RUN_TEST(test_CorrectAuthenticatedPacketSHAKE128, 37);
RUN_TEST(test_CorrectAuthenticatedPacketSHA1, 38);
RUN_TEST(test_CorrectAuthenticatedPacketCMAC, 39);
const UNITY_FLOAT_TRAIT_T style);
#endif
+void UnityExpectFailMessage(const char* msg,
+ const UNITY_LINE_TYPE line);
+
//-------------------------------------------------------
// Error Strings We Might Need
//-------------------------------------------------------
//End of UNITY_INTERNALS_H
#endif
-//#define TEST_EXPECT_FAIL() Unity.isExpectingFail = 1;
-//#define TEST_EXPECT_FAIL_MESSAGE(message) Unity.isExpectingFail = 1; Unity.XFAILMessage = message; //PROBLEM : does this work on all compilers?
+// Not part of standard distribution
-#define TEST_EXPECT_FAIL() UnityExpectFail();
-#define TEST_EXPECT_FAIL_MESSAGE(message) UnityExpectFailMessage( (message) );
+#define TEST_EXPECT_FAIL() UnityExpectFail();
+#define TEST_EXPECT_FAIL_MESSAGE(message) UnityExpectFailMessage((message), __LINE__);
#include "ntp.h"
#include "ntp_stdlib.h"
-u_long current_time = 4;
-
/*
- * Example packet with MD5 hash calculated manually.
+ * Example packet with SHA1 hash calculated manually:
+ * echo -n abcdefghijklmnopqrstuvwx | openssl sha1 -
*/
-const int keytype = KEY_TYPE_MD5;
-const u_char *key = (const u_char*)"abcdefgh";
-const u_short keyLength = 8;
-const u_char *packet = (const u_char*)"ijklmnopqrstuvwx";
-#define packetLength 16
-#define keyIdLength 4
-#define digestLength 16
-#define totalLength (packetLength + keyIdLength + digestLength)
+#ifdef OPENSSL
+const keyid_t keyId = 42;
+const int keytype = NID_sha1;
+const u_char key[] = "abcdefgh";
+const size_t keyLength = sizeof(key) - 1;
+const u_char payload[] = "ijklmnopqrstuvwx";
+#define payloadLength (sizeof(payload) - 1)
+#define keyIdLength (sizeof(keyid_t))
+#define digestLength SHA1_LENGTH
+#define packetLength (payloadLength + keyIdLength + digestLength)
union {
- u_char u8 [totalLength];
+ u_char u8 [packetLength];
uint32_t u32[1];
-} expectedPacket = {
- "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x53"
+} expectedPacket =
+{
+ {
+ 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
+ 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
+ 0x00, 0x00, 0x00, 0x00,
+ 0xd7, 0x17, 0xe2, 0x2e,
+ 0x16, 0x59, 0x30, 0x5f,
+ 0xad, 0x6e, 0xf0, 0x88,
+ 0x64, 0x92, 0x3d, 0xb6,
+ 0x4a, 0xba, 0x9c, 0x08
+ }
};
union {
- u_char u8 [totalLength];
+ u_char u8 [packetLength];
uint32_t u32[1];
-} invalidPacket = {
- "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54"
-};
+} invalidPacket =
+{
+ {
+ 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
+ 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
+ 0x00, 0x00, 0x00, 0x00,
+ 0xd7, 0x17, 0xe2, 0x2e,
+ 0x16, 0x59, 0x30, 0x5f,
+ 0xad, 0x6e, 0xf0, 0x88,
+ 0x64, 0x92, 0x3d, 0xb6,
+ 0x4a, 0xba, 0x9c, 0xff
+ }
+}; /* same as expectedPacket but with last octet modified */
+#endif /* OPENSSL */
-static const keyid_t keyId = 42;
+u_long current_time = 4;
void test_Encrypt(void);
void test_DecryptValid(void);
void
-test_Encrypt(void) {
+test_Encrypt(void)
+{
+#ifndef OPENSSL
+ TEST_IGNORE_MESSAGE("non-SSL build");
+#else
u_int32 *packetPtr;
- int length;
+ size_t length;
- packetPtr = emalloc_zero(totalLength * sizeof(*packetPtr));
- memcpy(packetPtr, packet, packetLength);
+ packetPtr = emalloc_zero(packetLength);
+ memcpy(packetPtr, payload, payloadLength);
- length = MD5authencrypt(keytype, key, keyLength, packetPtr, packetLength);
+ length = MD5authencrypt(keytype, key, keyLength,
+ packetPtr, payloadLength);
- TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr, packetLength, length, keyId));
+ TEST_ASSERT_EQUAL(MAX_SHA1_LEN, length);
- TEST_ASSERT_EQUAL(20, length);
- TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, totalLength);
+ TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr,
+ payloadLength, MAX_SHA1_LEN, keyId));
+ TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, packetLength);
free(packetPtr);
+#endif /* OPENSSL */
}
void
-test_DecryptValid(void) {
- TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, expectedPacket.u32, packetLength, 20, keyId));
+test_DecryptValid(void)
+{
+#ifndef OPENSSL
+ TEST_IGNORE_MESSAGE("non-SSL build");
+#else
+ TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength,
+ expectedPacket.u32, payloadLength,
+ MAX_SHA1_LEN, keyId));
+#endif /* OPENSSL */
}
void
-test_DecryptInvalid(void) {
- TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength, invalidPacket.u32, packetLength, 20, keyId));
+test_DecryptInvalid(void)
+{
+#ifndef OPENSSL
+ TEST_IGNORE_MESSAGE("non-SSL build");
+#else
+ TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength,
+ invalidPacket.u32, payloadLength,
+ MAX_SHA1_LEN, keyId));
+#endif /* OPENSSL */
}
void
-test_IPv4AddressToRefId(void) {
+test_IPv4AddressToRefId(void)
+{
sockaddr_u addr;
u_int32 addr4n;
authtrust((key), 1); \
\
res_sz = authencrypt((key), pkt, pkt_sz); \
- if (KEY_MAC_LEN == res_sz) { \
+ if (0 == res_sz) { \
TEST_IGNORE_MESSAGE("Likely OpenSSL 3 failed digest " \
"init."); \
return; \
progname = argv[0];
suite_setup();
UnityBegin("a_md5encrypt.c");
- RUN_TEST(test_Encrypt, 41);
- RUN_TEST(test_DecryptValid, 42);
- RUN_TEST(test_DecryptInvalid, 43);
- RUN_TEST(test_IPv4AddressToRefId, 44);
- RUN_TEST(test_IPv6AddressToRefId, 45);
+ RUN_TEST(test_Encrypt, 63);
+ RUN_TEST(test_DecryptValid, 64);
+ RUN_TEST(test_DecryptInvalid, 65);
+ RUN_TEST(test_IPv4AddressToRefId, 66);
+ RUN_TEST(test_IPv6AddressToRefId, 67);
return (UnityEnd());
}
RUN_TEST(test_Digest_SHA1, 314);
RUN_TEST(test_Digest_SHAKE128, 353);
RUN_TEST(test_Digest_DSA, 390);
- RUN_TEST(test_Digest_DSA_SHA, 419);
- RUN_TEST(test_Digest_SHA, 448);
+ RUN_TEST(test_Digest_DSA_SHA, 429);
+ RUN_TEST(test_Digest_SHA, 468);
return (UnityEnd());
}
progname = argv[0];
suite_setup();
UnityBegin("ssl_init.c");
- RUN_TEST(test_MD5KeyTypeWithoutDigestLength, 20);
- RUN_TEST(test_MD5KeyTypeWithDigestLength, 21);
- RUN_TEST(test_SHA1KeyTypeWithDigestLength, 22);
- RUN_TEST(test_CMACKeyTypeWithDigestLength, 23);
- RUN_TEST(test_MD5KeyName, 24);
- RUN_TEST(test_SHA1KeyName, 25);
- RUN_TEST(test_CMACKeyName, 26);
+ RUN_TEST(test_MD5KeyTypeWithoutDigestLength, 16);
+ RUN_TEST(test_MD5KeyTypeWithDigestLength, 17);
+ RUN_TEST(test_SHA1KeyTypeWithDigestLength, 18);
+ RUN_TEST(test_CMACKeyTypeWithDigestLength, 19);
+ RUN_TEST(test_MD5KeyName, 20);
+ RUN_TEST(test_SHA1KeyName, 21);
+ RUN_TEST(test_CMACKeyName, 22);
return (UnityEnd());
}
#include "unity.h"
-static const size_t TEST_MD5_DIGEST_LENGTH = 16;
-static const size_t TEST_SHA1_DIGEST_LENGTH = 20;
-static const size_t TEST_CMAC_DIGEST_LENGTH = 16;
-
void test_MD5KeyTypeWithoutDigestLength(void);
void test_MD5KeyTypeWithDigestLength(void);
void test_SHA1KeyTypeWithDigestLength(void);
void
test_MD5KeyTypeWithDigestLength(void) {
size_t digestLength;
- size_t expected = TEST_MD5_DIGEST_LENGTH;
+ size_t expected = MD5_LENGTH;
TEST_ASSERT_EQUAL(KEY_TYPE_MD5, keytype_from_text("MD5", &digestLength));
TEST_ASSERT_EQUAL(expected, digestLength);
test_SHA1KeyTypeWithDigestLength(void) {
#ifdef OPENSSL
size_t digestLength;
- size_t expected = TEST_SHA1_DIGEST_LENGTH;
+ size_t expected = SHA1_LENGTH;
TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength));
TEST_ASSERT_EQUAL(expected, digestLength);
test_CMACKeyTypeWithDigestLength(void) {
#if defined(OPENSSL) && defined(ENABLE_CMAC)
size_t digestLength;
- size_t expected = TEST_CMAC_DIGEST_LENGTH;
+ size_t expected = CMAC_LENGTH;
TEST_ASSERT_EQUAL(NID_cmac, keytype_from_text(CMAC, &digestLength));
TEST_ASSERT_EQUAL(expected, digestLength);
--- /dev/null
+/* lsf-times.c stub */
projects / thirdparty / ntp.git / commitdiff
